DigiCert® Software Trust Manager
Secure Against Software Supply Chain Attacks
As software supply chain (SSC) attacks increase, organisations need robust defences to maintain software integrity. DigiCert® Software Trust Manager provides a comprehensive solution for securing your software development lifecycle. With role-based access for code-signing keys and advanced binary analysis for malware detection, DigiCert® ensures only trusted code reaches your customers.
Key Benefits
Enterprise-Grade Code Signing
Secure key storage and access management for advanced code signing.
Real-Time Threat Detection
Scans software binaries for malware and vuknerabilities.
Software Bill of Materials (SBOM)
A full inventory of software components for complete transparency.
Automation for CI/CD Pipelines
Integrates security seamlessly into your development workflow.
Automate Software Security Management
DigiCert® Software Trust Manager strengthens software security with automated workflows for code signing and threat detection. It offers end-to-end protection throughout the release process, keeping your DevOps teams efficient without compromising on security.
Key Capabilities:
- Secure Key Storage: Signing keys are protected in HSMs (on-premises or cloud) with strict access controls.
- Seamless CI/CD Integration: Compatible with Jenkins, Azure Pipelines, and other CI/CD tools for efficient workflows.
- Policy-Driven Access Management: Enforces compliance through automated workflows and granular roles.
- Advanced Threat Detection with ReversingLabs: Detects malware, tampering, and vulnerabilities in both open-source and proprietary software.
- Centralised Management: Audit all certificate lifecycles and signing activities in one place for easy tracking.
- Comprehensive SBOM Creation: Lists all software components, enabling faster vulnerability tracking and management.
Why an SBOM Matters
Modern software relies on components from multiple sources. A Software Bill of Materials (SBOM) provides a detailed inventory of these components, helping organisations manage trust, track origins, and address vulnerabilities effectively.
With DigiCert® Software Trust Manager, tracking and mitigating threats becomes seamless, enhancing transparency and control.
Seamless DevOps Integration
Designed for agile development, DigiCert® Software Trust Manager integrates with leading CI/CD tools like Jenkins and Azure Pipelines. It enables secure signing options—via API, command-line, or console—and supports diverse file types for versatile protection.
Flexible Deployment Options
With a container-based architecture, DigiCert® Software Trust Manager offers flexibility in deployment. Choose on-premises, public/private cloud, or hybrid setups to meet compliance requirements and scale as needed.
What is Software and Code Signing?
Code signing, powered by Public Key Infrastructure (PKI), ensures software integrity by verifying that code remains unaltered. Acting as a digital seal, it assures users of authenticity and security.
Why Code Signing Matters
Minimise tampering risks and alert recipients to unauthorised changes. Code signing is a critical step in software trust management.
