Security of Pckgr
Read about Pckgr's thorough security practices
Pckgr is a secure SaaS platform designed to facilitate the deployment of applications to Microsoft Intune while prioritizing security at every stage. Pckgr has built their own Private Repository for hosting applications, ensuring that all applications are sourced, stored, and delivered through verified, controlled, and secure channels. With a least-privilege access model and Azure-hosted infrastructure, Pckgr provides a reliable and secure solution for organizations managing application deployments at scale.
Granting Pckgr Permissions
Pckgr applies the principal of least privilege when requesting permissions to link Pckgr to their Intune tenant. This ensures only Pckgr only has access to the functionality it requires in order to deploy and update packages. It does not have any read/write access to your end user accounts or data.

Application Packaging and Hosting
Website Hosting: Amazon Web Services
Pckgr's Private Repository
GDPR Alignment:
Pckgr is an Australian-based company and understands the importance of aligning with GDPR regulations for the benefit of our customers based in the EU and UK. While GDPR imposes strict requirements on organizations handling personal data, many of its provisions do not directly apply to Pckgr's services because Pckgr does not access, process, or store company data, focusing instead on application deployment management. Here is how Pckgr maintains a minimal data footprint:
Code Signing
Code signing is a security practice employed by our application to ensure the integrity and authenticity of the scripts used within it. This documentation section outlines the importance of code signing, its benefits, and provides instructions for downloading the public certificate associated with our code signing process.
What is Code Signing?
Code signing is the process of digitally signing executable scripts and software components to verify their authenticity and integrity. It involves using a digital certificate, which is essentially a unique electronic identity document, to sign the code. The digital signature serves as a stamp of approval, indicating that the code has not been tampered with or maliciously modified since it was signed.
The Benefits of Code Signing
By employing code signing, we enhance the security and trustworthiness of our application in the following ways:
Authenticity: Code signing allows users to verify that the scripts they receive are indeed from our trusted source, as the digital signature can be traced back to our organization.
Integrity: The digital signature acts as a tamper-evident seal. If the code has been altered in any way after signing, the signature verification process will fail, alerting users to potential tampering or unauthorized modifications.
User Trust: Code signing fosters user confidence by assuring them that our application has undergone rigorous security measures. Users are more likely to trust and install software that has been properly code signed.
Protection against Malware: Code signing helps protect users from downloading and executing malicious or unauthorized scripts. Most operating systems and security software systems will display a warning if the code is not signed or if the signature is invalid.
Downloading the Public Certificate
To facilitate the verification process and allow users to independently verify the authenticity of our signed code, we provide the public certificate used for code signing. Download the Public Certificate here:
Note: As we have changed our code singing to start using DigiCert, the following new Public Certificate must also be added as all new packages will be signed with this:
Adding the Certificate to Trusted Publishers Local Machine Certificate Store
To establish a higher level of trust and ensure a smooth verification process, you can add the downloaded public certificate to the Trusted Publishers local machine certificate store on your operating system. This step helps your system recognize the certificate as a trusted source for code signing.
Conclusion
Code signing plays a vital role in establishing trust and ensuring the integrity of our application's scripts. By employing this security measure, we aim to provide our users with reliable and secure software. If you have any further questions or concerns regarding code signing, please reach out to our support team for assistance.
Last updated