Security of Pckgr

Winget security, Pckgr hosting security and Pckgr Security history

Application Source: Winget

All applications found on Pckgr are obtained using Microsoft Winget.

Microsoft Winget has measures in place to keep its repository of applications secure. These security measures will reduce the possibility of malicious software entering its database and by extension, to the target machine. Microsoft does this by vetting applications prior to becoming available on Winget with methods such as SHA256 Hash validation, static analysis and Smart Screen.

  • Smart Screen provides screening and highly personalized background checks on the Winget repository to ensure only secure and compliant applications are available on the Winget platform.

  • SHA256 Hash Validation provides a one way cryptographic signature, securing each Winget application, so as to minimise likelihood of malware occurrence.

  • Static Analysis is used to debug the application source code before it becomes available on Winget. The application will be examined by analysing it with a set of coding rules.

An additional benefit of using Microsoft's Winget repository is that it is widely used and trusted, so a possible issue would be identified and rectified very quickly. Each application pushed to Winget Repository must complete the installer validation testing using the Azure pipelines.

Granting Pckgr Permissions

Pckgr applies the principal of least privilege when requesting permissions to link Pckgr to their Intune tenant. This ensures only Pckgr only has access to the functionality it requires in order to deploy and update packages. It does not have any read/write access to your user accounts or data.

Application Packaging and Hosting

We ensure a secure application packaging and upload process by hosting all applications on servers hosted in Microsoft Azure, which are closed off from external access. These servers are regularly patched and do not have any third-party software installed.

The packages are hosted using an Azure Storage account that is only accessible to the uploading servers and Azure Functions responsible for delivery. We utilize premium tier Azure Functions for delivering the package to your Intune Tenant. This approach helps ensure that our packages are uploaded securely and delivered to our Intune Tenant in a controlled and protected environment.

Website Hosting: Amazon Web Services

Pckgr is hosted via Amazon Web Services (AWS).

  • AWS also has auditing capacity to monitor and detect activity and requests on the account.

  • AWS provides server-side encryption (with three key management options: SSE-KMS, SSE-C, SSE-S3) and also client-side encryption for data uploads.

  • AWS supports checksum algorithms (SHA-1, SHA-256, CRC32, or CRC32C) to examine data integrity on user uploads and downloads.

  • AWS provides Trusted Advisor. It has three related checks:

    • Logging configuration of Amazon S3 buckets

    • Security checks for Amazon storage buckets that have open access permissions

    • Fault tolerance checks for Amazon S3 buckets that don't have versioning enabled, or have versioning suspended

  • Amazon storage objects, buckets and related sub-resources are confidential, only the AWS account that created it can access it.

By using this premium database, Pckgr ensures security and maximum accessibility of the applications available.

PreviousApplications AvailableNextHomage to Winget

Last updated