File Integrity Monitoring & Change Management

The term “file integrity monitoring” was introduced in 2001 as a security specification as part of the PCI standard. What is file integrity monitoring It basically covers the technology that monitors and detects changes in files that may indicate a cyber attack. File integrity monitoring is a critical security control, that needs to be simple […]

How to trust WeTransfer when sending or receiving files

Most of you have either send or received files and documents using the amazingly simple WeTransfer service. Whenever some digital object is too large for email or chat, people use either cloud storage service (like OneDrive or Dropbox) or services like WeTransfer. It’s free, very convenient and only a browser is required. Sending files or […]

Happy New Year 2020

Happy New Year to all our customers, partners, readers, and friends. Our whole team wishes you a great 2020 full of innovation, fun, and satisfaction. We thank you for your continued support and faithfulness and promise to excite our DevOps and DevSecOps community even more in the next decade. However, before jumping into our new […]

Bug or digitally signed? The weird world of digital certificates!

When working with digital certificates and signing files or executables, its never a simple thing to do. After obtaining a digital certificate you typically need to install software or import .crt files to start signing files, like the DigiCert Certificate Utility. But it can be much easier – let’s digitally sign a file fully automatic […]

Linux: protecting configuration files

No matter if you’re running a linux environment on premise or in a cloud instance using any distribution (i. e. Ubuntu, Centos, RHEL or something else), you want to know if something has been touched. CodeNotary allows you exactly that in the most simple way and the verification counterpart is even stored safely outside of […]

Use GitHub Actions for validated builds

GitHub Actions provide a very simple way for GitOps pipelines as you don’t need an additional CI/CD tool. You could simply create or use an existing GitHub actions and configure it to run whenever a specific branch is updated. You can make sure, that every build (i. e. a container image) can be validated in […]

Fully trusted GitLab Pipeline

As you noticed already, our goal is to make the CodeNotary integration as easy as possible for you. That’s the reason why our blog post series continues with GitLab. So far we covered Jenkins and CircleCI if you want to read them as well. For this blog post we use a GitLab CE installation. This […]

Validated builds using CircleCI

As CircleCI is one of the most popular CI/CD tools in the market, it was no surprise to us that we got plenty of requests lately. Users were noticing the Jenkins integration in our blog posts and we’re wondering how the CircleCI would look like. We listened and here comes the CircleCI integration to produce […]

GitHub Actions go live Nov 13th and so do our Verify actions

GitHub Actions go live on November 13th and we’re in the last 2 weeks of the beta. Being part of the GitHub Actions beta program allowed us to create our CodeNotary commit authentication for the GitHub Actions marketplace. Now its ready and tested and everyone can use for free: GitHub Actions GA free quantities […]