Blog

vChain's CodeNotary Open Source Software Joins the Cloud Native Foundation

Houston/Amsteram, Jan 23 2020 - vChain's leading digital object notarization platform CodeNotary has officially joined the Cloud Native Foundation to further aid the widespread adoption of trust and integrity for all digtial objects and DevOps processes. CodeNotary's full software stack has been released under the Apache license and is the only truly scalable solution in the market today to…


CodeNotary New Banking Customer Win as Financial Services Continue Strategic Shift to DevSecOps

Houston/Amsterdam - Jan 12, 2020 - vChain Inc. , the industry's leading provider of notarization solutions for digital asset today announced that a leading Swiss banking institution has decided to secure their DevOps environment with CodeNotary  demonstrating CodeNotary significant momentum in the financial services industry.  Customers are voting with their pocketbooks and are validating…


vChain's CodeNotary Processes 9 million Monthly Authentications

vChain's flaghship product CodeNotary has reached a new peak for customer authentications of digital objects with 9 million monthly transactions. CodeNotary became available to customers in April 2019 and grew in only six months to this impressive number of customer transactions. More and more customers now use CodeNotary to add trust and integrity to their Kubernetes environments.


vChain's CodeNotary Releases Support for Kubernetes Notary

vChain's flagship product CodeNotary has today announced the release of Kubernetes Notary. This major new features allows organizations to only run trusted components in their Kubernetes environment.


vChain Announces Banking Customer Acquisition

vChain has closed a sales agreement with a major southern European bank. vChain's CodeNotary product was successfully installed and taken into production for the core banking DevOps environment to secure the process from source code development to Kubernetes deployment in the cloud. In the first week of operations the bank was able to process over 20,000 code and container notarizations.


Protect Yourself from the Recent dockerhub.com Attack

Last week's dockerhub.com attack affects hundreds of thousands of accounts and exposes their containers to malicious code. We at CodeNotary publish open source software too and wanted to make sure our containers were unaffected.  Here’s how we did it: Verify Container Authenticity and Integrity Create a free account on codenotary.io Sign the local copy of your Docker…


Can GPG Secure the Software Industry?

Code signing is important for proving the integrity and authenticity of software but can GPG secure the Software Industry? Digital certificates issued by certificate authorities are generally used to perform this task, but as we know and mentioned in a few blogs, here and here, they have strong limitations, such as: They can be stolen They are coarse granular Identities can be faked with…


Jenkins Build Deployment Pipeline: A How To for Ensuring Integrity

In this blog, we will briefly touch on the importance of DevOps having strong security, current hole in DevOps security aka DevSecOps, Jenkins Automation’s role in the build process, and with a technical walkthrough on how to integrate the vChain CodeNotary tool with your Jenkins build deployment pipeline to ensure its integrity. The Weak Link in DevOps Pipelines DevOps has been widely adopted…


The Failure of the Certificate Revocation List (CRL)

SHAttered: Cracks in Certificate Revocation List Protocols and How to Move Beyond Their Limitations Overview When cybercriminals mask themselves in a cloak of trust utilizing stolen, legitimate credentials in order to infect entities, programs, and code, the world has more often than not turned to utilize a certificate revocation list (CRL). The CRLs cross-reference known legitimate trusted…


Can a Chrome Extension Protect Me from Malware Better Than Google and Digital Certificates Do?

Today, when you look for a well-known application on Google, you are more than likely to find dozens of download links from different websites. Even top-ranking links hide a lot of dangers. The presence of a signing certificate is in fact not enough for trust and so is the source of the download. An increasing amount of malware and malware injected software, signed with a legitimate digital…