diff --git a/README.md b/README.md index a8406b998..1560655dc 100644 --- a/README.md +++ b/README.md @@ -9,41 +9,70 @@ [![Discuss](https://img.shields.io/badge/discuss-signserver-ce?style=flat)](https://github.com/Keyfactor/signserver-ce/discussions) [![OpenSSF Best Practices](https://www.bestpractices.dev/projects/727/badge)](https://www.bestpractices.dev/projects/727) -The open-source signing software **SignServer** digitally signs your documents and code while keeping signature keys secure and workflows easy and auditable. Start securely signing documents and code today. +>**Note:** +> +>*We take the security of SignServer and the trust of our users seriously. If you believe you have identified a security vulnerability in SignServer, please report it responsibly by contacting us at security@primekey.com.* +> +>*SignServer Community Edition is not intended for production use. For production signing deployments, use the [Keyfactor SignServer Enterprise Edition](https://www.keyfactor.com/products/signserver-enterprise/) or [Keyfactor Signum](https://www.keyfactor.com/products/signum/).* -SignServer is developed in Java, runs on a JVM such as OpenJDK, and is available on most platforms, such as Linux and Windows. There are two versions of SignServer: -* **[SignServer Community](https://www.signserver.org/)** (SignServer CE) - free and open source, OSI Certified Open Source Software, LGPL-licensed subset of SignServer Enterprise -* **[SignServer Enterprise](https://www.keyfactor.com/products/signserver-enterprise/)** (SignServer EE) - full-featured and commercially supported by Keyfactor +## Welcome to the SignServer Community -OSI Certified is a certification mark of the Open Source Initiative. +SignServer is a signing solution for digitally signing code, documents, and artifacts while keeping signing keys secure and signing workflows auditable. It is platform-independent and supports centralized, policy-driven signing operations. + +SignServer is developed in Java and runs on a JVM such as OpenJDK, available on most platforms, such as Linux and Windows. + +There are two versions of SignServer: + +* **[SignServer Community](https://www.signserver.org/)** (SignServer CE) + +SignServer Community Edition is an LGPL-licensed open-source subset of SignServer Enterprise, certified by the Open Source Initiative, and designed for learning, testing, and prototyping signing workflows for code, documents, and artifacts. + +SignServer CE is not intended for production use, as production signing environments typically require security certifications, advanced key protection, auditability, SLAs, support, and operational assurances available in SignServer Enterprise. + +* **[SignServer Enterprise](https://www.keyfactor.com/products/signserver-enterprise/)** (SignServer EE) + +SignServer Enterprise Edition is designed for production signing environments, offering advanced signing features, enterprise-grade key management, auditability, compliance capabilities, and commercial support with SLAs. + +Learn more about the differences between SignServer CE and SignServer EE: [SignServer Community vs Enterprise](https://www.signserver.org/community-vs-enterprise/) ## Get started -To get started with SignServer Community, clone **[signserver-ce](https://github.com/Keyfactor/signserver-ce)** and build it yourself or download our **[binary distribution](https://signserver.org/download/)**, and install it, see **[SignServer Installation](https://docs.keyfactor.com/signserver/latest/signserver-installation)**. +### Get started with SignServer Community + +* Deploy from source: Clone [signserver-ce](https://github.com/Keyfactor/signserver-ce) or download our [latest binary distribution](https://github.com/Keyfactor/signserver-ce/releases/latest), and install it, see [SignServer Installation](https://docs.keyfactor.com/signserver-software/latest/installation) +* Run as a Container: [Docker Hub](https://hub.docker.com/r/keyfactor/signserver-ce) +* Use Helm for automation: [Artifact Hub](https://artifacthub.io/packages/helm/signserver/signserver-ce) + +### Get started with SignServer Enterprise + +* Run a 30-day free trial of SignServer Enterprise in a ready-to-use environment, no installation or setup required: [Keyfactor Test Drives](https://docs.keyfactor.com/test-drives/) +* Get in Contact: [Request a Demo](https://www.keyfactor.com/demo-request/) -You can also easily run SignServer as a container from **[Docker Hub](https://hub.docker.com/r/keyfactor/signserver-ce)**. +## Support -## Community Support +### Community Support -The Community software is open source and community supported, there is no support SLA, but a helpful best-effort Community. +SignServer Community is open source and community-supported; there is no support SLA, but a helpful best-effort community is available. * To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. * If you want to contribute to the project, see our **[Contributing guidelines](CONTRIBUTING.md)**. -* Ask the community for ideas: **[SignServer Discussions](https://github.com/Keyfactor/signserver-ce/discussions)**. -* Read more in our documentation: **[SignServer Documentation](https://docs.keyfactor.com/signserver)**. +* If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab. +* If you need guidance, ask the community for support: **[SignServer Discussions](https://github.com/Keyfactor/signserver-ce/discussions)**. +* Learn more in our documentation: **[SignServer Documentation](https://docs.keyfactor.com/signserver)**. +* Get hands-on with our guides: **[How-To Guides](https://docs.keyfactor.com/how-to/)** * See release information: **[SignServer Release Information](https://docs.keyfactor.com/signserver/latest/signserver-release-information)**. * Read more on the open source project website: **[SignServer website](https://www.signserver.org/)**. -* Check out the download options: **[Download SignServer](https://www.signserver.org/download)**. -* View differences between Community and Enterprise: **[SignServer Community vs Enterprise](https://www.signserver.org/community-vs-enterprise/)**. +* Learn more about the differences between Community and Enterprise: **[SignServer Community vs Enterprise](https://www.signserver.org/community-vs-enterprise/)**. -## Commercial Support -Commercial support is available for **[SignServer Enterprise](https://www.keyfactor.com/products/signserver-enterprise/)**. +### Enterprise Support +SignServer Enterprise is a licensed software backed by professional support services. Get in contact to learn more: [Contact us](https://www.keyfactor.com/contact-us/). -## License +## Open-Source License SignServer Community is licensed under the LGPL license, please see **[LICENSE](LICENSE)**. ## Related projects * [Keyfactor/ansible-ejbca-signserver-playbooks](https://github.com/Keyfactor/ansible-ejbca-signserver-playbooks) +* [Helm deployment via Artifact Hub](https://artifacthub.io/packages/helm/signserver/signserver-ce) * [Keyfactor/signserver-tools](https://github.com/Keyfactor/signserver-tools) * [All Keyfactor SignServer repositories](https://github.com/orgs/Keyfactor/repositories?q=signserver+sort%3Astars)