Every build has a story to tell - Tamperproof provenance for your code and CI/CD pipeline
Quickstart here: Code Timestamp
Trusted timestamping is the process of securely keeping track of the creation and modification time of a document. Security here means that no one—not even the owner of the document—should be able to change it once it has been recorded provided that the timestamper's integrity is never compromised.
CodeNotary uses its immutable open source database immudb to provide this service that includes cryptographic verification and immutable data history.
This timestamping service provides full immutability for all data ever written and unique data checksum ever stored including its history. As a trust level comes with the timestamp, you can change your mind over time (unsupport, untrust) without touching the code or binary. As the complete trust and timestamping history is stored for any digital identity (SHA-256 checksum), you can easily create workflows and decision trees in your CI/CD recipes.
There are plenty of different use cases:
- Add a trusted timestamp to code
- Add an immutable timestamp to electronic signatures
- Seal the data integrity and your trust level at a given point in time
- Prove the existence of elecronic data at a specific point in time
- CI/CD integration - notarize all outgoing assets, authenticate all incoming
- Store provenance for you own sources
- Unsupport deprecated versions of your software and run update checks bases on the latest timestamp
- Revoke trust (untrust) at any time without the need to touch your code or binaries
- Trust or remove trust for digital assets and act on the status (within your script or pipeline)
- Simply timestamp files and sources to doublecheck at any time in the future if these are still the same (backup/restore)
Simply request your API key and get started within a minute! This service is free forever and was built using Open Source!
Notarized assets information is stored in a tamperproof ledger with cryptographic verification backed by immudb, the immutable database.
To provide access to our timestamping service a valid API Key is required. If you don't have one yet, simply signup here CodeNotary Timestamp
This API Key is bound to your email address and it's required during vcn login.
- Installer In case you use Linux or macOS, the quickest start is our install script:
bash <(curl https://getvcn.codenotary.com -L)
You can also download the latest release
- Login to timestamp.codenotary.com
vcn login --lc-host timestamp.codenotary.com # type in your API key when requested # or setting the API key VCN_LC_API_KEY=<Your-API-Key vcn login --lc-host timestamp.codenotary.com
- Notarize existing digital objects Once you have an account you can start notarizing digital assets to give them an identity.
vcn n <file|dir://directory|docker://dockerimage|git://gitdirectory>
- Authenticate digital objects You can use the command as a starting point.
vcn a <file|dir://directory|docker://dockerimage|git://gitdirectory>
Tip: the timestamping and verification calculates a SHA256, so larger files might take a bit longer depending on your system.
For detailed command line usage, just run
It's also possible to notarize assets using a wildcard pattern.
--recursive flag the utility can recursively notarize inner directories.
vcn n "*.md" --recursive
Start with the
vcn will walk you through login and importing up your secret upon initial use.
vcn login --lc-host timestamp.codenotary.com
Once your secret is set, you can notarize assets like in the following examples:
vcn notarize <file> vcn notarize dir://<directory> vcn notarize docker://<imageId> vcn notarize podman://<imageId> vcn notarize git://<path_to_git_repo> vcn notarize --hash <hash>
Change the asset's status:
vcn unsupport <asset> vcn untrust <asset>
vcn authenticate <file> vcn authenticate dir://<directory> vcn authenticate docker://<imageId> vcn authenticate podman://<imageId> vcn authenticate git://<path_to_git_repo> vcn authenticate --hash <hash>
To output results in
vcn authenticate --output=json <asset> vcn authenticate --output=yaml <asset>
Simply set up your environment accordingly using the following commands:
Once done, you can use
vcn in your non-interactive environment using:
vcn login --lc-host timestamp.codenotary.com vcn notarize <asset>
Other commands like
unsupportwill also work.
First, you’ll need to pull the image by using:
docker pull hello-world
Then use the below command to put in place an automatic safety check. It allows only verified images to run.
vcn authenticate docker://hello-world && docker run hello-world
If an image was not verified, it will not run and nothing will execute.
This new and free forever service enables hundreds of use cases for developers and DevOps engineers.
We're keen to learn about your use case! Just reach out to us in the chat or by email - CodeNotary