AppViewX SIGN+ Released
November 15, 2023

AppViewX launched AppViewX SIGN+, a flexible and secure code signing solution that enables DevOps teams to quickly and easily secure their software supply chain.

With multiple deployment options, including code signing as a service, AppViewX SIGN+ seamlessly integrates into DevOps processes to enable frictionless code signing to validate the integrity of software applications and their components.

“The recent CA/Browser (CA/B) Forum requirements for code signing certificates and keys to be stored on secure hardware is in direct response to increasing threats targeting weak code signing processes and critical software supply chain vulnerabilities,” said Ravishankar Chamarajnagar, Chief Product Officer at AppViewX. “Code-signing certificates and keys have become high-value targets for attackers, as evidenced in the SolarWinds compromise. With AppViewX SIGN+, we are offering a fully compliant code signing solution that allows developers to easily sign code, maintain speed and agility, and prove the integrity, validity, and security of code throughout the software development lifecycle.”

Using a centralized and integrated approach, AppViewX SIGN+ simplifies and secures code signing for source code, binaries, containers, and firmware. AppViewX SIGN+ integrates with native signing tools, CI/CD pipelines and workflows to ensure all code is signed before deployment, and meets security and compliance requirements. It also provides full visibility and policy-driven control over private key storage, code-signing certificate management, and access.

AppViewX SIGN+ provides the following capabilities and benefits:

Secure and Protected Code Signing

-Supports private and public code signing certificates for both internal and external use cases
- CA/B Forum compliant private key protection – FIPS 140-2 (and higher) certified HSMs
- Timestamping to support long term validation of signatures
- Supports all standard asymmetric cryptographic algorithms, RSA, ECDSA, and DSA, and is Post-Quantum Cryptography ready

Seamless and Flexible Deployment and Integrations

- Deployment options include on-premises and SaaS offerings for enterprise DevOps teams and outsourced development operations
- Integration with native signing tools and CI/CD pipelines to integrate code signing in build processes
- Option to upload and sign code in the AppViewX SIGN+ console

Code Signing Policy and Access Control

- Centralized control of code signing certificates and private keys
- Role based access control and policy controlled signing to ensure user permissions and authorization and key protection
- Visibility into signing events including usage, signing and audit trails

With flexible deployment and integration options, AppViewX SIGN+ is available now and is part of the AppViewX Digital Trust Platform that includes AppViewX CERT+, AppViewX PKI+, and AppViewX KUBE+ for automating PKI and certificate lifecycle management across complex hybrid multi-cloud environments.

Share this

Industry News

December 06, 2023

ngrok unveiled its JavaScript and Python SDKs, enabling developers to programmatically serve their applications and manage traffic by embedding ingress with a single line of code.

December 06, 2023

Data Theorem introduced API Attack Path Visualization capabilities for the protection of APIs and the software supply chain.

December 05, 2023

Security Journey announced support for WCAG, SCIM and continued compliance with SOC2 Type 2, which are leading industry standards.

December 05, 2023

Vercel announced a new suite of features for its Developer Experience (DX) Platform, made for enterprise teams with large codebases.

December 04, 2023

Atlassian Corporation has completed the acquisition of Loom, a video messaging platform that helps users communicate through instantly shareable videos.

December 04, 2023

Orca Security announced that the Orca Cloud Security Platform has achieved the Amazon Web Services (AWS) Built-in Competency.

November 30, 2023

Parasoft, a global leader in automated software testing solutions, today announced complete support for MISRA C++ 2023 with the upcoming release of Parasoft C/C++test 2023.2.

November 30, 2023 achieved the Amazon Elastic Kubernetes Service (Amazon EKS) Ready designation from Amazon Web Services (AWS).

November 29, 2023

CircleCI implemented a gen2 GPU resource class, leveraging Amazon Elastic Compute Cloud (Amazon EC2) G5 instances, offering the latest generation of NVIDIA GPUs and new images tailored for artificial intelligence/machine learning (AI/ML) workflows.

November 29, 2023

XM Cyber announced new capabilities that provide complete and continuous visibility into risks and vulnerabilities in Kubernetes environments.

November 29, 2023

PerfectScale has achieved the Amazon Elastic Kubernetes Service (Amazon EKS) Ready designation from Amazon Web Services (AWS).

November 28, 2023

BMC announced two new product innovations, BMC AMI DevX Code Insights and BMC AMI zAdviser Enterprise.

November 28, 2023

Rafay Systems announced the availability of the Rafay Cloud Automation Platform — the evolution of its Kubernetes Operations Platform — to enable platform teams to deliver automation and self-service capabilities to developers, data scientists and other cloud users.

November 28, 2023

Bitrise is integrating with Amazon Web Services (AWS) to provide compliance-conscious companies with greater access to CI/CD capabilities for mobile app development.

November 28, 2023

Armory announced a new unified declarative deployment capability for AWS Lambda.