DigiCert® Software Trust Manager

Software supply chain protection and integrity.

Safeguard your entire software supply chain with automated tools for code scanning, signing, and generating Software Bills of Materials (SBOM). This is digital trust in action.

Contact Us Now

Protect against software supply chain threats.

Software supply chain attacks (SSC) are increasing. If your customers rely on the integrity of your software, you can rely on DigiCert to protect your software supply chain. We offer secure software management to safely store your code signing keys with role-based access, minimizing the risk of attackers compromising private keys. Adopt a policy-driven approach for software release: conduct thorough analysis of your software binaries to detect malware and vulnerabilities, then securely sign the application only when it meets your established policies. We provide:

  • Enterprise-hardened secure code signing
  • Threat detection scanning on software binaries
  • Software Bill of Materials (SBOM)
  • Automation for CI/CD pipelines
Learn More

Streamline and automate software security management.

DigiCert® Software Trust Manager enhances software security through automated code-signing and threat detection workflows. Our management tools pinpoint and minimize vulnerabilities, providing comprehensive security and control across your organization’s release process—without disrupting your DevOps pipelines.

Secure Keys

Signing keys are securely stored in on-premises or cloud HSMs, safeguarding them from theft or insecure key practices, with detailed access and usage control options.

Policy Enforcement

Granular roles and permissions, coupled with automated workflows, ensure adherence to security policies and maintain compliance.

Centralized Management

An audit trail that tracks who signed what, when, and includes full certificate lifecycle management, enables efficient oversight and remediation.

Integration with CI/CD

Seamless integration with CI/CD pipelines ensures fast, consistent signing without disrupting the development process.

Threat Detection

Powered by ReversingLabs, our advanced threat detection identifies risks such as malware, software tampering, and the inclusion of secrets in open-source software, proprietary software, containers, and release packages.

Software Bill of Materials

A detailed Software Bill of Materials (SBOM) generated from the final software binary, covering all components within the binary.

Why do you need a Software Bill of Materials (SBOM)?

Modern software consists of code and packages from various sources, including open-source, third-party libraries, and components from both internal and external CI/CD teams. A Software Bill of Materials (SBOM) is a detailed inventory of these components, outlining every piece of code that forms the complete software package. This allows you to track trusted components and efficiently identify and address vulnerabilities or malware.

Learn More

Detailed account management and user access controls.

Set up workflows that provide centralized control over your security policies.

  • Configure and standardize workflow features, user structures, roles and permissions
  • Easy-to-generate dedicated private CA for facilities with site-specific requirements
  • Enterprise-wide certificate landscape with import and export of self-signed, private and public end-entity certificates from any CA
  • Easy-to-audit tracking of signing activity with timestamping for rapid remediation

Key and certificate protection controls.

Protect signing keys from unauthorized access and use with secure storage, access controls, and handling procedures.

  • Integration with on-premises or cloud-delivered HSMs
  • Key access profiles that map to key handling needs: production, test, on-demand, offline, open, restricted
  • Static, dynamic, and roaming usage models
  • Dual-user confirmation options
  • Certificate profile templates and workflows
  • Fine-grained granular key access authorization with multi-factor authentication

Release process controls

Prevent malware from being injected to build servers, with verification that code being signed during the release process matches a baseline build.

Threat Detection

Powered by ReversingLabs, deep analysis of software binaries for threats, software tampering, and other vulnerabilities:

  • Uses the world’s largest private database of known malware signatures
  • Scans any type of software binary
  • Generates a Software Bill of Materials, even for components from third-party open-source and proprietary software

Seamless integration with DevOps workflow

Gain workflow and process security without slowing down agile development objectives:

  • Native integration with DevOps CI/CD tools, such as Jenkins, Azure Pipelines, Gradle and more via PKCS11/KSPs
  • Hash signing to reduce latency while keeping code secure
  • Signing via API, command-line, or console
  • Common interface to multiple signing tools

Flexible deployment that scales

Streamline deployment and new feature rollout with a container-based architecture that future-proofs your investment and enables you to stay abreast of industry compliance requirements:

  • Achieve fast time to value with a container-based architecture that is rapidly deployed and highly scalable
  • Flexibility in deployment models: on-premises, public or private cloud, or hybrid
  • Pair with local datacenters for in-country requirements
  • Dedicated private CA options
Learn More

What is software and code signing?

Code signing is a method to confirm that code or other digital binaries have not been altered. This method leverages the Public Key Infrastructure (PKI) framework to attest to the integrity of the code or binaries. Code signing acts like a digital shrink wrap.

 

The process:

  • Signing creates a “package” with the signed code or file.
  • The signed code is sent.
  • If the “packaging” was not damaged in transit, the recipient knows the file has not been tampered with. It can be trusted.
  • If the “packaging” was damaged then the file has been tampered with and cannot be trusted.
Learn More

Supports diverse use cases & file types

Seamlessly protect and manage everything from published software to deployment environments to firmware, with broad support for file types.

Published Software

IT Applications

Firmware

Containers

Software Images

Mobile Apps

Copyright © 2024. Digicert Malaysia