Fortanix and Sectigo have announced a partnership that looks to improve software supply chain security through automated code-signing certificate issuance, according to SiliconAngle.
The collaboration offers enterprises a scalable solution that integrates automated public key infrastructure and certificate management to secure continuous integration and continuous delivery pipelines without slowing developer workflows. Code signing, which verifies the origin and integrity of software during development, often disrupts workflows due to its complexity. By automating this process, Fortanix and Sectigo seek to ensure that security measures do not hinder development speed. Through this partnership, organizations can manage code-signing certificates more efficiently, ensuring that private keys are securely generated and stored in hardware security modules to meet compliance standards. The integration with Sectigo’s Certificate Manager now also allows Fortanix to provide key provenance attestations with certificate signing requests, meeting the latest standards set by the Certificate Authority/Browser Forum. This collaboration empowers development teams to prioritize innovation while maintaining robust security in their CI/CD pipelines.
