ImmuDB and Codenotary: It's a database, but the company isn't

Codenotary has created a blockchain-like database that looks a lot like Amazon QLDB or Oracle blockchain tables, but the company's focus is on the DevOps world, not databases.
Written by Tony Baer (dbInsight), Contributor

OK, here's a short, convoluted tale of a company that has developed an open source database but is not in the database business. You should take the company seriously because the founder is the same person who co-founded the companies behind the KVM and Xen hypervisors.

The company in question is Codenotary, whose mission is to ensure trust in the software development lifecycle. it does so with a tool that protects the "software supply chain" by creating a Software Bill of Materials that can be used to verify that code has not been tampered with. The tool provides cryptographically verifiable tracking and provenance for all artefacts, actions, and dependencies. That sounds a lot like a blockchain to us. Its service, Codenotary Cloud, provides the cryptographically verifiable trail of breadcrumbs to attest that the software is what the creators say it is. The need for bulletproof software bills of materials has been triggered by omnibus measures such as the federal cybersecurity executive order for which documenting code authenticity will help support.

We got interested because to support all this; the company had to build an immutable database. Building the data platform was a means to an end. The result, ImmuDB, is an open source ledger database that is, in effect, is an append-only data platform that carries built-in cryptographic proof and verification for all entries. Like a time series database, it tracks changes in data by time-stamping all entries so they can be versioned over time. It looks and acts like a blockchain database in that it provides cryptographic verification of each entry but doesn't organize the hashes of data by chains. While the database was designed to support DevOps in verifying the origin of software code, it is available as open source that can be downloaded from GitHub.

ImmuDB is what you make it in that it can operate as a relational or simpler key-value database. You can store a variety of data types, verification checksums, or JSON. Version 1.2, which was just released, added a couple of features inspired by GDPR. They include transactional rollback, which provides a verifiable record of data over time, and data expiration, which supports the right to forget. As the database is append-only and keeps every new version of data, the new data expiration feature can prevent database size from mushrooming beyond control.

These features provide parallels with Amazon Quantum Ledger Database (QLDB), which is a single node immutable ledger database that provides an immutable, and cryptographically verifiable transaction log, Oracle blockchain tables, which demarcate some tables to work as insert-only, chaining database rows together.

Today, ImmuDB can be embedded in apps written in Go through APIs. On the roadmap are plans to add APIs for Java and Python that could widen the potential addressable audience. But we won't call it an addressable market because Codenotary is not trying to sell you a database.

Editorial standards