Linux Fedora

ImmuDB and Codenotary: it’s a database, but the company isn’t

OK, here’s a short, convoluted story of a company that has developed an open source database but is not in the database business. You have to take the company seriously because the founder is the same person who co-founded the companies behind the KVM and Xen hypervisors.

The company in question is Codenotary, whose mission is to ensure confidence in the software development lifecycle. it does this with a tool that protects the “software supply chain” by creating a software nomenclature that can be used to verify that the code has not been tampered with. The tool provides cryptographically verifiable tracking and provenance for all artifacts, actions, and dependencies. It sounds a lot like a blockchain to us. Its service, Codenotary Cloud, provides the cryptographically verifiable breadcrumb trail to attest that the software is what the creators say it is. The need for bulletproof software nomenclatures has been triggered by omnibus measures such as the Federal Cyber ​​Security Decree for which documentation of code authenticity will help support.

We were interested because to support all of this; the company had to build an immutable database. Building the data platform was one way to an end. The result, ImmuDB, is an open source ledger database that is, in effect, an add-only data platform that has built-in cryptographic proof and verification for all entries. Like a time series database, it tracks changes in data by time stamping all entries so that they can be versioned over time. It looks and acts like a blockchain database in that it provides cryptographic verification of every entry but does not organize data hashes by strings. While the database was designed to help DevOps verify the origin of software code, it is open source and can be downloaded from GitHub.

ImmuDB is what you make of it in that it can function as a relational key-value database or more straightforward. You can store a variety of data types, verification checksums, or JSON. Version 1.2, which was just released, added some features inspired by the GDPR. They include transactional restore, which provides a verifiable record of data over time, and data expiration, which supports the right to be forgotten. As the database is add-on only and keeps every new version of data, the new data expiration feature can prevent the database size from growing out of control.

These features offer parallels with Amazon Quantum Ledger Database (QLDB), which is a single node immutable ledger database that provides an immutable and cryptographically verifiable transaction log, Oracle blockchain tables, which delimit certain tables for that they function as insert-only chained database rows. together.

Today, ImmuDB can be integrated into applications written in Go through APIs. On the roadmap, there are plans to add APIs for Java and Python that could expand the potential addressable audience. But we won’t call it an addressable market because Codenotary is not trying to sell you a database.


Source link