Leading financial institutions secure DevOps using Codenotary Cloud


HOUSTON–(BUSINESS WIRE)–Codenotary, a leader in software supply chain security, today announced that two of the top three banks in the United States and Europe have chosen Codenotary Cloud to secure their DevOps deployments and supply chain. software supply. Codenotary Cloud enables customers to comply with the Software Artifact Supply Chain Tiers Framework (SLSA).

Both of these banks have annual revenues of over $70 billion and rely on numerous software projects developed by globally distributed teams using continuous integration/continuous development (CI/CD) on both site and in the cloud. Both banks retain a legacy codebase while increasingly moving towards a cloud-native model. Codenotary Cloud provides them with code signing, provenance tracking, and management of code deployments with traceability from source code to runtime and vice versa, if needed. In total, more than 35,000 developers run up to 100,000 software releases per day. Codenotary Cloud is capable of handling the massive scale of these two banks’ DevOps deployments, which requires processing billions of artifacts each month and reliability measuring 99.99% uptime.

“Even before the recent wave of supply chain attacks, we developed a comprehensive DevOps and security strategy for our enterprise-wide digital transformation,” said a chief executive of a major bank. American investment. “Codenotary Cloud helps us achieve our goal of delivering secure, tamper-proof applications while maintaining provenance from source to production. The ability to search all of our dependencies in real time makes the product invaluable to our risk management and security compliance processes.

Codenotary Cloud provides the ability to catalog and trust components of the software development lifecycle that help attest to the origin and security of code. The company further enhances this core capability by providing an additional tamper-proof layer that processes and stores millions of transactions per second, on-premises or as a cloud service, and with cryptographic verification. It provides a way for developers to attach a software bill of materials (SBOM) for development artifacts that include source code, builds, repositories, etc., as well as Docker and Kubernetes container images for their software.

“Codenotary Cloud is uniquely able to bring trust and integrity to enterprise development organizations,” said Moshe Bar, Co-Founder and CEO of Codenotary. “Our technology enables customers to secure every aspect of their pipeline, from source to deployment, as well as at runtime. Codenotary Cloud helps provide observability of what is running, where it is in the stack, what vulnerabilities lurk underneath, and most importantly, who is responsible for that code. All this data is also available for consultation.

To learn more and for a free trial of Codenotary Cloud, go here.

About Codenotaire

With over 130 customers, including the three largest banks in the US and Europe, Codenotary brings easy-to-use trust and integrity into the software lifecycle by providing end-to-end cryptographically verifiable tracking and provenance. for all artifacts, actions and dependencies. Codenotary can be configured in minutes and can be fully integrated into modern CI/CD platforms. It is the only immutable, customer-verifiable solution capable of processing millions of transactions per second. With Codenotary’s tamper-proof BOM, users can instantly identify untrusted components in their software releases. For more information, visit https://www.codenotary.com.

Previous Financial Controls and Compliance Coordinator
Next 2-Day Virtual Seminar on Verification and Validation - Product, Equipment/Process, Software and QMS (June 27-28, 2022)