Secure Software Manager Hero
DigiCert® Software Trust Manager

Software Supply
Chain Security

Protect your entire software supply chain with
automated tools for scanning and signing code,
and generating Software Bills of Materials
(SBOM). That’s digital trust for the real world.

TALK TO AN EXPERT
Why Scan & Sign?
Features
Use Cases
Resources
Learn More

Secure against software supply chain attacks

Software supply chain attacks (SSC) are on the rise. If your customers depend on the integrity of your software, then you can depend on DigiCert to secure your software supply chain. We provide secure software management for storage of your code signing keys with role-based access that minimizes the chance of an attacker accessing private keys. Leverage a policy-driven approach to releasing software: run a deep analysis of your software binaries looking for malware and vulnerabilities, and then securely code sign the application only if your policies have been met. We deliver:

  • Enterprise-hardened secure code signing
  • Threat detection scanning on software binaries
  • Software Bill of Materials (SBOM)
  • Automation for CI/CD pipelines
Secure against software supply chain attacks - DigiCert® Software Trust Manager

Automate software security management

DigiCert® Software Trust Manager improves software security with code-signing and threat detection workflow automation. Our software management tools identify and reduce points of vulnerability with end-to-end company-wide security and control in the release process—all without slowing down your DevOps pipelines.

Key capabilities include:

Secure Signing Keys - DigiCert® Software Trust Manager

Secure Keys

Signing keys are safely secured in on-premises or cloud HSMs, protected from theft or insecure key practices, with fine-grained access and usage control options.

Policy Enforcement with automation - DigiCert® Software Trust Manager

Policy Enforcement

Granular roles and permissions with automated workflows ensure compliance with security policy. 

Centralized certificate lifecycle management - DigiCert® Software Trust Manager

Centralized Management 

Audit trail of who signed what, when, with full certificate lifecycle handling, facilitates management and remediation.

Integration with CI/CD pipelines - DigiCert® Software Trust Manager

Integration with CI/CD

Integration with CI/CD pipelines ensures efficient and consistent signing without slowing down development.  

Threat Detection with ReversingLabs - DigiCert® Software Trust Manager

Threat Detection

Powered by ReversingLabs, advanced detection of threats such as malware, software tampering, and inclusion of secrets in open-source software, proprietary software, containers, and release packages.

Software Bill of Materials (SBOM) - DigiCert Software Trust Manager

Software Bill of Materials

Comprehensive Software Bill of Materials generated from the final software binary for all components within the binary.

Why do you need a Software Bill of Materials (SBOM)?

Today’s software is a compilation of code and packages from multiple sources, many of which are not built in-house. These include open source, third party, and various libraries, along with multiple components from internal and external CI/CD teams. A Software Bill of Materials is a list of components attached to the software as a nested inventory. It lists every piece of code that makes up the full software package, so you can know what to trust and more easily trace and eliminate vulnerabilities or malware.

Software Supply Chains

Detect and mitigate threats

Software scanning and Software Bills of Materials allow you to track components and detect threats, so mitigation and remediation are much easier.

See SBOM in the software supply chain.

UP NEXT
<   1  /  1  >

Enterprise-grade features

DigiCert Software Trust Manager delivers the flexibility and control that enterprises require.

Granular account management and user access controls

Configure workflows that give you centralized control over your security policies:

  • Configure and standardize workflow features, user structures, roles and permissions
  • Easy-to-generate dedicated private CA for facilities with site-specific requirements
  • Enterprise-wide certificate landscape with import and export of self-signed, private and public end-entity certificates from any CA
  • Easy-to-audit tracking of signing activity with timestamping for rapid remediation

 

Key and certificate security controls

Prevent unauthorized access and use of signing keys with secure key storage, access, and handling:

  • Integration with on-premises or cloud-delivered HSMs
  • Key access profiles that map to key handling needs: production, test, on-demand, offline, open, restricted
  • Static, dynamic, and roaming usage models
  • Dual-user confirmation options
  • Certificate profile templates and workflows
  • Fine-grained granular key access authorization with multi-factor authentication  

Release process controls

Prevent malware from being injected to build servers, with verification that code being signed during the release process matches a baseline build.

