Developing software in the cloud offers benefits for developers, such as access to cutting-edge tools and technologies, developer tools as-a-service, and machine learning resources.
Scribe’s solution helps organizations develop in the public cloud by preventing tampering with digital assets, authenticating and authorizing developers, and filtering out dependencies for reputable open-source components.
Using Scribe, organizations can perform complete coding, building, and testing cycles within the cloud environment.
After a cycle is completed, the source code and attestations about its trustworthiness are transferred to the air-gapped network.
A Scribe gateway then examines the code’s integrity and applies a security policy to the attestation’s secure development process. Evidence is collected as part of the attestation.
Read the Use Case WPScribe provides continuous attestation of the Security and reliability of the code development process by gathering, managing, and PKI or GPG signing proof for each code version.
The evidence includes
Code Commits, including file listings and hash values
Code reviews performed
Developer identities involved
Open-source dependencies
Source Control Manager security configuration
Automated security scans
To adopt the development of software in the public cloud, highly secured organizations address the following risks with adequate security controls.
| Risk Scenario | Mitigating Controls |
| External attacker Tamper with code and data |
|
| Internal attacker Tamper with code and data |
|
| Dependencies Insecure open-source components |
|
