T0198 - Malicious Build Time Dependencies

M1661

Mitigation

Mitigation Revoke user permissions Remove permissions granted on the SCM repository from users that do not need them.

Limit access to configuration files. Only grant access to users who need it to modify the configuration files.

M1860

Mitigation

Mitigation Implement strong authentication mechanisms Authentication is the process of verifying the identity of a user or entity accessing the SCM system.

Strong authentication typically involves using multiple factors to verify the user's identity, beyond just a username and password. This may include factors such as something the user knows (e.g., password), something the user has (e.g., smart card or token), and something the user is (e.g., biometric data like fingerprint or facial recognition). Multi-factor authentication (MFA) can significantly enhance the security of SCM systems by adding an additional layer of protection against unauthorized access.

M1861

Mitigation

Mitigation Implement strong authorization mechanisms Strong authorization ensures that users only have access to the resources and actions that are necessary for their job functions and responsibilities, and nothing more.

This can be achieved through proper access controls, such as role-based access control (RBAC) or attribute-based access control (ABAC), which define fine-grained permissions and privileges for users, groups, and repositories in the SCM system. Regularly review user permissions and remove all unnecessary permissions for specific users.

D1860

Detection

Detection Configure audit logs for SCM Audit logs can capture various types of events, such as user logins, file modifications, repository access, changes to access permissions, administrative actions, and system events.

These events can provide insights into who did what, when, and where in the SCM system, helping to detect and investigate potential security incidents, including source code leaks.