The organization must store the source code in a central repository.
ISO 27001:2013. Annex A - 9.4.5 Restrict access to application source code.
ISO 27001:2013. Annex A - 14.2.2 Control system changes during the software development lifecycle using formal change tracking mechanisms.
OWASP-ASVS v4.0.1 V1.10 Malicious Software Architectural Requirements.(1.10.1) Verify that a source code control system is in use, with procedures to ensure that check-ins are accompanied by issues or change tickets. The source code control system should have access control and identifiable users to allow traceability of any changes.
Start with Fluid Attacks
We are a proud corporate member of the OWASP Foundation