STM Icon Threat

Threat Detection

Powered by ReversingLabs, deep analysis of software binaries for threats, software tampering, and other vulnerabilities:

  • Uses the world’s largest private database of known malware signatures
  • Scans any type of software binary
  • Generates a Software Bill of Materials, even for components from third-party open-source and proprietary software

Seamless integration with DevOps workflow

Gain workflow and process security without slowing down agile development objectives:

  • Native integration with DevOps CI/CD tools, such as Jenkins, Azure Pipelines, Gradle and more via PKCS11/KSPs
  • Hash signing to reduce latency while keeping code secure
  • Signing via API, command-line, or console
  • Common interface to multiple signing tools

Supports diverse use cases & file types

Seamlessly protect and manage everything from published software to deployment environments to firmware, with broad support for file types.

Secure Published Software with DigiCert® Software Trust Manager
Published Software
Secure IT Applications with DigiCert® Software Trust Manager
IT Applications
Secure Firmware with DigiCert® Software Trust Manager
Firmware
Secure Containers Logistics with DigiCert® Software Trust Manager
Containers
Secure Software Images with DigiCert® Software Trust Manager
Software Images
Secure Mobile Apps with DigiCert® Software Trust Manager
Mobile Apps

Authenticode  |  Android  |  Apple | ClickOnce | Debian | Docker 

 GPG  | JAVA  |  Nuget  | OpenSSL | RPM  |  XML

Flexible deployment that scales

Streamline deployment and new feature rollout with a container-based architecture that future-proofs your investment and enables you to stay abreast of industry compliance requirements:

  • Achieve fast time to value with a container-based architecture that is rapidly deployed and highly scalable
  • Flexibility in deployment models: on-premises, public or private cloud, or hybrid
  • Pair with local datacenters for in-country requirements
  • Dedicated private CA options

Hear from our customers

“We have 6,000-plus developers on six continents. Trying to secure all the keys that they need (for code signing) would be a nightmare. With Software Trust Manager, the keys remain in the cloud, and access is provided to sign with them, but not to get the actual keys themselves. That is a huge win for us.”

David Nalley, Vice President, Infrastructure, The Apache Software Foundation
Read More

What is software and code signing?

Code signing is a method to confirm that code or other digital binaries have not been altered. This method leverages the Public Key Infrastructure (PKI) framework to attest to the integrity of the code or binaries. Code signing acts like a digital shrink wrap.

The process:

  • Signing creates a “package” with the signed code or file.
  • The signed code is sent.
  • If the “packaging” was not damaged in transit, the recipient knows the file has not been tampered with. It can be trusted.
  • If the “packaging” was damaged then the file has been tampered with and cannot be trusted.

Why is code signing important?

Code signing minimizes the risks of code tampering. With signed code, the recipient gets a security warning when the integrity check fails during download. This helps recipients to avoid downloading tampered code which may contain malware. Code signing is an important part of software trust management.

A foundation for digital trust

DigiCert® ONE is more than just a platform. It’s a new way of thinking about how you secure and manage everything of value in your organization. From the individual website to the massive enterprise, DigiCert ONE makes security, validation, and identity powerful and easy. No matter the size or use, DigiCert ONE delivers control and simplicity for the highest level of assurance.

Take a look at our other DigiCert ONE managers

DIGICERT CERTCENTRAL® TLS MANAGER
DIGICERT® DEVICE TRUST MANAGER
DIGICERT® TRUST LIFECYCLE MANAGER
DIGICERT® DOCUMENT TRUST MANAGER
DIGICERT® DNS TRUST MANAGER
Already using DigiCert ONE? Log in now.

 Related resources

DigiCert Software Trust Manager Datasheet
DATASHEET

Protect software integrity across the software supply chain

DOWNLOAD
DeNA Case Study Thumbnail
CASE STUDY

Automated Signing Speeds Build Times While Improving the User Experience

DOWNLOAD
DATASHEET

Ensuring software integrity with comprehensive threat
detection analysis

DOWNLOAD

Talk to an expert to learn how DigiCert solutions
can help you deliver digital trust

By supplying my personal information and clicking submit, I agree to receive communications about DigiCert products and services, and I agree to DigiCert and its affiliates processing my data in accordance with DigiCert's Privacy Policy.
Submit

  • DigiCert Logo

    The most-trusted global provider of high-assurance TLS/SSL, PKI, IoT and signing solutions.