According to GitGuardian, provider of code security platforms, a new open source canary tokens project has been launched to help companies identify corrupt developer and DevOps environments. The company claims that security teams can develop and deploy canary tokens in the form of Amazon Web Services (AWS) secrets to trigger alarms when tampered with by attackers using GitGuardian Canary Tokens (ggcanary). The release exemplifies an industry-wide trend of new initiatives and standards being developed to address risks related to the software supply chain and DevOps technologies.
According to a press release from GitGuardian, companies are inadvertently increasing their attack surface as a result of their continued adoption of the cloud and modern software development techniques. It was noted that continuous integration and continuous deployment (CI/CD) pipelines are becoming popular gateways for attackers due to poorly secured corporate networks and Internet-facing assets.
According to research by GitGuardian, after the first access, attackers often look for real hard-coded credentials that they can abuse to migrate laterally. According to GitGuardian, the ggcanary project was developed with the following features to help organizations identify compromises faster:
- Rely on Terraform to build and manage AWS canary tokens using HashiCorp’s well-known infrastructure-as-code application tool.
- Highly sensitive intrusion detection that tracks every action an attacker takes on the canary tokens using AWS CloudTrail audit records.
Scalability of up to 5,000 active AWS canary tokens installed on a company’s internal perimeter, across ticketing, CI/CD tools, source code repositories, and messaging platforms such as Jira, Slack, or Microsoft Teams.
- Its proprietary alert system is connected to SendGrid, Slack, and AWS Simple Email Service (SES). It can be extended by users to send alerts to SOCs, SIEMs or ITSMs.
GitGuardian said it will consider including ggcanary in its end-to-end automated discovery and recovery platform in the future, depending on its adoption rate. The launch of the ggcanary project follows the announcement of several other initiatives aimed at addressing and addressing security challenges in the open source software and development scene. The Open Source Software Security Mobilization Plan, a ten-stream investment strategy, including actions for both immediate improvements and a strong foundation for a more secure future, was published in May 2022 by the Open Source Security Foundation. The three main security objectives are:
- Securing OSS production by emphasizing the avoidance of security flaws and vulnerabilities in open source software and code.
- Improving the problem identification and repair process to improve vulnerability detection and resolution.
- Simplifying the distribution and application of patches to reduce the amount of time it takes to patch an ecosystem.
The open source software community initiative Project Pyrsia, which uses blockchain technology to protect software packages from errors and malicious code, was unveiled by JFrog in the same month.