Code signing is a prerequisite, to ensure that the scripts you have developed are not altered during their life cycles. It is also a very common task in a deployment pipeline. When moving code from development to production, it is signed, and is thereby marked as ready to ship.

Signing scripts and Desired State Configuration (DSC) documents is trivial. There is one cmdlet to sign files, and one to validate signatures, as you can see in the next code sample:

# A certificate is necessary
# Certificates can be self-signed, externally sourced, etc.
$codeSigningCert = Get-ChildItem Cert:CurrentUsermy -CodeSigningCert

# You can sign ps1, psd1, psm1 and mof files - any files that
# support Subject Interface Package (SIP)
New-Item -ItemType File -Path .SignedScript.ps1 -Value 'Get-Process -Id $Pid'
Set-AuthenticodeSignature -FilePath .SignedScript.ps1 -Certificate $codeSigningCert -IncludeChain all

# You can always validate a signature

# Valid
Get-AuthenticodeSignature -FilePath .SignedScript.ps1
(Get-Content -Path .SignedScript.ps1) -replace 'Get-Process','Stop-Process' | Set-Content .SignedScript.ps1

# Hash mismatch - script has been altered
Get-AuthenticodeSignature -FilePath .SignedScript.ps1

If a valid change has been made, you can simply redo the step where the file is digitally signed. The signature will be updated to match the file contents.