Skip to main content

Secure Software Manager

Enhancements

August 25, 2021

  • Advanced release window functionality

    • We introduced additional controls for release windows. These new controls adhere to the principle of reproduceable builds by comparing code between releases. This provides customers with the ability to prevent malware from being injected during the build process, helping customers prevent SolarWinds-like events.

    • Account admins can compare several previously completed releases to confirm that the build process was consistently reproduced by a quorum of users. Then, they can create a baseline from matching releases. This baseline acts as a control to ensure that applications requested for signing during the production release are an exact match to the applications signed in the baseline chosen by the admin. If any applications differ from those in the baseline, the release window is immediately closed and further signing is blocked. This allows users to investigate the root cause.

    • These new capabilities work in conjunction with test, online, and offline production key release workflows, complementing the controls in place based on key access and availability.

  • SMCTL

    • SMCTL sign functionality supports digest and signature algorithm mapping in a consistent way, translating and sanitizing these commands so the signing tools receive digest and signature variable inputs in the expected format per tool.

    • SMCTL sign now includes support for:

      • *.xlsm and *.cat, which you can sign using MSFT Signtool

      • *.war, *.ear, which you can sign using JAVA Jarsigner

    • We extended support for the new release workflows to the SMCTL. Users can compare releases, view release comparisons, and create releases with baselines all via the CLI.

    Other enhancements

  • Account admins can restrict the production key storage types specific to their account.

  • Users can filter signature logs based on release name or release version from the signature logs list page.