SignPath

The preferred code signing solution

Empowers development teams
and fulfills InfoSec standards

Code Signing as a service

SignPath provides your organization with a simple and secure code signing process. Development teams can define workflows that integrate well with their existing software development lifecycle. Responsibilities, tasks, alerts and inventories of your private keys and certificates are well documented and transparent for the InfoSec teams.

Security matters

Code Signing is a cornerstone of anti-malware protection. Operating systems, app stores, add-ins, systems and management software rely on the validity of signatures and certificates. That’s why code signing keys and processes are under constant attack. SignPath turns code signing into a controlled and repeatable process that aligns the needs of both development teams and InfoSec experts. SignPath fulfills the recommendations of the CA Security Council.

Certificate management

Don't hassle with USB tokens or HSM setups

In SignPath all your organization's code signing certificates are centrally managed. The InfoSec teams have full control over what code is signed and which certificate was used. They can view the entire history in case of an incident and define clear policies to restrict how each certificate may be used. SignPath allows you to import your own certificates or create a certificate signing request (CSR) for your certificate authority (CA). You are also notified on time before your certificate expires.

Policy enforcement

Take control over your code signing process

SignPath enables development teams to stay agile by allowing them to automate the code signing process as long as they stay within the boundaries of their organization's policies. Administrators can define which kind of software may be signed, who is allowed to submit a signing request and how many approvers must authorize it before it is signed. Additionally, SignPath offers origin verification, which ensures that a software artifact was built from a specific commit in your source code repository.

Deep signing of nested files

Sign executables and libraries within your installers and packages

Signing the installer or library package alone means that the software installed on your customer's systems is not digitally secured any more once the shipped installer has been unpacked and disposed. In order to continously ensure the authenticity and integrity of your software components, SignPath signs all files within the installation package and then automatically repackages the installer and signs the entire package.

Build integration

Automate your code signing process

Software development processes are increasingly automated to cope with the demand for more agility and frequent releases. SignPath allows code signing to be part of the build pipeline by providing a modern API, third party integrations and tools for seamless CI integration.

Malware scanning of artifacts

Know that there's another layer of security

All artifacts you upload to SignPath are checked for malware. Even if your build server is infected, SignPath adds an additional barrier to prevent shipping viruses to your users and customers.

Secure storage of private keys

Rest assured that your private keys can never be compromised

SignPath provides a FIPS-certified Hardware Security Module (HSM) to generate and store the private keys for your certificates. The HSM is located in a physically secured data center. Every signing operation takes place on the HSM ensuring that the private key is never exposed. The key infrastructure of SignPath fulfills all requirements for Extended Validation (EV) certificates without having to deal with USB tokens or spending money on dedicated hardware.

Sign up for news and special offers