Automatic checks for signed software.
code‑signing‑check.net verifies the integrity of builds and releases with policy‑driven validation, so your teams can ship software that’s verifiably trustworthy.
Capabilities
Validation you can trust, formatted for auditors and easy for engineers.
Chain & Trust Store
Verify issuer chains, revocation status, and pinning against curated trust stores. Optional private anchors for enterprise PKI.
Timestamp & Notarization
Check RFC‑compliant timestamps, countersignatures, and platform notarization signals where available.
Policy Checks
Enforce naming, EKU, and validity windows. Export machine‑readable results for CI/CD gating.
Platforms
Consistent verification across artifact types and operating systems.
| Target | Artifacts | Notes |
|---|---|---|
| Windows | EXE, DLL, MSI | Authenticode, catalog files, timestamp validation |
| macOS | App, DMG, pkg | Code sign scope, hardened runtime, notarization status |
| Linux | ELF, packages | Detached signatures, distro trust policies |
| Mobile | APK, AAB, IPA | Store-ready checks and provisioning basics |
Compliance
Reports are structured for internal reviews and external audits.
Assurance Reports
Human‑readable summaries map findings to policy requirements and include artifacts for evidence.
Machine Output
JSON and SARIF exports integrate with ticketing and CI/CD. Fail builds automatically when policies are unmet.
Contact
Tell us about your release process and the platforms you target. We’ll share a short checklist and a sandbox token.