Scribe TrustHub - CloudBlue

About

[Fast-Track product] Scribe is a solution for organizations that are concerned about threats from their software supply chain. Security and Compliance officers can use Scribe to validate the compliance and integrity of software that their organization either produces or consumes. DevSecOps teams securing software builds and security teams responsible for software in-use can use Scribe as a means to continuously assure this software is secure.

Overview
Integrations
Showroom

Scribe is an online software-as-service that acts as a hub between software producers and software consumers for continuously sharing attestation (cryptographically signed evidence) to the software’s trustworthiness. These producers and consumers might be teams in a single organization or reside across enterprise barriers.

Stakeholders can apply a policy over attestations to ensure a due secure development process, build processes, validate that tampering hasn’t taken place, and gauge compliance with standards such as SSDF and SLSA. More often than not, organizations are not aware of the full extent of the open-source dependencies in the software they use. Moreover, if such information exists, it is not methodically tracked or communicated to the stakeholders who consume this software. This is especially true in vendor-customer relationships.

Scribe generates a standards-based software bill of materials (SBOM) for every build and enables producers to share it with stakeholders on an ongoing basis with information and updates about published vulnerabilities and reputation.

Software Integrity and Provenance:

Scribe ensures the provenance(origin) and validates the integrity of your software build. It tracks every file by hash from the file’s origin up to the built artifact, throughout the software development lifecycle. This origin can be open-source or internal: a code repo, a package manager, or a container registry. In the process, Scribe flags suspicious modifications while accounting for legitimate changes such as linting and compilation. Scribe also validates the build environment and tools in a similar way. With its open-source package intelligence service, Scribe authenticates the open-source components, thus assuring that they were not maliciously modified. Scribe enriches SBOMs with this granular validation information and you can share it with relevant stakeholders.
Scribe cryptographically signs and validates critical evidence with customer keys, throughout the software development lifecycle (SDLC). This method provides resistance against tampering. It can also be regarded as extending the well-known concept of software signing to the SDLC.

Continuous Vulnerability Tracking:

Scribe generates CVE reports and continuously tracks newly published CVEs for software builds delivered to production based on the SBOMs it stores and manages for the built software.

Policy and Governance:

Scribe enables software customers to govern, by policy, artifacts delivered from their vendors such as in a subcontracting relationship. The policy owner can also mandate a minimum level for the software vendor’s build environment security level.

*CloudBlue Fast-Track product: This product is part of the CloudBlue Fast-Track program. This means that the product is in process to be integrated with CloudBlue Connect.

Microsoft Azure MarketplaceFind, try, and buy apps on Azure Marketplace.

Amazon Web Services MarketplaceThe new sales channel for ISVs and Consulting Partners to sell their solutions to AWS customers.

CloudBlue CommerceMulti-tier commerce platform that allows you to launch marketplaces to partners, resellers and end customers.

Google Cloud Platform MarketplaceExplore, launch, and manage production-grade solutions in just a few clicks

PostgreSQL Database ExtensionPostgreSQL DBaaS

CloudBlue Standard Transformations LibraryStandard set of transformations to be applied to the Billing Stream by CloudBlue

Microsoft Management SettingsConfigure GDAP and credentials for both Microsoft SaaS and Azure NCE Connect products.

Anvil Customer Portal ExtensionControl Panel for service delivery

Telegram ExtensionSend platform notifications to the telegram channel of your choice.

Activation NotificationsSend a personalized email to the customer when a new Subscription is activated.

WorkatoAn enterprise automation platform that helps organizations work faster and smarter

PrestashopLaunch your online store right now. There’s a solution to suit everyone’s needs.

Intuit QuickbooksQuickBooks helps new and growing businesses find their way faster.

Oracle Applications SuiteEnterprise resource planning software applications from Oracle Corporation.

OpenCartSimple to start. Easy to run.

Oracle NetSuiteAn integrated cloud business software suite.

Mulesoft Anypoint PlatformConnect any app, data, or device - in the cloud, on-premises, or hybrid.

Microsoft Dynamics 365CRM and ERP applications

Microsoft AppSource MarketplaceFind the right app for your business needs.

BigCommerceFlexible, open SaaS platform leading a new era of ecommerce.

Magento CommerceCreate engaging, shoppable experiences with Magento Commerce.

Ingram Micro Cloud MarketplaceTake Your Business to the Next Level with Ingram Micro Cloud Marketplace.

HCL CommerceA modern commerce platform designed to grow with your business

CloudBlue PSAIntegrate sales, operations and finance in one system

ZapierConnect your apps and automate workflows

AutotaskThe End-to-End Software Suite for ITSPs & MSPs

AppDirectDistribute your products through a network of SaaS marketplaces.

EcwidE-commerce Shopping Cart is Fast and Easy to Use

ApigeeDesign, secure, analyze, and scale APIs anywhere with visibility and control.

BoomiAccelerate your business. Connect everything, engage everywhere and run anywhere .

CloudBlue Connect CLICommand line tool to automate common tasks with CloudBlue Connect

FlowgearCreate & manage enterprise-grade integrations & workflows in minutes not months.

Connectwise ManageThe powerful PSA software designed to help MSPs improve efficiencies, enhance the customer experience, and increase revenue.

Why Scribe TrustHub?

Maintain the software integrity, visibility and security across your vendors and suppliers.
Address the new best practices and regulation compliance for software supply chain security such as SLSA and NIST SSDF, SBOM.
Sign, manage and easily share attestations among stakeholders for every software version across the entire product life cycle.
Address and continuously manage vulnerabilities ( CVEs ) for your software products.
Govern the security of the software development life cycle, open-source dependencies, and security test results in a centralized place.

Scribe TrustHub customer persona

Top segments by size (# employees)

B2C

Micro

0 employees

SOHO

1 – 4 employees

Small SMBs

5 – 9 employees

Medium SMBs

10 – 49 employees

Large SMBs

50 – 249 employees

Corporate

249 – 999 employees

Enterprise

999+ employees

Top segments by vertical

Fintech and Banking

Automotive

Manufacturing

Segment 4

Segment 5

Segment 6

Not targeted customer segment

Secondary customer segment

Sweet spot

Needs

Continuously manage the integrity and visibility of the software supply chain.
Address the gaps for the new best practices and regulations to securer the software supply chain ( SBOM, SLSA, NIST SSSDF).
Smart sharing of signed evidence across multiple stakeholders, internally and externally.

Wants

Easy to deploy and connect to the SaaS platform to get value quickly.
Ability to create multiple accounts for teams members and stakeholders.
Easily integrate with your existing ecosystem of software factory.

Pain points

Continuously Manage the complexity of software supply chain integrity and provenance – end-to-end.
Address the compliance guidance for software supply chain and leading best practices with out of the box tools.
SBOM production and vulnerability (CVE) alerts including for open source modules and dependencies.