SEC06-BP06 Validate software integrity
Implement mechanisms (for example, code signing) to validate that the software, code and
libraries used in the workload are from trusted sources and have not been tampered with. For
example, you should verify the code signing certificate of binaries and scripts to confirm the
author, and ensure it has not been tampered with since created by the author. AWS Signer can help ensure the trust and integrity of your code by centrally
managing the code- signing lifecycle, including signing certification and public and private
keys. You can learn how to use advanced patterns and best practices for code signing with AWS Lambda
Level of risk exposed if this best practice is not established: Low
Implementation guidance
-
Investigate mechanisms: Code signing is one mechanism that can be used to validate software integrity.
Resources
Related documents: