Profile Applicability:
Level 1
Description:
All new code changes must be submitted as cryptographically signed commits, and these signatures must be verified before the changes are merged into the codebase. Signed commits provide cryptographic proof of the author’s identity and ensure that the commit has not been tampered with, enhancing the trustworthiness and integrity of the code history.
Rationale:
Verifying signed commits helps prevent unauthorized or malicious code injections by confirming the identity of the contributor and ensuring commit authenticity. This control strengthens auditability, accountability, and security in the software development lifecycle.
Impact:
Pros:
Confirms authenticity and integrity of commits.
Prevents impersonation or unauthorized code changes.
Supports compliance and audit requirements.
Enhances trust in the codebase history.
Cons:
Requires developers to configure signing tools (e.g., GPG).
May introduce minor overhead in commit workflows.
Default value:
By default, many repositories accept unsigned commits without verification.
Audit:
Review repository settings to confirm enforcement of signed commit verification. Inspect commit histories to verify signatures on merged changes.
Remediation:
Configure repository or branch protection rules to require signed commits for merges. Provide training and documentation to developers on how to create signed commits. Use automated tools to verify signatures in CI pipelines.
References:
GitHub - About Signed Commits: https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification
Git - Signing Your Work: https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work
CIS Controls v8, Control 6 - Maintenance, Monitoring, and Analysis of Audit Logs: https://www.cisecurity.org/controls/maintenance-monitoring-and-analysis-of-audit-logs/