DigiCert Software Trust Manager is a code signing and software supply chain security platform built on the DigiCert ONE platform. It provides centralized governance over the software release process by combining key and certificate management, threat scanning, policy enforcement, and CI/CD integration. Key capabilities include: - Secure key storage in a FIPS/CC-compliant cloud-based HSM, supporting multiple simultaneous signers per keypair - Role-based access control (RBAC) with team-based signing permissions and multi-level approval workflows - Integrated threat scanning to detect malware, CVEs, exposed secrets, and misconfigurations in projects, open source libraries, third-party libraries, AI models, containers, and binaries — prior to signing - Generation and signing of Software Bills of Materials (SBOMs) - Automated certificate and key lifecycle management including expiry, rotation, and renewal - Policy-driven signing controls that enforce guardrails (e.g., requiring threat scan passage before signing) - Support for Post-Quantum Cryptography (PQC) with NIST-approved quantum signing algorithms - Auditable signature and activity logs for compliance demonstration - CI/CD pipeline integration for automating scan and sign workflows within DevOps build and release processes It is positioned as an expanded alternative to DigiCert KeyLocker, adding governance, scanning, and automation on top of secure key storage. The product targets enterprise software development teams managing complex signing operations across distributed teams.