Binary signing using GitHub Actions
Also known as Code signing with DigiCert Software Trust Manager, DigiCert Binary Signing is a GitHub Actions that enables teams to integrate code signing into their CI/CD workflows for multiple platforms using Software Trust.
This action automates the setup and invocation of the signing tool, manages certificates and key pairs, and enforces security best practices, such as multi-factor authentication and audit logging.
The action is especially valuable for organizations that need to ensure the integrity and authenticity of binaries, comply with signing-related security policies, and streamline high-volume release workflows.
Among other time-saving features, the action supports simple signing and bulk signing:
Simple signing allows you to sign without third-party signing tools (SignTool, Jarsigner, etc.) or intermediate libraries (smksp, smpkcs11, etc.).
Bulk signing allows you to sign multiple files in a single batch operation, reducing network round trips and improving throughput for large-scale signing.
To learn more about simple signing and bulk signing, see Sign binary commands.
To view the GitHub Marketplace entry and learn how to get started, see Code signing with DigiCert Software Trust Manager.