Skip to main content

Release preferences

Releases offers key security by confining their use to specific approved timeframes, sometimes referred to as "release windows." Within these defined timeframes, you have comprehensive control over keypairs, authorized users that can sign, and the maximum allowable signatures.

  1. Sign in to DigiCert ONE.

  2. Select the Manager menu (top right) > Software Trust.

  3. Navigate to: Account > Account settings.

  4. Scroll down to Releases.

  5. Select the edit icon.

  6. You can edit the following account settings related to releases:

    Field

    Description

    Comparison matches required

    Comparing releases allows you to confirm that multiple releases have matching code and ensure that no bad actors or software has injected malicious code into your releases. Enter a value between 2 and 6 to set the required amount of matches required when completing a release comparison.

    Enable keypair types for releases

    Select or deselect the following types of keypairs that user's are allowed to assign to a release:

    • Online

      Online keypairs can be used to sign at any time.

    • Offline

      Offline keypairs can only be used to sign during a release window.

    • Test

      Test keypairs can only be used for test signing.

    Release purpose

    Select how you would like to use your release workflow:

    • Sign

      Only use the release window to sign.

    • Detect threats

      Only use the release window to perform threat detection scans.

    • Detect threats then sign

      Use the release window to perform threat detection scans and then choose to sign based on the scan status.

    Block signing if the CI/CD status fails

    If the release purpose includes threat detection, select if you want to prevent signing if the threat detection scan status fails:

    • Yes

      Do not allow signing if the threat detection scan fails.

    • No

      Prevent signing if the threat detection scan fails.

    • Specify during release

      Enable the option to select if you want the scan to pass or fail while creating a release.

    Restrict threat detection scans to releases

    Threat detection scans tied to a release triggers the approval process, whereas scans completed outside of a release do not require approval.

    • Yes

      Only allow threat detection scans during a release.

    • No

      Threat detection scans can be completed inside or outside of a release window.

  7. Select Update settings.