Y
Hacker News
new
|
ask
|
show
|
jobs
by
mumblemumble
1993 days ago
Just spitballing, how about: requiring 2FA to access the CI/CD tool, and requiring signed commits for your source code.
1 comments
ArchOversight
1993 days ago
Unless you are also verifying that the signed commits are from particular users, and don't allow any tooling to create unsigned commits, that might work, but many of the issues we found weren't even about the code itself.
link