Threat detection
DigiCert® Software Trust Manager's Threat detection secures your software supply chain and scans your software for vulnerabilities via Signing Manger Controller (SMCTL) using role-based access control (RBAC). All scan results are shared to your Software Trust Manager cloud account and includes controls and analytics to help you use Software Trust Manager to secure your software supply chain.
Integrations
Threat detection integrates with the following industry leading services:
FOSSA
FOSSA is a Software Composition Analysis (SCA) tool that you can use to scan open source components in your development workflow to help your team automatically track, manage, and remediate licensing issues and vulnerabilities before releasing your software.
ReversingLabs
ReversingLabs is a static binary analysis tool that you can use to scan all components found in your software prior to release, to identify malware, vulnerabilities, secrets, and more in your developers' code and any third-party components integrated into your software.
Suggerimento
For more information about how to integrate with these services, refer to Connectors.
Scan with Threat detection
Use Signing Manager Controller (SMCTL) to scan with:
Review scan results
Sign into Software Trust Manager to review your Threat detection scan results:
Suggerimento
Your Threat detection scan status will only fail
if one or more critical vulnerabilities are detected. DigiCert highly recommends that you resolve critical vulnerabilities before releasing your software for consumption.
Non-critical vulnerabilities detected in your Threat detection scan will result in a pass
status. DigiCert recommends that you additionally review these non-critical vulnerabilities to assess the risk based on your organization's policies.
Rescan your software
Once you have analyzed resolved the critical deployment risks and vulnerabilities identified in your scan, rescan your software to confirm that these issues have been resolved.