In just a few steps, you can connect SignServer to GitHub Actions and add a signing step to your GitHub workflows. This ensures your code is securely signed and trusted throughout development. Try it out today and streamline your security process.
GitHub Actions is a CI/CD automation tool integrated directly into GitHub. It allows you to create workflows that automatically run a sequence of jobs triggered by events in your repository, such as a commit, a pull request, or a release.
Code signing is a must-have security practice. While tools like OpenSSL, etc., are general-purpose cryptography tools, SignServer is a purpose-built software for secure, compliant, and scalable signing operations, making it a better choice for organizations looking for robust code signing solutions.
The SignServer integration with GitHub Actions facilitates signing with your chosen SignServer instance and provides a simple integration to add a signing step to your GitHub workflows.
The tutorial covers these steps:
Before you begin, you need the following:
Check out the supplementary documentation that goes hand-in-hand with our tutorial video.
Get your hands on the SignServer Docker container by downloading it now from Docker Hub.
You will find the SignServer Signing action on the GitHub Marketplace.
You can watch the tutorial video on YouTube along with a few other videos here.
You can ask your questions and learn from PKI and signing specialists in the SignServer forum on GitHub Discussions.
EJBCA is a robust, reliable open-source Certificate Authority software that can be tailored to meet your PKI requirements. Whether you're managing an internal PKI or setting up a PKI for your business application or product, EJBCA has the flexibility and scalability to support your needs.
