DigiCert Software Trust Manager
Code signing & software supply chain security platform with policy governance.
DigiCert Software Trust Manager
Code signing & software supply chain security platform with policy governance.
Data verified May 2026
ADYour product here. Reach security decision-makers.Launch a campaignDigiCert Software Trust Manager Description
DigiCert Software Trust Manager is a code signing and software supply chain security platform built on the DigiCert ONE platform. It provides centralized governance over the software release process by combining key and certificate management, threat scanning, policy enforcement, and CI/CD integration. Key capabilities include: - Secure key storage in a FIPS/CC-compliant cloud-based HSM, supporting multiple simultaneous signers per keypair - Role-based access control (RBAC) with team-based signing permissions and multi-level approval workflows - Integrated threat scanning to detect malware, CVEs, exposed secrets, and misconfigurations in projects, open source libraries, third-party libraries, AI models, containers, and binaries — prior to signing - Generation and signing of Software Bills of Materials (SBOMs) - Automated certificate and key lifecycle management including expiry, rotation, and renewal - Policy-driven signing controls that enforce guardrails (e.g., requiring threat scan passage before signing) - Support for Post-Quantum Cryptography (PQC) with NIST-approved quantum signing algorithms - Auditable signature and activity logs for compliance demonstration - CI/CD pipeline integration for automating scan and sign workflows within DevOps build and release processes It is positioned as an expanded alternative to DigiCert KeyLocker, adding governance, scanning, and automation on top of secure key storage. The product targets enterprise software development teams managing complex signing operations across distributed teams.
DigiCert Software Trust Manager FAQ
Common questions about DigiCert Software Trust Manager including features, pricing, alternatives, and user reviews.
DigiCert Software Trust Manager is Code signing & software supply chain security platform with policy governance, developed by DigiCert. It is a Application Security solution designed to help security teams with Software Supply Chain, SBOM, CI/CD.
DigiCert Software Trust Manager offers the following core capabilities:
1.Cloud-HSM key storage (FIPS/CC-compliant) with multiple simultaneous signers per keypair
2.Role-based and team-based access control (RBAC) with multi-level approval workflows
3.Integrated threat scanning for malware, CVEs, exposed secrets, and misconfigurations
4.SBOM generation and signing
5.Automated certificate and key lifecycle management (expiry, rotation, renewal)
6.Policy-driven signing controls with configurable signing guardrails
7.Auditable signature and activity logs
8.Post-Quantum Cryptography (PQC) readiness with NIST-approved quantum signing algorithms
9.Adjustable encryption algorithms and automatic re-keying
10.CI/CD pipeline integration and automation for scan and sign workflows
DigiCert Software Trust Manager is deployed as a cloud solution, suited to mid-market, enterprise organizations looking to operationalize application security. The commercial offering is positioned for production security operations with vendor support and SLAs.
DigiCert Software Trust Manager is built for security teams handling Software Supply Chain, SBOM, CI/CD, RBAC. It supports workflows including cloud-hsm key storage (fips/cc-compliant) with multiple simultaneous signers per keypair, role-based and team-based access control (rbac) with multi-level approval workflows, integrated threat scanning for malware, cves, exposed secrets, and misconfigurations. Teams typically adopt DigiCert Software Trust Manager when they need to application security capabilities integrated into their existing stack. Explore similar tools at https://cybersectools.com/alternatives/digicert-software-trust-manager
DigiCert Software Trust Manager is a commercial Application Security solution. For detailed pricing information, visit https://www.digicert.com/software-trust-manager or contact DigiCert directly.
Popular alternatives to DigiCert Software Trust Manager include:
1.Scribe Platform - SBOM management platform with enrichment, validation, and CI/CD security (Commercial)
2.FYEO Third Party Library Scanner - Traces third-party library usage at function level to identify dependency risk. (Commercial)
3.Cloudsmith - Cloud-native artifact mgmt & software supply chain security platform. (Commercial)
4.SOOS SBOM Manager - SBOM creation, management & vulnerability scanning across the dep. tree. (Commercial)
5.Threatrix Autonomous Platform - Autonomous open source supply chain security & license compliance platform. (Commercial)
Compare all DigiCert Software Trust Manager alternatives at https://cybersectools.com/alternatives/digicert-software-trust-manager
DigiCert Software Trust Manager is for security teams and organizations that need Software Supply Chain, SBOM, CI/CD, RBAC, Supply Chain Security. It's particularly suitable for enterprises requiring robust, commercial-grade security capabilities. Other Application Security tools can be found at https://cybersectools.com/categories/application-security
Have more questions? Browse our categories or search for specific tools.
