JUDGE
JUDGE enables a unified developer and cybersecurity governance experience. Starting with a build pipeline observer, it automates the collection and management of trusted telemetry, and then acts on evidence-based supply chain attestations. It yields a lower residual risk of a software supply chain attack by amplifying the Sec in DevSecOps.
Observe Build Process Telemetry
Track who, where, what, and how
Modern software teams operate asynchronously across highly distributed environments. Observe who triggered each build, where the build was performed, what the inputs, outputs, env, and build activities were, and how the build finished.
Identify supply chain tampering
Trust but verify all types of software input artifacts, both open source and commercial, with consistent evaluation of their hashes before they are consumed by a specific activity within the build pipeline.
Digitally-sign policies to prevent modifications
Define both permitted and mandatory activities within the software development pipeline, then optionally leverage an existing PKI infrastructure to digitally sign the policy before distribution to DevSecOps teams to prevent tampering.
Manage Software Build Pipeline Attestations
Store/Retrieve Attestation and Trusted Telemetry
Manage and control the storage, retrieval, and retention of software build pipeline attestations and associated sets of trusted telemetry, for all software artifacts, and across the entire secure software development lifecycle.
Use GraphQL for trusted telemetry integrations
Explore trusted telemetry data sets quickly and easily using an industry standard Graph Query Language (GraphQL) API. Integrate the telemetry into a custom apps or connect a JUDGE instance for advanced visualization.
Resist evidence injection attacks
Protect against corruption and trusted telemetry integrity attacks. The encrypted object storage can always be re-verified or re-parsed to seamlessly recover from an evidence injection attack or downstream integrity failure.
Act on Software Artifact Compliance
Visualize Software Artifact Provenance
Interact with an intuitive user interface to rapidly search, locate, and inspect attestations and their supporting trusted telemetry evidence. Easily conduct a root cause analysis or identify pipeline behavioral trends in an ad hoc fashion.
Streamline policy creation in software build pipelines
Quickly define and digitally sign both simple and advanced in-toto policies prior to distribution using focused workflows that aid in creating multiple software build process compliance strategies.
Continuously monitor software build pipelines
Plan, build, and execute multiple concurrent continuous monitoring strategies, instantly generating attestation reports for broader distribution or triggering real-time notification of detected policy violations for investigation.
