Release preferences
Releases offers key security by confining their use to specific approved timeframes, sometimes referred to as "release windows." Within these defined timeframes, you have comprehensive control over keypairs, authorized users that can sign, and the maximum allowable signatures.
Sign in to DigiCert ONE.
Select the Manager menu (top right) > Software Trust.
Navigate to: Account > Account settings.
Scroll down to Releases.
Select the edit icon.
You can edit the following account settings related to releases:
Field
Description
Comparison matches required
Comparing releases allows you to confirm that multiple releases have matching code and ensure that no bad actors or software has injected malicious code into your releases. Enter a value between 2 and 6 to set the required amount of matches required when completing a release comparison.
Enable keypair types for releases
Select or deselect the following types of keypairs that user's are allowed to assign to a release:
Online
Online keypairs can be used to sign at any time.
Offline
Offline keypairs can only be used to sign during a release window.
Test
Test keypairs can only be used for test signing.
Release purpose
Select how you would like to use your release workflow:
Sign
Only use the release window to sign.
Detect threats
Only use the release window to perform threat detection scans.
Detect threats then sign
Use the release window to perform threat detection scans and then choose to sign based on the scan status.
Block signing if the CI/CD status fails
If the release purpose includes threat detection, select if you want to prevent signing if the threat detection scan status fails:
Yes
Do not allow signing if the threat detection scan fails.
No
Prevent signing if the threat detection scan fails.
Specify during release
Enable the option to select if you want the scan to pass or fail while creating a release.
Restrict threat detection scans to releases
Threat detection scans tied to a release triggers the approval process, whereas scans completed outside of a release do not require approval.
Yes
Only allow threat detection scans during a release.
No
Threat detection scans can be completed inside or outside of a release window.
Select Update settings.