Deploy Strong Authentication
“Require peer reviews for pull requests and require developers to authenticate with cryptographic keys to authenticate themselves,” says Jack Mannino, CEO at nVisium.
Implement Zero-Trust Access for Code Repositories
Organizations should focus on hardening organizational and repository-level security controls, nVisium’s Mannino says.
“Ensuring that main branches in repositories are protected is a good first step toward reducing the likelihood of malicious code being pushed into production,” he says.
Secure the Master ‘Gold’ Copy
“There are several change-management controls you could implement in development environments to ensure code integrity,” nVisium’s Mannino notes. “You could implement code signing and attestation across your build and deployment systems, as well as artifact servers and container registries.”