Skip to content

Source Code Security

Introduction

  • Importance of Source Code Protection: Protecting source code is critical for maintaining the integrity, confidentiality, and security of software applications.
  • Version Control: A crucial tool for managing source code, enabling collaboration, tracking changes, and maintaining a history of the codebase.
  • Git: A popular distributed version control system known for its flexibility, scalability, and powerful features.

The Story of Git

  • Origins: Created by Linus Torvalds (creator of Linux) in 2005 after the Linux kernel development community lost access to BitKeeper.
  • Design Goals:
    • Distributed development
    • Efficient handling of large projects
    • Strong security with hashing
  • Benefits:
    • Open-source
    • High performance
    • Security
    • Wide adoption

Version Control

  • Purpose: Managing and tracking changes to source code over time.
  • Key Concepts:
    • Repository: A database that stores the codebase and its history.
    • Working Copy: A local copy of the project files where developers make changes.
    • Commit: Saving changes to the repository.
  • Types:
    • Centralized: Single repository, immediate updates.
    • Distributed: Each user has a local repository, changes are pushed to a central repository.

Cloud-Based Version Control

  • Benefits:
    • Easy access from anywhere.
    • Real-time collaboration.
    • Robust version history management.
    • Integration with other development tools.
  • Popular Platforms:
    • GitHub: The oldest and most popular platform, offers a wide range of features, including CI/CD with GitHub Actions.
    • GitLab: An all-in-one DevOps platform with built-in CI/CD, container registry, and Kubernetes integration.

CI/CD and Credential Hygiene

  • CI/CD (Continuous Integration/Continuous Deployment): Automating the software development lifecycle.
  • Credential Hygiene: Securely managing secrets and tokens used in CI/CD pipelines.
  • Risks: Insecure storage, improper usage, and lack of rotation can lead to credential compromise.
  • Recommendations:
    • Least privilege
    • Avoid sharing credentials
    • Temporary credentials
    • Secure storage
    • Detect secrets in code
    • Prevent printing secrets to console output
    • Remove secrets from artifacts

Environment Variables

  • Purpose: Storing and managing configuration information, including sensitive data.
  • Best Practices:
    • Avoid hardcoding secrets.
    • Regularly rotate credentials.
    • Limit access.
    • Least privilege.
    • Monitor and audit changes.

Git Commands

  • git clone: Copies a repository.
  • git clone -branch [branch_name]: Clones a specific branch.
  • git branch: Manages branches.
  • git add: Adds changes to the staging area.
  • git commit: Saves changes to the repository.
  • git push: Updates the remote repository.

Secure Coding Practices (Example)

  • Environment Variables: Replace hardcoded credentials with environment variables to improve security.
  • os.Getenv(): A function to retrieve environment variable values.

Secrets Management in GitLab

  • Purpose: Securely store and manage sensitive information (e.g., API keys, passwords).
  • Steps:
    1. Go to project settings.
    2. Navigate to CI/CD -> Variables.
    3. Add variables and mark them as "Protected."
    4. Access variables in code using os.Getenv().