Skip to content

T1213.003 Code Repositories

Adversaries may leverage code repositories to collect valuable information. Code repositories are tools/services that store source code and automate software builds. They may be hosted internally or privately on third party sites such as Github, GitLab, SourceForge, and BitBucket. Users typically interact with code repositories through a web application or command-line utilities such as git.

Once adversaries gain access to a victim network or a private code repository, they may collect sensitive information such as proprietary source code or credentials contained within software’s source code. Having access to software’s source code may allow adversaries to develop Exploits, while credentials may provide access to additional resources using Valid Accounts.12

Item Value
ID T1213.003
Sub-techniques T1213.001, T1213.002, T1213.003
Tactics TA0009
Platforms SaaS
Permissions required User
Version 1.0
Created 11 May 2021
Last Modified 16 October 2021

Procedure Examples

ID Name Description
G0016 APT29 APT29 has downloaded source code from code repositories.3


ID Mitigation Description
M1047 Audit Consider periodic reviews of accounts and privileges for critical and sensitive code repositories. Scan code repositories for exposed credentials or other sensitive information.
M1032 Multi-factor Authentication Use multi-factor authentication for logons to code repositories.
M1018 User Account Management Enforce the principle of least-privilege. Consider implementing access control mechanisms that include both authentication and authorization for code repositories.
M1017 User Training Develop and publish policies that define acceptable information to be stored in code repositories.


ID Data Source Data Component
DS0015 Application Log Application Log Content
DS0028 Logon Session Logon Session Creation


Back to top