Source code repositories are the backbone of secure software development. Considering the human and intellectual capital invested in source code, most likely it is among an organization’s most valuable assets.
A source code repository persistently stores uniquely identifiable versions of software source code. It also enables developers to make parallel changes to source code files in a separate branch and then merge the changes into the original or other branches of the software configuration.
Protection of Source Code
Confidentiality, integrity, and availability all come into consideration when determining the best method to protect your source code. One way to protect the confidentiality and integrity of your source code is to limit the ability to copy it to portable devices such as a laptop and instead have developers mount the version-controlled source code from a central server. It is easier to manage security on a centralized server rather than multiple computers. A centralized version control system (CVCS) works this way. If availability is the most important aspect, then a distributed version control system, DVCS, may be a better choice. Nonetheless, each system needs to be considered holistically, taking into account your organization’s overall security policies, standards, and controls.
However, when limiting access to source code, there still is the human factor to consider. If someone can read source code in a CVCS, they can distribute that code widely. A DVCS typically has more capabilities for controlling code workflow.
All modifications to the code in your source code repository must be accounted for, including who committed the change, when the change was committed, and a reason for the change. This is so easy to do with today’s technology that it’s almost more difficult not to have change tracking in place. If you use Git or Mercurial or any modestly usable source control system, you get change tracking, and you rely on it heavily.
Security Challenges in Use of Code Repositories
When using source code repositories, you must consider the security challenges, threat sources, and best practices that such use involves.
- Internal threats including actors such as disgruntled employees, careless actors, contractors
- External threats such as hackers
- Ransomware
- Denial of service
- Disclosure or theft of sensitive data or intellectual property
- Destruction of sensitive data or intellectual property
When discussing the security challenges related to source code repositories, it is necessary to take it from two perspectives: security of the repository and security in the repository.
Security of the Repository
Defense in depth should be the essential strategy employed when securing a source code repository. This strategy consists of layered security measures and, in this case, specific attention toward protecting file data assets. While there are many control layers you can consider in securing your source code repository, some of the most important are the following:
- Network security
- Communications security
- Authentication and authorization
- Anti-malware
- File integrity checking
- Filesystem and backups
Network Security
Any means that an attacker can use to get access to protected assets must be secured, and therefore network security is a must when securing source code repositories. Network security controls to secure source code repositories at a minimum should include firewalls, data loss prevention systems (DLPs), and intrusion detection systems (IDSs) or intrusion prevention systems (IPSs).
Communications Security
Following network security, the security of communications on the network is necessary as well. Ensure that all communication between endpoints and the source code repository are protected. Depending upon the communication layer, different protocols will apply, such as HTTPS, TLS, SSH, or IPSec. By using these protocols, you can protect your communicating channel from unauthorized access by attackers. As with any other asset, source code needs to be accessible as well as have adequate protections around that accessibility.
Authentication and Authorization
Access to source code repositories should be based on the least privilege model. Each user’s ability to view, create, modify, and delete items in the repository must also follow the least privilege entitlement model. The capacity to deprovision and remove user access to the source code repository upon termination or change in the role should be immediate.
Anti-malware
Protection from ransomware is a primary concern when protecting source code in a source code repository. Anti-malware should be used at different points in the network and on the source code repository hosts to defend against ransomware and to prevent the source code from being infected with malware. Keeping the anti-malware program signatures current is critical to securing your source code repository.
File Integrity Checking
File integrity checking is a line of defense that can detect whether an attacker modifies any file on a system. File integrity checking is typically done by checksum comparisons of selected files on the system. Use file integrity checking on a continuous basis to alert your incident response team of any changes to the operating system or the source control software environment as soon as possible to protect the system.
Filesystem and Backups
Because you are protecting your source code assets, filesystem security and backup management are necessary. The backup strategy you choose should align with your high availability and disaster recovery requirements, including disaster recovery from ransomware. However, the organization should pay particular attention to backup durability, redundancy, and recovery because, depending upon your operations and intellectual property situation, your source code repository may hold assets critical to your business.
Security in the Repository
The other half of source code repository security is to secure access to what it holds, maintains, and controls. This securing access is also known as security in the repository. To ensure the protection of objects managed by the repository, access control and sensitive code segregation should be used.
Access Control
Just as access control secures access to the source code repository software and its files, access control is vital to securing the assets managed by it. Limiting who can view, add, modify, and delete objects in your source code repository is a necessary part of the security in the repository.
The two types of access control limits used in code repositories for ensuring the security of its contents: software and code access limitations.
Software access limitations are constraints placed on a user’s access to the source code repository software. Use the principle of least privilege when granting access to the soft- ware. Enforce access to objects based on your organization’s policies on data classification and access. Best practice would be to constrain the user’s connection to the source code repository within a session.
A user session’s concurrency and duration should both be limited to meet your organization’s security policies. If no such statements of limitations exist, then set these to reasonable values. Restrict the number of concurrent user connections allowed to an amount that would be necessary and reasonable for a developer to do their work. Restrict the session timeout to expire upon idle after 15 minutes. If possible, limit the access to the software by IP address range or geolocation.
A source code repository’s central security capability is to protect the confidentiality of the objects that it contains. The principle of least privilege should govern access to these objects. Each source code repository’s access control model may differ from others. How- ever, user constraints on the abilities to view, add, modify, delete access to files, objects, directories, or repositories should be enforced.
Sensitive Code Segregation
All code is not created equal. Depending upon your organization’s asset management and data classification policies, the code maintained by the source code repository can possess a sensitivity that requires more control over its protection. Code segregation protects important code from both unauthorized access and commingling with code of lesser classification or importance. The segregation of higher value code should have stronger security controls protecting it. Strong authentication and encryption can be useful in this situation.
Furthermore, properly implemented code segregation reduces the chances of third parties gaining access to the code. As a rule, third parties should not be given complete access to your organization’s source code. Third parties should only get specific access to that code which they need to do their work.
