Companies depend on code signing to provide consumers with assurance of software and publisher authenticity, ensure the integrity of IT operations, and prevent malware propagation or data breaches. However, manual code signing processes can still leave software applications vulnerable to attack. Key theft, misused keys, server breaches, and insecure processes can permit code with malware to be signed and distributed as trusted software. Automation of code signing workflows helps eliminate these points of vulnerability, delivering:
DigiCert® Secure Software Manager improves software security with code-signing workflow automation that reduces points of vulnerability with end-to-end company-wide security and control in the code signing process—all without slowing down your DevOps pipelines.
Key capabilities include:
Signing keys are safely secured in on-premises or cloud HSMs, protected from theft or insecure key practices, with fine-grained access and usage control options
Granular roles and permissions with automated workflows ensure compliance with security policy.
Audit trail of who signed what, when, with full certificate lifecycle handling, facilitates management and remediation.
Integration with CI/CD pipelines ensures efficient and consistent signing without slowing down development.
DigiCert® Secure Software Manager delivers the flexibility and control those enterprises require:
Configure workflows that give you centralized control over your security policies:
Prevent unauthorized access and use of signing keys with secure key storage, access, and handling:
Prevent malware from being injected to build servers, with verification that code being signed during the release process matches a baseline build .
Gain workflow and process security without slowing down agile development objectives:
Seamlessly protect and manage everything from published software to deployment environments to firmware, with broad support for file types.
Authenticode | Android | Apple | ClickOnce | Debian | Docker
GPG | JAVA | Nuget | OpenSSL | RPM | XML
Streamline deployment and new feature rollout with a container-based architecture that future-proofs your investment and enables you to stay abreast of industry compliance requirements:
“We have 6,000-plus developers on six continents. Trying to secure all the keys that they need (for code signing) would be a nightmare. With SSM, the keys remain in the cloud, and access is provided to sign with them, but not to get the actual keys themselves. That is a huge win for us.”