Utilize the Public Cloud for Safe Software Development

Developing software in the cloud offers benefits for developers, such as access to cutting-edge tools and technologies, developer tools as-a-service, and machine learning resources.

Scribe’s solution helps organizations develop in the public cloud by preventing tampering with digital assets, authenticating and authorizing developers, and filtering out dependencies for reputable open-source components.

Using Scribe, organizations can perform complete coding, building, and testing cycles within the cloud environment.

After a cycle is completed, the source code and attestations about its trustworthiness are transferred to the air-gapped network.

A Scribe gateway then examines the code’s integrity and applies a security policy to the attestation’s secure development process. Evidence is collected as part of the attestation.

Read the Use Case WP

Scribe provides continuous attestation of the Security and reliability of the code development process by gathering, managing, and PKI or GPG signing proof for each code version.

The evidence includes

Code Commits, including file listings and hash values

Code reviews performed

Developer identities involved

Open-source dependencies

Source Control Manager security configuration

Automated security scans

To adopt the development of software in the public cloud, highly secured organizations address the following risks with adequate security controls.

Risk Scenario  Mitigating Controls
External attacker
Tamper with code and data
  • Validate environment’s strong security posture (esp. 2FA)
  • Code signing
  • Authenticate and authorize developers
  • Enforce code reviews by trusted peers
Internal attacker
Tamper with code and data
  • Authenticate and authorize developers
  • Code signing
  • Enforce code reviews by additional people
Insecure open-source components
  • Filter for reputable resources
  • Verify provenance of components
  • Enforce automated security testing