Building a secure CI/CD pipeline is not complete without the ability of the pipeline to conduct code signing of software builds. That’s what we and Venafi together believed. At that time the development initiative was born to further fullfil our believes.
In 2019 we started with a Jenkins open source integration. Arnold and his Fullstaq colleague Hongli Lai developed the first release of the Venafi CodeSign Protect Plugin that could be used for executing code signing jobs within a pipeline. Using this plugin you can easily build software without worrying about cybercriminals compromising or altering your code. It signs applications, executables, drivers, and other machine runtime artifacts with digital signatures through the Venafi CodeSign Protect platform. Using this you deliver a way for users to verify that the software program has not been tampered.
Using the Venafi CodeSign Protect plugin you can easily integrate Venafi Code Signing into your Jenkins jobs and pipelines without custom scripts and taking advantage of Code signing best practices.