GitGuardian releases its open-source canary tokens project to help organizations detect compromised developer and DevOps environments.


GitGuardian, the enterprise-ready secrets detection and remediation platform, is announcing its latest open-source project, ggcanary – GitGuardian Canary Tokens.

Research from GitGuardian shows that, after gaining initial access, attackers often search for valid hard-coded credentials they can use for further lateral movement. Last year, hard-coded secrets made it 2nd to the OWASP Top 10 Web Application Security Risks. This year, the vulnerability gained a spot and now ranks 15th on the MITRE CWE Top 25 Most Dangerous Software Weaknesses. In an intriguing spin, GitGuardian is turning the vulnerability into an effective technique for detecting breaches as they unfold.

In their continued adoption of the cloud and modern software development practices, organizations are unknowingly expanding their attack surface. In lieu of poorly secured internet-facing assets and corporate networks, attackers are increasingly turning to components in the software supply chain like Continuous Integration and Continuous Deployment (CI/CD) pipelines as entry points.

Also Read: Five Crucial Traits Modern CISOs Must Possess

Given the complexity of the software supply chain and the sprawling of DevOps tools, detecting compromise poses many challenges and is often achieved too late. To tackle this problem, security teams can use ggcanary to create and deploy canary tokens in the form of AWS secrets that will trigger alerts as soon as they are tampered with by attackers.

What separates this latest project by GitGuardian, ggcanary, from other detection intrusion systems is the following:

  • The project is open-source and relies on Terraform, the popular infrastructure-as-code software tool by HashiCorp, to create and manage AWS canary tokens.
  • Its intrusion detection is highly-sensitive – ggcanary uses AWS CloudTrail audit logs to track all types of actions performed on the canary tokens by attackers.
  • A single ggcanary instance can scale up to 5,000 active AWS canary tokens deployed on the internal perimeter of an organization, in source code repositories, CI/CD tools, ticketing, and messaging systems such as Jira, Slack, or Microsoft teams.
  • It ships with its own alerting system, integrated with AWS Simple Email Service (SES), Slack and SendGrid. Users can also extend it to forward alerts to SOCs, SIEMs, or ITSMs.

In the future and as adoption grows, GitGuardian will consider integrating ggcanary within GitGuardian Internal Monitoring, its end-to-end automated secrets detection and remediation platform. This result will enable users to create a safelist to bypass the detection of canary tokens, and in turn, avoid raising any alerts on the platform.

For more such updates follow us on Google News ITsecuritywire News