Skip to main content

Threat detection

DigiCert​​®​​ Software Trust Manager's Threat detection secures your software supply chain and scans your software for vulnerabilities via Signing Manger Controller (SMCTL) using role-based access control (RBAC). All scan results are shared to your Software Trust Manager cloud account and includes controls and analytics to help you use Software Trust Manager to secure your software supply chain.


Threat detection integrates with the following industry leading services:


    FOSSA is a Software Composition Analysis (SCA) tool that you can use to scan open source components in your development workflow to help your team automatically track, manage, and remediate licensing issues and vulnerabilities before releasing your software.

  • ReversingLabs

    ReversingLabs is a static binary analysis tool that you can use to scan all components found in your software prior to release, to identify malware, vulnerabilities, secrets, and more in your developers' code and any third-party components integrated into your software.

작은 정보

For more information about how to integrate with these services, refer to Connectors.

Scan with Threat detection

Use Signing Manager Controller (SMCTL) to scan with:

Review scan results

Sign into Software Trust Manager to review your Threat detection scan results:

작은 정보

Your Threat detection scan status will only fail if one or more critical vulnerabilities are detected. DigiCert highly recommends that you resolve critical vulnerabilities before releasing your software for consumption.

Non-critical vulnerabilities detected in your Threat detection scan will result in a pass status. DigiCert recommends that you additionally review these non-critical vulnerabilities to assess the risk based on your organization's policies.

Rescan your software

Once you have analyzed resolved the critical deployment risks and vulnerabilities identified in your scan, rescan your software to confirm that these issues have been resolved.