With traditional open-source libraries, developers must download the source from a hopefully trusted repository, then patch, build, test, and deploy the software themselves. Instead of requiring this labor-intensive process, SafeLogic delivers rigorously tested executable binaries that are continuously being built from source with the latest open-source files, SafeLogic-developed and FIPS 140-3 validated code, patches, and security updates.
The need for the Customer Portal arises from the scope of the SafeLogic build repository. Considering all the versions of all the open-source libraries CryptoComply supports, along with all supported operating systems, CPU architectures, OS versions, languages, and customer-specific customizations, SafeLogic produces and continuously updates over 3,700 builds on a fully automated basis. All 3,700 builds are available to customers through the SafeLogic Customer Portal. In addition to standard builds, SafeLogic's software factory and Customer Portal also deliver customer-specific build customizations. At last count, SafeLogic's automated software factory was using over 117,000 files to produce those builds. Building world-class cryptography software from source is NOT something cryptography users should be doing themselves.
Given that its customers want and need CryptoComply to be drop-in compatible with the exact version of the open-source library their products are coded to support, SafeLogic produces builds for every open-source release. Take OpenSSL, for example. OpenSSL recently released version 3.5.4. SafeLogic used the 3.5.4 source code to automatically generate 190 standard CryptoComply builds: half go to customers via the new Customer Portal, and half are internal builds used by the SafeLogic development, QA, and CI/CD teams. In addition, SafeLogic automatically generated 170 custom CryptoComply builds from that same source using customer-specific toolchains and compiler flags. These 170 custom OpenSSL 3.5.4 compatible builds are also available in the SafeLogic Customer Portal.
Does this mean Portal users need to wade through 100s of builds to find the software they need? No. First, every customer account in the portal lists only the CryptoComply builds to which the customer is entitled under its subscription and license agreements. So if a customer has only licensed CryptoComply Core on Debian Linux, they will not see builds for other operating systems. In addition, three pull-downs for SafeLogic product, open-source library version, and SafeLogic product version allow users to find exactly what they need quickly. If necessary, users can also use a search field to filter their results further.
Once they have found the build they are interested in, the user can view details for that build. If they want that build, they can download the file, copy the SHA256 hash for the file, or download the SHA256 hash in a file. They can also download a GPG signature to verify using SafeLogic's GPG public key.
While the Customer Portal user interface provides an excellent customer experience, access to the portal can also be automated. Contact your SafeLogic support contact or support@safelogic.com with any questions.