SAN FRANCISCO, May 7, 2024 /PRNewswire/ -- TestifySec, a pioneer in securing software supply chains, is thrilled to announce the availability of JUDGE, its software supply chain attestation and compliance platform, in AWS Marketplace, a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on Amazon Web Services (AWS).
JUDGE enables a unified developer and cybersecurity governance experience to mitigate the risk of software supply chain attacks by integrating zero trust principles of observability and verification into software build pipelines. In AWS Marketplace, organizations will have access to the following security tools and capabilities in a configurable package:
- Build pipeline observer - automates the collection of trusted telemetry across input, environment, action, and output to cryptographically verify supply chain metadata (telemetry) via signing that data with a self-managed key, a key from a Key Management Service (KMS), or an identity.
- Certificate Authority (CA) - enable an identity-based signature by authenticating and generating a short-lived key to create a short-lived certificate (only valid for 10 minutes) that then uses that certificate and key to sign the data, thereby removing the entire burden of key management, key rotation, etc.
- Time Stamping Authority (TSA) - provide cryptographic proof that your data was signed while the certificate was valid and verify provenance without relying on an external service, enabling artifact verification across disconnected (air-gapped) environments
- GraphQL data store - ability to manage storage, retrieval, and retention of software build pipeline attestations and trusted telemetry via a GraphQL API to facilitate either ad hoc or deploy-time compliance verification from developer commit to production deployment.
Customers will now have access to TestifySec's software supply chain attestation and compliance platform directly in AWS Marketplace. TestifySec provides customers with the ability to streamline the purchase and management of JUDGE within their AWS account.
"Bringing JUDGE to AWS Marketplace marks a significant milestone in our mission to provide end-to-end security coverage for software pipelines," said Mikhail Swift, CTO, TestifySec. "This strategic move not only extends our reach but also simplifies access for AWS customers to our state-of-the-art security platform, ensuring that software artifacts can securely attest to policy compliance, even in network-restricted environments."
At the core of this are two key open-source components: Witness, a CI/CD pipeline observer that collects trusted telemetry for attestations, and Archivista, a trusted telemetry and attestation storage manager. Originally built and maintained by TestifySec, both open-source tools were donated to Cloud Native Computing Foundation (CNCF) as subprojects underneath the in-toto project.
"Supply chain attestations are the foundation of effective supply chain security and I believe Witness is the most comprehensive solution for generating build attestations," Justin Cormack, CTO, Docker.
Continuous monitoring of software build pipeline trusted telemetry yields a lower residual risk of software supply chain attack by amplifying the Sec in DevSecOps and meets multiple NIST SP 800-53r5 security controls.
The availability of JUDGE in AWS Marketplace builds on TestifySec's commitment to open source and its active participation in software supply chain security communities. By offering JUDGE in AWS Marketplace, TestifySec empowers organizations of all sizes to proactively mitigate risks and fortify their CI/CD pipelines against emerging threats, all while ensuring scalability and flexibility to meet evolving security needs.
To learn more about JUDGE and how it can secure your software supply chain, visit TestifySec's AWS Marketplace Listing or TestifySec's Website.
About TestifySec
TestifySec unifies developers and cybersecurity teams in the fight against software supply chain threats by embedding zero-trust governance principles into build pipelines. With a portfolio of both open-source and commercial products, TestifySec enhances transparency and accountability at each step of software and AI model generation processes, ensuring secure software for all.
Contact Information:
Matt Denny
Director of Marketing and Outreach
[email protected]
SOURCE TestifySec, Inc.
WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?
Newsrooms &
Influencers
Digital Media
Outlets
Journalists
Opted In
Share this article