Codenotary

Codenotary is a software supply chain security company based in an undisclosed location that provides an artificial intelligence SaaS platform for tamperproof artifact protection and immutable ledgers. The enterprise platform secures continuous integration and continuous delivery pipelines, manages software bill of materials, and detects vulnerabilities across applications and Linux environments using open source tools like immudb. The organization has raised $16.5 million in total financing to accelerate its global expansion and the development of its autonomous agentic security platforms, such as the recently introduced AgentX. Operating through both cloud and on premises deployments, the company serves hundreds of enterprise customers worldwide across the banking, government, and defense sectors, including the global defense contractor RUAG and its executive Marcel Schlauss. Codenotary was established in an undisclosed year and is currently led by cofounder and chief executive officer Moshe Bar.

High-Level Overview

Codenotary builds an AI-driven cybersecurity platform that secures the entire software supply chain through notarization, verification, tamper detection, and compliance automation. It serves enterprises including banks, government agencies, financial organizations, ERP companies, and DevOps teams, solving critical problems like supply chain attacks, vulnerabilities (e.g., Log4j), regulatory compliance (NIST, NIS2, CRA, DORA), and lack of trust in software artifacts from source code to production.[1][2][4][5][6] The platform generates cryptographically signed Software Bills of Materials (SBOMs), enables real-time monitoring, and integrates with immudb—an open-source immutable database Codenotary leads in developing—for tamper-evident tracking, processing millions of transactions per second.[4][5] With over 100 customers (now hundreds, including top banks and defense clients), recent $16.5M funding in late 2025 signals strong growth momentum amid rising demand for automated trust in complex environments.[5][6]

Origin Story

Codenotary was founded in 2018 by CEO Moshe Bar and CTO Dennis Zimmer. Bar brings deep expertise from co-founding Qumranet (behind the Linux KVM hypervisor, sold to Red Hat for $127M in 2008) and XenSource (sold to Citrix for $500M in 2007), focusing on virtualization and secure infrastructure.[4][5] The idea emerged from the need to ensure tamper-proof trust in software artifacts—who worked on them, when, how, and what changes were made—especially amid growing supply chain risks in DevOps and open-source ecosystems.[5] Early traction came via immudb, Codenotary's immutable ledger database (downloaded over 12M times), which underpins its notarization tools; customers quickly adopted it for pipeline provenance, with financial and government sectors leading implementation.[4][5]

Core Differentiators

• Immutable Trust via immudb: Built on the leading open-source enterprise immutable database (Codenotary's top contributor), providing tamper-evident history without blockchain, enabling verifiable SBOMs and VEX for every artifact.[1][4][5]
• AI-Powered Automation: Real-time tampering detection, continuous CVE scanning, policy enforcement, and compliance scoring (CIS, PCI, FedRAMP) with agent/agentless deployment—reducing manual effort and attack surfaces.[1][2][6]
• End-to-End Supply Chain Coverage: Tracks from source code to production, generating SBOMs automatically; processes billions of transactions daily for high-scale environments like banks and defense.[2][4][5]
• Developer and Ops-Friendly: Quick setup (minutes), seamless pipeline integration, prioritized alerts, and remediation steps; recent U.S. Patent 12,483,412 for shortening cryptographic proofs enhances efficiency.[1][6]
• Proven Scale and Compliance: Hundreds of customers (e.g., global banks, governments); supports NIST, NIS2, CRA, DORA without friction, with audit-ready reporting.[2][6]

Role in the Broader Tech Landscape

Codenotary rides the software supply chain security trend, amplified by high-profile attacks (e.g., SolarWinds, Log4j) and mandates like EU CRA, DORA, and U.S. executive orders demanding SBOMs and provenance.[2][5] Timing is ideal as AI integration explodes—natural language in execution models deepens risks—while enterprises shift to cloud-native, distributed systems needing deterministic trust over manual scans.[1][6] Market forces like regulatory pressure, zero-trust architectures, and open-source explosion favor it; Codenotary influences the ecosystem as immudb's leader (12M+ downloads) and innovator in AI trust automation, enabling transparent, resilient software for sustainability and green tech transparency.[4][6] Its tools democratize compliance for SMBs to hyperscalers, reducing blast radius in vulnerable pipelines.

Quick Take & Future Outlook

Codenotary is poised for explosive growth, leveraging $16.5M (post-$12.5M Series B) to expand engineering/sales and enter UK/Asia markets amid AI-cybersecurity convergence.[5][6] Trends like agentic AI assurance, real-time VEX, and global regs (e.g., NIS2 enforcement) will propel it; expect deeper integrations with CI/CD giants and more patents. Its influence may evolve from niche verifier to ecosystem standard, powering trusted AI agents and edge computing—guarding software as "Guardians of software™" in a post-Log4j world.[1][6] This positions Codenotary as essential infrastructure for secure digital resilience.