T0195 - Spoofed Commits
By modifying metadata in commits, attackers can easily push their own code to code repositories. For example, by changing the name and email in a commit it is possible to pass as a legitimate user.
ID: T0195
Type:
Technique
Tactic:
Defense Evasion
Summary:
Spoofed Commits
State:
draft
Mitigations
id
type
summary
description
M1731
Mitigation
Implement verification of signed commits
Signing commits, or requiring to sign commits, gives other users confidence about the origin of a specific code change.
It ensures that the author of the change is not hidden and is verified by the version control system, thus the change comes from a trusted source.
For each repository in use, enforce the branch protection rule of requiring signed commits, and make sure only signed commits are capable of merging.