A. Setting up a secret management solution for all items in the source code management system and E. Developing a secure software development life cycle process for committing code to the source code management system. A secret management solution will ensure that the access keys are securely stored and not accidentally exposed. Additionally, a secure software development life cycle process will help ensure that items such as access keys are not added to the source code management system in the first place. The other options will also help to secure the source code management system, but will not address the issue of the exposed access keys directly.

A and D would be the BEST options to address the issue. A secret management solution would help protect sensitive information like access keys in the source code management system. A solution to scan for other similar instances of sensitive information would help identify any other instances of access keys that may be present in the system. B, C, E, and F are also important security measures that can be implemented, but they may not directly address the issue of uncovered access keys in the source code management system. B, role-based access control, could help prevent unauthorized access to the source code management system. C, multifactor authentication, could help improve the security of the login process to the source code management system. E, a secure software development life cycle process, could help prevent the introduction of vulnerabilities into the source code management system. F, a trigger to prevent developers from including passwords, could help prevent future instances of passwords being included in the source code management system.

A & E is the best answer here

Both are preventatie measures that would eliminate the need to scan and take up resources while preventing the issue from reoccuring

Access keys found within an organization's source code management solution present a security risk, as they may allow unauthorized access to sensitive resources. To address this issue, the organization would need to prevent such keys from being stored in the source code and also ensure that any existing keys are detected and handled properly. The BEST options to address this issue would be A and D

I would go with D and E

Some possible options for addressing the issue of access keys within an organization’s SCM solution are: Setting up a secret management solution for all items in the SCM system: This is a tool or service that securely stores, manages, and distributes secrets such as access keys, passwords, tokens, certificates, etc. A secret management solution can help prevent secrets from being exposed in plain text within the source code or configuration files3456. Developing a secure software development life cycle (SDLC) process for committing code to the SCM system: This is a framework or methodology that defines how software is developed, tested, deployed, and maintained. A secure SDLC process can help ensure that best practices for security are followed throughout the software development process, such as code reviews, static analysis tools, vulnerability scanning tools, etc. A secure SDLC process can help detect and prevent access keys from being included in the source code before they are committed to the SCM system1.

A and E is correct Access keys are credentials that allow users to authenticate and authorize requests to a source code management (SCM) system, such as GitLab or AWS. Access keys should be kept secret and not exposed in plain text within the source code, as this can compromise the security and integrity of the SCM system and its data.

A and E is correct

C and D is corrrect

A. Setting up a secret management solution for all items in the source code management system: • A secret management solution ensures that sensitive information such as access keys, passwords, and tokens are stored securely and managed properly. This prevents such secrets from being hard-coded in the source code, thereby enhancing security. D. Leveraging a solution to scan for other similar instances in the source code management system: • Using a scanning solution to identify and flag instances where secrets like access keys are embedded in the source code helps in identifying existing vulnerabilities and preventing new ones. This proactive measure helps in maintaining a secure codebase by continuously monitoring for such issues.

B. RBAC restricts access to specific parts of the codebase based on a user's role D. A scanning tool can efficiently identify all occurrences of access keys within the codebase.

Setting up a secret management solution helps by securely storing, accessing, and managing secrets, like API keys and credentials, outside of the source code. This reduces the risk of sensitive information being exposed within the codebase. Leveraging a scanning solution to find similar instances ensures that any existing secrets mistakenly committed to the source code can be identified and appropriately handled, preventing potential security breaches.

RBAC comes up a lot if you look up source code management security best practices, secondary to a secret management solution.

Configuring multifactor authentication (C) adds an additional layer of security to the source code management system, making it more difficult for unauthorized individuals to access sensitive information like access keys. Developing a secure software development life cycle process for committing code to the source code management system (E) ensures that security is considered at every stage of the development process, reducing the risk of future security vulnerabilities.

Implementing role-based access control on the source code management system (B) would limit the number of people who have access to the sensitive information like access keys, while developing a secure software development life cycle process for committing code to the source code management system (E) would help prevent similar issues from occurring in the future.

A and E