In an increasingly interconnected digital world, the integrity of the software supply chain has emerged as a critical battleground for cybersecurity. Responding to this urgent need, Codenotary Inc., a pioneer in intelligent cybersecurity and trust automation, has successfully closed a $16.5 million funding round. This significant capital injection, led by Swiss-based investor Bluwat, is set to fuel the company’s ambitious global expansion and further solidify its position as a leader in safeguarding the software that powers modern enterprises.
The Funding Details: A Strategic Investment in Trust
Codenotary’s latest funding round marks a pivotal moment for the company, providing the necessary resources to scale its operations and meet surging global demand. The $16.5 million investment underscores a strong vote of confidence from the financial community in Codenotary’s unique approach to solving one of the most complex challenges in modern technology.
A Closer Look at the Investment
The round was prominently led by Bluwat, a discerning investment firm known for backing innovative and high-growth technology companies. The participation of both new and existing investors further signals broad-based support for Codenotary’s mission and its technological prowess. This infusion of capital is earmarked for several key areas of growth, including a significant expansion of its global sales and marketing efforts, as well as continued investment in research and development to enhance its cutting-edge platform.
Pascal Pernet, CEO of Bluwat, articulated the rationale behind their lead investment, highlighting the critical nature of the problem Codenotary addresses. “The escalating threat of software supply chain attacks has made Codenotary’s solution indispensable for modern businesses,” Pernet stated in a press release. “We were profoundly impressed by their innovative technology, the expertise of their team, and the significant market traction they have already achieved. Codenotary is not just creating a product; they are defining a new standard for trust and integrity in software development and deployment.”
Fueling Innovation and Market Penetration
The allocation of these funds will be strategic. On the R&D front, Codenotary plans to deepen the artificial intelligence and machine learning capabilities within its platform, making threat detection smarter, faster, and more predictive. This includes enhancing its ability to analyze vast datasets of code, dependencies, and developer behavior to identify anomalies that may signal a compromise. For sales and marketing, the focus will be on entering new geographical markets, building a robust channel partner ecosystem, and raising awareness among enterprises that are now grappling with new regulatory requirements and a heightened risk environment.
The Software Supply Chain Crisis: A New Digital Frontier of Risk
To fully appreciate the significance of Codenotary’s mission, one must understand the gravity of the software supply chain problem. Modern applications are not monolithic blocks of code written by a single team. Instead, they are complex mosaics assembled from hundreds or even thousands of components, including open-source libraries, third-party APIs, and internal microservices. This intricate web of dependencies creates a vast and often opaque attack surface.
Lessons from High-Profile Breaches
The industry has been served a series of stark wake-up calls. The 2020 SolarWinds attack was a watershed moment, where malicious code was injected into a trusted software update, compromising thousands of organizations, including high-level U.S. government agencies. This sophisticated attack demonstrated how a single compromised component could have a catastrophic cascading effect across the globe.
More recently, the Log4j vulnerability (or “Log4Shell”) sent shockwaves through the tech world. A flaw in a ubiquitous, seemingly innocuous open-source logging library exposed millions of applications to remote code execution. The ensuing panic was a frantic scramble as organizations struggled to even identify which of their systems were using the vulnerable component. These incidents laid bare a fundamental truth: you cannot secure what you cannot see. Without a complete and verifiable inventory of every piece of code running in an environment, organizations are flying blind.
The Shift in Attacker Methodology
Cybercriminals and state-sponsored actors have recognized that attacking the supply chain is far more efficient than targeting individual organizations. By compromising a single popular software package or library, they can gain a foothold in thousands of downstream targets. This “attack-one, infect-many” strategy has made software supply chain security a top priority for CISOs, regulators, and national security agencies alike.
Codenotary’s Platform: Building a Verifiable Chain of Trust
Codenotary was founded to address this challenge head-on. The company’s core offering, the Codenotary Trustcenter, provides an end-to-end platform for creating and managing a tamper-proof, auditable record of every artifact in the software development lifecycle (SDLC).
The Power of the Software Bill of Materials (SBOM)
At the heart of Codenotary’s solution is the concept of the Software Bill of Materials (SBOM). An SBOM is a detailed, nested inventory of all the components that make up a piece of software. Codenotary automates the creation of comprehensive SBOMs, but it goes a critical step further. It ensures that this SBOM is not just a static list but a living, verifiable document. The platform allows organizations to digitally sign and attest to every component, build, and deployment, creating an unbroken chain of cryptographic custody from source code to production.
The Immutable Foundation: immudb
The technological bedrock of Codenotary’s platform is `immudb`, the company’s powerful open-source immutable database. Unlike traditional databases where data can be altered or deleted, `immudb` is designed to be tamper-proof. Every new piece of data is cryptographically linked to the previous entry, creating a verifiable and unchangeable history. This is the same principle that underpins blockchain technology, but `immudb` is optimized for high-speed, high-volume operations suitable for enterprise use cases.
