Software binary analysis (SBA) features
DigiCert® Software Trust Manager Threat detection, powered by ReversingLabs, is a static binary analysis tool.
Use Threat detection to scan your software for malware, vulnerabilities, secrets, and more before releasing your software for consumption.
Features
You will have access to the following software scanning features with ReversingLabs.
Feature | Description |
---|---|
Code Signing SLA Validation | 30 auditable checks. |
Software Tampering Protection | Verify all artifacts in the package using 30 auditable checks. |
Internal Certificate Usage Control | Identify internal and third-party digital certificates used in the package to prevent unintentional leakage of sensitive information. |
Malware Verification | Verify all embedded files. |
Vulnerability Scan | Scan all embedded files for active exploitation filtering, and shadow vulnerabilities. |
Secrets and IP Leakage Protection | Identify secrets and identifiable information that are unencrypted in your source code. |
Insider Threat Differential Analysis | Detect malicious implants in your supply chain based on software package behavior differential reports. |
Software Posture Assessment | Identify the security risk scores for each area of your software package. |
Security Assurance Report | Assess the vulnerability mitigations anywhere in the software package. |
Software License Identification | Scan your software package for known software licenses. |
Complete SBOM reports | Software Bill of Materials (SBOM) reports provides a CycloneDX format list of all components of a software product that is automatically generated after you scan your software. Scan 1st, 2nd, and 3rd party open source software. |
SARIF Report | Static Analysis Results Interchange Format (SARIF) is a JSON-based format for exchanging static analysis results from static analysis tools that is automatically generated after you scan your software. |
Full Risk Report for Audit Tracking | A full risk report in HTML format is automatically generated after you scan your software. |
Network Activity Analysis | Profile all embedded network callback resources in your software package. |