Enterprise users now can sign the digital assets their organization produces by creating an organization in the dashboard (below) for their company. New organizational team members can be directly in the dashboard as seen below as well.
Verification of an organization’s digital asset can be done from anywhere globally, both from inside and outside of the organization. This allows for users outside of the signing organization to be sure that the indicated organization did, in fact, sign the digital asset they are seeking to use.
Groups of signers or organizations such as several vendors like microsoft.com, redhat.com, and opvizor.com can be required to have all their signatures approved before a digital asset is okayed to be used. For example, before an asset is allowed to be used internally or passed off to another contractor, signatures from multiple responsible parties, e.g. contractors, auditors, regulators, etc., all need to sign off on an asset first.
More information can be found on our blog here.
kube-notary is the first add-on of the CodeNotary for Kubernetes suite. It acts as a watchdog for users’ Kubernetes environments and continuously monitors clusters at runtime, issuing instant notifications when an unknown, untrusted, or unsupported container image is found running. After deploying the service within a cluster, all pods are continuously checked by matching the hash signature of the running image to the hash that is stored immutably on the blockchain. If the hashes match, trust is verified. Containers are checked and re-verified at regular, user-specified intervals. If any containers are found that are not ‘Trusted’,
kube-notary alerts you instantly.
kube-notary comes with a built-in verification metrics exporter, everything can be easily visualized in a Prometheus time series database using the CodeNotary created Grafana dashboard (screenshot below).
jvcn-maven plugin allows for the verification of dependency integrity during builds. Additionally, the build process can be stopped by the plugin if it encounters a non-trusted dependency.
vcn tool functionality. It is available on NPM here.