TEL AVIV, Israel, Oct. 24, 2022
/PRNewswire/ — Scribe Security announced today the launch of its
unique evidence-based security trust hub, offering for the first time
true end-to-end software supply chain security.
In recent years, software supply chains — both open-source and
proprietary CI/CD pipelines — have become more attack-prone than ever
before. In 2022, Gartner listed digital supply chains as a top trend to
watch and a major rising attack surface. That puts the integrity of
organizations’ code, customers, and brand reputation at risk. Even one
bad software component or a security gap in the CI/CD that may lead to
malicious access to the development environment can be enough.
Security professionals, software engineers, and DevOps teams are
challenged with building transparent, evidence-based trust in the
software they use or deliver. Scribe Security took the lead and became
the first vendor to introduce the concept of one, consolidated hub for
security evidence for software products, launching a friendly and
easy-to-use platform.
Unlike other software supply chain security solutions, Scribe’s
evidence-based security hub supports a workflow for sharing software bill of materials (SBOMs), along
with other security aspects of software, across or within enterprises,
making software products’ security transparent to customers, buyers, and
security teams.
“SBOM is a best practice that is expected to become widely
required and used to mitigate software supply chain risks. With that in
mind, we decided to be the pioneers and launch a simple-to-use platform
that serves as a hub for a plethora of security evidence for software
products,” said Rubi Arbel, Scribe Security Co-founder, and CEO.
“Scribe’s platform offers a complete self-serve experience. It is easy
to implement and use, as it is plugin and CLI-based. And finally, you
can start with a freemium, no strings attached.”
Scribe continuously attests to the software’s trustworthiness, so stakeholders can:
- Ensure a secure development process
- Build and enforce SDLC processes
- Validate that the code is tamper-free
- Gauge compliance to software supply chain standards such as SSDF and SLSA
“Validating software integrity is challenging,” said Danny Nebenzahl, Scribe Security Co-founder, and CTO.
“Today, we introduce to the market a novel technology that offers a
holistic solution for continuous and evidence-based assurance of
software components and artifacts as well as CI/CD processes. We make
sure that the entire software supply chain is not tampered with. With
the Scribe platform, teams can generate, manage and share SBOMs,
validate integrity, and track vulnerabilities of their containers,
dependencies, and pipelines.”
Scribe platform key features:
- Automatically generate, and manage SBOMs and security insights
- Validate the code integrity and provenance
- Track vulnerabilities in the containers, dependencies, and pipelines
- Detect code tampering
- Continuously demonstrate compliance with supply chain regulations and best practices
- Selectively share all this, in a controlled manner, with stakeholders internally across organizations
About Scribe Security
Scribe Security was
founded by cyber security and cryptography veterans on a mission to
build and provide innovative end-to-end software supply chain security
solutions.
We applied our expertise to create a novel platform that leverages
leading concepts and frameworks to deliver uncompromising security to
code artifacts, from production to delivery throughout the entire
software lifecycle. For more information: https://scribesecurity.com/
SOURCE: Scribe Security
