Scribe Integrity helps developers authenticate open-source and proprietary source code

Scribe Security released Scribe Integrity, a code integrity validator that authenticates open-source and proprietary source code, and an integral building block of its platform solving the software supply chain security challenge.

Scribe Integrity provides developers with an added layer of visibility, allowing developers peace of mind that the code they are using is safe. Scribe is simultaneously introducing its open-source Github security project, GitGat.

In 2021, software supply chain (SSC) attacks more than tripled, with recent attacks on SolarWinds, CodeCov, and Log4Shell underscoring the growing risk of such attacks to enterprises.

DevSecOps and security teams often focus on software vulnerabilities, overlooking the risk of tampering with software in the build process. Scribe bridges this gap in a practical manner by providing a convenient work tool that automatically reports integrity validation within a trusted software bill of materials SBOM.

Scribe leverages the principle of ‘hash everything, sign everything’, utilizing open-source intelligence that it collects on open-source dependencies. In this first release, Scribe’s solution addresses the widely used Node.js and the popular npm package manager, which have recently suffered from a multitude of attacks.

Scribe’s additional release, GitGat, is a Policy-as-Code tool, utilizing Open Policy Agent (OPA), an open source project, that addresses users’ security posture. GitGat allows users to periodically run reports to gain insight into the changing security landscape of the organization. As GitGat evolves, it will cover more parts of the CI / CD toolchains.

“As software supply chains are an overlooked corner of the cyber world, they have become an increasingly attractive attack vector for hackers,” said Scribe CEO and Co-founder Rubi Arbel. “We are excited to be introducing a developer-first, practical tool that will give DevSecOps and security practitioners the assurance they need to trust the software they build and use.”

Source

Scribe Security released Scribe Integrity, a code integrity validator that authenticates open-source and proprietary source code, and an integral building block of its platform solving the software supply chain security challenge.

Scribe Integrity provides developers with an added layer of visibility, allowing developers peace of mind that the code they are using is safe. Scribe is simultaneously introducing its open-source Github security project, GitGat.

In 2021, software supply chain (SSC) attacks more than tripled, with recent attacks on SolarWinds, CodeCov, and Log4Shell underscoring the growing risk of such attacks to enterprises.

DevSecOps and security teams often focus on software vulnerabilities, overlooking the risk of tampering with software in the build process. Scribe bridges this gap in a practical manner by providing a convenient work tool that automatically reports integrity validation within a trusted software bill of materials SBOM.

Scribe leverages the principle of ‘hash everything, sign everything’, utilizing open-source intelligence that it collects on open-source dependencies. In this first release, Scribe’s solution addresses the widely used Node.js and the popular npm package manager, which have recently suffered from a multitude of attacks.

Scribe’s additional release, GitGat, is a Policy-as-Code tool, utilizing Open Policy Agent (OPA), an open source project, that addresses users’ security posture. GitGat allows users to periodically run reports to gain insight into the changing security landscape of the organization. As GitGat evolves, it will cover more parts of the CI / CD toolchains.

“As software supply chains are an overlooked corner of the cyber world, they have become an increasingly attractive attack vector for hackers,” said Scribe CEO and Co-founder Rubi Arbel. “We are excited to be introducing a developer-first, practical tool that will give DevSecOps and security practitioners the assurance they need to trust the software they build and use.”

Source

More from author

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related posts

Advertismentspot_img

Latest posts

Multiple Vulnerabilities Discovered in Device42 Asset Management Appliance

A series of vulnerabilities on the popular asset management platform Device42 could be exploited to give attackers full root access to the system, according...

Top 5 best backup practices

Give yourself peace of mind by implementing a new backup strategy with our tips....

Indian Power Sector targeted with latest LockBit 3.0 variant

Estimated reading time: 5 minutesAfter the infamous Conti ransomware group was disbanded, its former members began to target the energy and power sectors...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!