DigiCert® Secure Software Manager

SECURE AND AUTOMATE CODE SIGNING 

Centralize and automate your code signing workflows
with native integration to CI/CD pipelines.
Free Trial
Why Automate?
Features
Use Cases
Resources
Help

WHY AUTOMATE CODE SIGNING?

Companies depend on code signing to provide consumers with assurance of software and publisher authenticity, ensure the integrity of IT operations, and prevent malware propagation or data breaches. However, manual code signing processes can still leave software applications vulnerable to attack. Key theft, misused keys, server breaches, and insecure processes can permit code with malware to be signed and distributed as trusted software. Automation of code signing workflows helps eliminate these points of vulnerability, delivering:

  • End-to-end security
  • Policy compliance
  • Faster remediation
  • Improved cryptoagility

AUTOMATION THAT DELIVERS 

DigiCert® Secure Software Manager improves software security with code-signing workflow automation that reduces points of vulnerability with end-to-end company-wide security and control in the code signing process—all without slowing down your DevOps pipelines.   

Key capabilities include:

Secure Keys

Signing keys are safely secured in on-premises or cloud HSMs, protected from theft or insecure key practices, with fine-grained access and usage control options 

Policy Enforcement

Granular roles and permissions with automated workflows ensure compliance with security policy. 

Centralized Management 

Audit trail of who signed what, when, with full certificate lifecycle handling, facilitates management and remediation.

Integration with CI/CD

Integration with CI/CD pipelines ensures efficient and consistent signing without slowing down development. 

ENTERPRISE-GRADE FEATURES  

DigiCert® Secure Software Manager delivers the flexibility and control those enterprises require: 

Granular account management and user access controls

Configure workflows that give you centralized control over your security policies:

  • Configure and standardize workflow features, user structures, roles and permissions
  • Easy-to-generate dedicated private CA for facilities with site-specific requirements
  • Enterprise-wide certificate landscape with import and export of self-signed, private and public end-entity certificates from any CA
  • Easy-to-audit tracking of signing activity with timestamping for rapid remediation

 

Key and certificate security controls

Prevent unauthorized access and use of signing keys with secure key storage, access, and handling:

  • Integration with on-premises or cloud-delivered HSMs
  • Key access profiles that map to key handling needs: production, test,
    on-demand, offline, open, restricted
  • Static, dynamic, and roaming usage models
  • Dual-user confirmation options
  • Certificate profile templates and workflows
  • Fine-grained granular key access authorization with multi-factor authentication

Release process controls

Prevent malware from being injected to build servers, with verification that code being signed during the release process matches a baseline build .

Seamless integration with DevOps workflow

Gain workflow and process security without slowing down agile development objectives:

  • Native integration with DevOps CI/CD tools, such as Jenkins, Azure Pipelines, Gradle and more via PKCS11/KSPs
  • Hash signing to reduce latency while keeping code secure
  • Signing via API, command-line, or console
  • Common interface to multiple signing tools

SUPPORTS DIVERSE USE CASES & FILE TYPES 

Seamlessly protect and manage everything from published software to deployment environments to firmware, with broad support for file types.

Published Software
IT Applications
Firmware
Containers
Software Images
Mobile Apps

Authenticode  |  Android  |  Apple | ClickOnce | Debian | Docker 

 GPG  | JAVA  |  Nuget  | OpenSSL | RPM  |  XML

FLEXIBLE DEPLOYMENT THAT SCALES

Streamline deployment and new feature rollout with a container-based architecture that future-proofs your investment and enables you to stay abreast of industry compliance requirements:

  • Achieve fast time to value with a container-based architecture that is rapidly deployed and highly scalable
  • Flexibility in deployment models: on-premises, public or private cloud, or hybrid
  • Pair with local datacenters for in-country requirements
  • Dedicated private CA options

HEAR FROM OUR CUSTOMERS

“We have 6,000-plus developers on six continents. Trying to secure all the keys that they need (for code signing) would be a nightmare. With SSM, the keys remain in the cloud, and access is provided to sign with them, but not to get the actual keys themselves. That is a huge win for us.”

David Nalley, Vice President, Infrastructure, The Apache Software Foundation
Read More

 Related Resources

DATASHEET

Secure Software with Code Signing Workflow Automation

DOWNLOAD
VIDEO

Key sharing opens your DevOps to attack

WATCH NOW
WHITEPAPER

The SolarWinds tipping point

DOWNLOAD

READY TO GET STARTED? 

I’m interested in: (check all that apply)
  • 1-5 TLS/SSL Certificates
  • PKI for Enterprises
  • 5-20 TLS/SSL Certificates
  • Private PKI & S/MIME
  • Enterprise TLS/SSL Options
  • DigiCert Partner Program
  • TLS/SSL Management Tools

By clicking Submit you agree to DigiCert, Inc. or its affiliates processing your data in accordance with DigiCert's Privacy Policy.

  • The most-trusted global provider of high-assurance TLS/SSL, PKI, IoT and signing solutions.