By using `immudb` as its foundation, Codenotary ensures that the entire history of a software artifact—who built it, what components it contains, what vulnerabilities were found, and where it was deployed—is recorded in a way that cannot be secretly altered. This provides an irrefutable “birth certificate” and ongoing diary for every piece of software, which is invaluable for forensic analysis, compliance audits, and real-time security posture management.
The Role of AI and Automation: From Reactive to Predictive Security
The sheer scale and velocity of modern software development make manual security checks impossible. This is where Codenotary’s focus on “Intelligent Cybersecurity & Trust Automation” becomes a game-changer. The platform is designed to integrate seamlessly into existing CI/CD (Continuous Integration/Continuous Delivery) pipelines, automating security and compliance at every stage.
Intelligent Vulnerability Management
Codenotary’s platform continuously scans all software components against a vast database of known vulnerabilities. However, it uses intelligent analysis to go beyond simple matching. It can prioritize threats based on context—for example, elevating a vulnerability in a critical, internet-facing service over a similar flaw in a low-risk internal tool. This AI-driven prioritization helps security teams focus their limited resources on the most significant threats, cutting through the noise of constant alerts.
Trust Automation in the DevOps Pipeline
The concept of “Trust Automation” involves codifying security policies and enforcing them automatically. For example, an organization can set a policy that no software can be deployed to production if it contains critical vulnerabilities or if it includes components from un-trusted sources. Codenotary enforces these policies in real-time within the pipeline, stopping non-compliant builds before they can become a threat. This “shift-left” approach embeds security directly into the development process, making it a shared responsibility rather than an afterthought. It transforms security from a bottleneck into a seamless, automated guardrail, enabling teams to innovate quickly without sacrificing safety.
Vision for the Future: Global Expansion and Market Leadership
Armed with $16.5 million in new funding, Codenotary is poised for a new chapter of growth. The company’s leadership has a clear vision for deploying this capital to establish a dominant global presence.
A CEO’s Perspective on Proactive Security
Moshe Bar, co-founder and CEO of Codenotary, emphasized the proactive nature of their solution. “For too long, the cybersecurity industry has been focused on reactive measures—detecting and responding to breaches after they occur,” Bar explained. “Our approach is fundamentally different. We provide the tools to build trust and integrity directly into the software development process, preventing compromises from happening in the first place. This funding allows us to bring our vision of proactive, preventative security to a global audience and empower every organization to be certain about the software they build and run.”
Targeting Key Markets and Industries
Codenotary’s global expansion strategy will target regions and industries where the need for software supply chain security is most acute. This includes North America and Europe, where regulatory pressures are mounting, as well as the Asia-Pacific region, which is experiencing rapid digital transformation. Key industry verticals include finance, healthcare, critical infrastructure, and the public sector—all of which are high-value targets for attackers and subject to stringent compliance mandates. The company plans to establish local sales and support teams in these regions to provide tailored solutions and build strong customer relationships.
Industry Impact: Navigating the Regulatory Landscape and the Future of DevSecOps
Codenotary’s growth is happening in concert with powerful macroeconomic and regulatory tailwinds. The increasing sophistication of cyber threats has moved software supply chain security from a niche technical concern to a boardroom-level priority.
The SBOM Mandate and Regulatory Compliance
A significant catalyst for market growth has been government action. In the United States, President Biden’s Executive Order 14028 on Improving the Nation’s Cybersecurity explicitly calls for the use of SBOMs for all software sold to the federal government. This has created a powerful incentive for software vendors to adopt platforms like Codenotary’s. Similar initiatives are underway in the European Union with the proposed Cyber Resilience Act, which aims to establish cybersecurity standards for all digital products sold in the EU.
Codenotary is perfectly positioned to help organizations navigate this complex and evolving regulatory landscape. Its platform not only generates the required SBOMs but also provides the underlying proof and attestation needed to meet the highest standards of compliance and due diligence.
Redefining the DevSecOps Paradigm
The rise of solutions like Codenotary’s is reshaping the DevSecOps movement. Traditionally, security was often seen as a final gate that slowed down development. By embedding trust and verification directly into the automated pipeline, Codenotary helps bridge the gap between development, security, and operations teams. Developers are empowered with immediate feedback on the security of their code, security teams gain unprecedented visibility and control, and operations teams can deploy with confidence. This fosters a culture of shared responsibility and enables organizations to achieve both speed and security, a combination that was once considered a trade-off.
Conclusion: A New Era of Software Integrity
Codenotary’s successful $16.5 million funding round is more than just a financial milestone for a promising startup; it is a clear indicator of a paradigm shift in the cybersecurity industry. As software becomes the fundamental building block of the global economy, the integrity of that software is paramount. The era of implicit trust is over.
With its innovative use of immutable ledger technology, intelligent automation, and a proactive security philosophy, Codenotary is not merely selling a tool but championing a new standard of digital trust. This new capital will enable the company to accelerate its mission to provide organizations with the certainty they need to innovate securely in a world of ever-present threats. As the digital and physical worlds continue to converge, the verifiable chain of trust that Codenotary helps to build may well become the most critical infrastructure of all.
