11
Key Facts
- Artifact-based, not hash-based: DeepSign signs complete artifacts – not just hash values – and validates structure, content, and metadata before any signature is applied.
- Automated deep inspection: Every artifact is scanned for malware, integrity, and policy compliance – including embedded components and nested packages.
- Re-signing without rebuild: Previously signed artifacts can be re-signed later – for example, when certificates change, algorithms are updated, or after successful testing.
Categories
Application security Compliance / GRC (products and services) Electronic signatures Public key infrastructure
Product information
DeepSignArtifact-based signing with deep inspection and zero blind spots
DeepSign is the advanced signing mechanism of the DevSec360 platform. Unlike traditional code signing solutions, which typically transmit only a hash digest of the file to the signing service, DeepSign is fully artifact-based: the complete file is submitted to the platform for signing. This gives DevSec360 full visibility into the artifact and enables comprehensive validation before any signature is applied.
Scanning & Verification of Incoming Artifacts: Every file is scanned using up-to-date antivirus engines to detect malware. In addition, the platform validates file structure and metadata against project-specific profiles. For example, checking whether the declared publisher matches the ex ...