Feature Description
Off the back of #1025, this is a suggestion to add security canaries to this repo for monitoring and detecting supply chain attacks.
Motivation
Security canaries give you a detection layer, so that if there is a supply chain compromise that affects you, you will know straight away.
Proposed Solution
There's a free Tracebit Community Edition GitHub integration you can install here that sets this up in under 5 minutes - once you do, it injects canary tokens (decoy credentials that look real but nothing legitimate ever uses) into every running build. If anyone tries to use one, you get an alert straight away. Since no real process ever touches them, a trigger means there’s likely an issue.
I'm also more than happy to raise a PR and implement it myself. No stress if it doesn't fit, thought it would be useful to share with the wider community.
Use Cases
- It would be used in the GitHub Actions workflows to improve the detection of supply chain compromise. It would have no direct effect to users of the framework.
Additional Context
Full disclosure - I work for Tracebit and built this myself. Our Community Edition is fully designed with community in mind and will remain free forever.
Thanks,
Andy
Feature Description
Off the back of #1025, this is a suggestion to add security canaries to this repo for monitoring and detecting supply chain attacks.
Motivation
Security canaries give you a detection layer, so that if there is a supply chain compromise that affects you, you will know straight away.
Proposed Solution
There's a free Tracebit Community Edition GitHub integration you can install here that sets this up in under 5 minutes - once you do, it injects canary tokens (decoy credentials that look real but nothing legitimate ever uses) into every running build. If anyone tries to use one, you get an alert straight away. Since no real process ever touches them, a trigger means there’s likely an issue.
I'm also more than happy to raise a PR and implement it myself. No stress if it doesn't fit, thought it would be useful to share with the wider community.
Use Cases
Additional Context
Full disclosure - I work for Tracebit and built this myself. Our Community Edition is fully designed with community in mind and will remain free forever.
Thanks,
Andy