Scan your software with ReversingLabs

Use DigiCert® Software Trust Manager Threat detection powered by ReversingLabs to scan your software for malware, vulnerabilities, secrets, and more before releasing your software to the public.

注記

Review supported file types for threat detection scanning with ReversingLabs.

Prerequisites

Signing Manager Controller (SMCTL) (version 1.37.0 or higher)
Secure your credentials
ReversingLabs scanning tool (rl-deploy)
rl-deploy is compatible with:
- Windows (all Microsoft-supported versions), 64-bit
- Linux x86 (all major distributions), 64-bit
Add data.reversinglabs.com and api.reversinglabs.com to your approved list to prevent your firewall or proxy from blocking calls to ReversingLabs' cloud.

Download ReversingLabs scanning tool

ReversingLabs scanning tool (rl-deploy) is included in Software Trust Manager client tools.

To download rl-deploy:

Sign in to DigiCert ONE.
Navigate to: Manager menu (top right) > Software Trust.
Select Resources > Client tool repository.
Download the following based on your operating system:
Windows Clients Installer
Linux Clients

Install ReversingLabs scanning tool

To install rl-deploy, run the following command in SMCTL:

smctl scan rl-install <new folder path to install>

Command samples

If you have administrator privileges, run this command in Administrator Command Prompt:

smctl scan rl-install "C:\Program Files\DigiCert\DigiCert One Signing Manager Tools\rl"

If you do not want to give rl-deploy administrator privileges, specify an installation location that does not require administrative privileges, such as:

smctl scan rl-install "C:\rl"

Command output

Downloading
[==================================================] 100% [00m:07s]
187090012/187090012 bytes

Unpacking package ...
finished!

ヒント

Refer to errors and solutions if you encounter an error.

Create a project

Create a project to store all your related software scans, such as different versions of the same software. The software project will be referred to by a descriptive name and an alias to allow for easy reference.

You can create a project in Software Trust Manager or SMCTL:

例 1. Software Trust Manager

To create a project:

Sign in to DigiCert ONE.
Navigate to the Manager menu (top right) > Software Trust.
In the left navigation bar, select Account > Projects.
Click Create a project.

Complete the following fields:

Field	Description
Project name	Enter a unique name to identify the project.
Project alias	Enter a shortened version of the project name above. ヒント Project aliases are limited to 150 alphanumeric characters. Underscores and hyphens are also allowed.
Repository URL (optional)	Provide a link to relevant source code or binaries related to this project.
Documentation URL (optional)	Provide a link to documentation related to your repository.
Team	Select the team that works on this project.

Select Add.

例 2. SMCTL

To create a project, use the command:

smctl scan project create <project name> <project alias>

Command sample:

smctl scan project create project1 p1

Scan with ReversingLabs

To scan software with ReversingLabs, use the command:

smctl scan rl-scan --input <file to scan> --project <project alias> --scan-alias <scan alias> --version <version>

Command sample:

smctl scan rl-scan --input C:\Users\John.Doe\Documents\Software\MVP.so --project p1 --scan-alias MVPscan1 --version 1.0.0

ヒント

Refer to errors and solutions if you encounter an error.

View scan results

To view your software scan results:

Sign in to DigiCert ONE.
Navigate to Manager menu icon (top right).
Select Software Trust.
Navigate to Threat detection.
Click on the scan alias.
Assess your threat detection results.

このセクションの内容: