Back
-
Platform
BackManage PKI and Certificate Risk in One Place
-
Solutions
BackThe Smarter Way to Manage Certificate LifecyclesSoftware Supply Chain Security
Protect your entire software supply chain with automated tools
- Buy
-
Company
BackManage PKI and Certificate Risk in One Place
-
Resources
Back
- Support
- Contact us
- Language
DIGICERT ® SOFTWARE TRUST MANAGER
Secure Code Signing & Policy Governance
Protect your software supply chain with integrated scanning, signing, governance and compliance.
The DigiCert® ONE Platform
Trust Your Software
Govern code signing and release trusted software with DigiCert
Optional heading that can be visually hidden
From Chaos to Flow
Software signing begins with keypair storage, but true software trust demands more—managing complex global teams, vulnerabilities, and evolving regulations—all while preparing for Post-Quantum Cryptography (PQC).
You need a solution that transforms costly chaos into a streamlined flow that matches the pace of your software development needs.
Use Cases
CENTRALIZED GOVERNANCE
Ensure consistency and compliance by encoding best practices into your team- and role-based access control (RBAC).
THREAT SCANNING
Check that your software is free of vulnerabilities, malware, and license issues prior to release when it is more economical to fix.
POLICY-DRIVEN SIGNING
Manage and securely store your public and private certificates and keypairs, including automatic re-keying and systematic PQC-ready encryption updates.
INTEGRATION & AUTOMATION
Seamlessly integrate threat scanning and code signing into your release infrastructure and CI/CD processes, with automation to keep the flow going.
The DigiCert Difference
Advanced Code Signing
Scan for threats, manage SBOMs, store keys compliantly, and control access centrally–all in addition to regular and hash code signing.
Policy-driven Privileges
Enforce security policies by embedding privileges into user profiles while demonstrating compliance to auditors with signature and activity logs.
Modern Integrations
Integrate code signing and threat scanning into your DevOps pipelines. Shave time off producing releases by automating these activities. We connect to most modern CI/CD platforms.
Compliance in Action
Learn how Software Trust Manager embeds your policies into profiles that govern access and action. See where threat scanning results guide you to fix the issues.
Optional heading that can be visually hidden
Sign Secure Software
Unlike most signing tools, Software Trust Manager includes threat scanning and SBOMs, in addition to key and certificate management, and granular access control, for creating a policy-driven approach to securely releasing software.
Gain Control with Centralized Governance
Enforce enterprise signing policies while enabling decentralized operations.
- Prevent Unauthorized Signing: Flexible, role-based policies determine signing permissions.
- Enforce Signing Guardrails:Sign releases only when rules, like threat scanning criteria, are met.
- Enable Approval Workflows:Customize multi-level approval workflows for riskier actions.
Boost Security with Integrated Scanning
Understand malware and vulnerability risks before you sign.
- Scan Everything: Inspect projects, open source, 3rd party libraries, AI models, containers, and binaries.
- Uncover Vulnerabilities: Flag malware, CVEs, exposed secrets, and misconfigurations before release.
- Generate & Sign SBOMs: List software bill of materials, improve transparency, and support compliance.
Manage Signing with Policy-Driven Controls
Sign with confidence by orchestrating policies, profiles, and compliance.
- Secure Signing Keys: Secure all your keys in a centralized, FIPS/CC-compliant cloud-based HSM.
- Manage Key Lifecycles: Automate certificate and key lifecycle for expiry, rotation, and renewal.
- Ensure PQC Readiness: Be PQC-ready with NIST-approved quantum signing algorithms.
Streamline Delivery with Modern Integrations
Make threat scanning and code signing part of the CI/CD process.
- Integrate with DevOps: Sign and scan from within your build and release tools.
- Enforce Signing Policies: Automatically apply signing, security, and access policies.
- Improve Team Efficiencies: Streamline the scan, sign, and deliver workflow with automation.
Business Outcomes
Protect Your Reputation
Reduce your attack surface with code scanned for malware, vulnerabilities, and exposed secrets.
Comply With Regulations
Ensure consistency and compliance across your certificate and key landscape with centralized governance and policies.
Lower Remediation Costs
Avoid the excessive costs of fixing security issues in released software and track released components in SBOMs.
Operational Control with Flexibility
DeNA moved from in-office EV code signing with dongles to signing anywhere with secure cloud keypairs, while gaining more control and increased signing speed.
“The frequency of releases, such as minor bug fixes and feature additions, which often occur several times a week, made it a hassle for operations to physically sign off."
Atsushi Ono, Technical Director and Senior Project Manager, Coopel Business Development Promotion
Related Resources
GUIDE
Top 5 Strategies to Secure Your Software Supply Chain
GUIDE
Sample Enterprise Code Signing Policy
GUIDE
Automating NIST SSDF with DigiCert Software Trust Manager
Talk to an Expert to Learn How DigiCert
Solutions Can Help You Deliver Digital Trust
-
The most-trusted global provider of high-assurance TLS/SSL, PKI, IoT and signing solutions.
-
-
© 2025 DigiCert, Inc. All rights reserved.
Legal Repository Audits & Certifications Terms of Use Privacy Center Accessibility Cookie Settings