Scribe Hub: Specs and Core Capabilities

A user-controlled development platform scanner deployed on customer premises, performing periodic scans to facilitate:

• Development asset mapping
• Security posture evaluation
• Security controls’ coverage gap analysis
• Continuous API scanning
• Log collection and analysis
• Queryable Evidence Graph
• Lineage Visualization

Scribe collects, signs, and verifies evidence for each software build and periodic scans to enable:

• Automatic collection of security evidence
• Attesting by signing evidence
• Automated software signing and verification

• Pre-built frameworks and controls catalog
• Customizable policy-as-code public repo
• Policy Gates:  SCM, Build, Admission Control, Out-of-band
• Security control adoption reports

• Comprehensive SBOM Inventory with granular search capabilities
• Automated SBOM generation from multiple sources
• OSS library data enrichment and base image detection
• Export and sharing in CycloneDX, SPDX, and CSV formats

• Known vulnerability detection near real-time and ongoing
• Risk analysis through severity and exploitability
• Cross-inventory risk analysis
• VEX Advisories importing and authoring
• Export VDR and VEX records
• Integrating 180+ scanners
• Gate SDLC with vulnerability risk policies

• Automated checks against NIST SSDF, SLSA, and CIS 
• Automated checks against relevant parts in cyber security frameworks
• Automated checks, utilizing policy-as-code and Gitops
• Audit-ready reports

• API integration with SCMs, Container Registries, and Kubernetes clusters
• Plugins or a CLI tool for CI/CD platforms evidence collection and gating
• Kubernetes Admission Controller
• REST API upload

Centralized monitoring and analytics for security and compliance insights.