A new open source canary tokens project has been launched, according to code security platform vendor GitGuardian, to aid enterprises in identifying corrupted developer and DevOps environments. The company claims that security teams may develop and deploy canary tokens in the form of Amazon Web Services (AWS) secrets to set off alarms as soon as they are tampered with by attackers using GitGuardian Canary Tokens (ggcanary). The release is an example of an industry-wide trend of new initiatives and standards being developed to address risks related to the software supply chain and DevOps technologies.
According to a news release from GitGuardian, enterprises are inadvertently increasing their attack surfaces as a result of their continuing adoption of the cloud and contemporary software development techniques. Continuous integration and continuous deployment (CI/CD) pipelines are becoming popular entry vectors for attackers as a result of poorly protected business networks and internet-facing assets, it was noted.
After getting initial access, according to research from GitGuardian, attackers frequently look for genuine hard-coded credentials they can exploit to migrate laterally. According to GitGuardian, the ggcanary project was developed with the following features to assist organisations in identifying compromises more quickly:
- Reliance on Terraform to build and manage AWS canary tokens using the well-known infrastructure-as-code application tool from HashiCorp.
- Highly sensitive intrusion detection that tracks every action an attacker takes on the canary tokens using AWS CloudTrail audit records.
Scalability of up to 5,000 active AWS canary tokens installed on the internal perimeter of a company, in ticketing, CI/CD tools, source-code repositories, and messaging platforms like Jira, Slack, or Microsoft Teams.
- Its own alerting system is connected with SendGrid, Slack, and AWS Simple Email Service (SES). It can be expanded by users to send alerts to SOCs, SIEMs, or ITSMs.
GitGuardian said it will think about including ggcanary into its end-to-end automated detection and remediation platform in the future, depending on adoption rates. The launch of the ggcanary project follows the announcement of several other initiatives aimed at addressing and addressing security challenges in the open source software and development scene. The Open Source Software Security Mobilization Plan, a 10-stream investment strategy including actions for both immediate improvements and strong foundations for a more secure future, was published by the Open Source Security Foundation in May 2022. Its three main security objectives are:
- Securing OSS production by emphasising the avoidance of security flaws and vulnerabilities in open source software and code.
- Improving the process for identifying problems and repairing them to improve vulnerability detection and remediation.
- Simplifying the distribution and application of patches to reduce the amount of time it takes to patch an ecosystem.
The open source software community initiative Project Pyrsia, which employs blockchain technology to protect software packages from flaws and harmful code, was unveiled by JFrog in the same month.