Checklist
Describe your proposal
This is a suggestion to add security canaries to this repo for monitoring and detecting supply chain attacks.
Describe the solution you'd like
There's a free Tracebit Community Edition GitHub integration you can install here that sets this up in under 5 minutes - once you do, it injects canary tokens (decoy credentials that look real but nothing legitimate ever uses) into every running build. If anyone tries to use one, you get an alert straight away. Since no real process ever touches them, a trigger means there’s likely an issue.
I'm also more than happy to raise a PR and implement it myself. No stress if it doesn't fit, thought it would be useful to share with the wider community.
Describe alternatives you've considered
N/A
Additional context
Full disclosure - I work for Tracebit and built this myself. Our Community Edition is fully designed with community in mind and will remain free forever.
Thanks,
Andy
Checklist
Describe your proposal
This is a suggestion to add security canaries to this repo for monitoring and detecting supply chain attacks.
Describe the solution you'd like
There's a free Tracebit Community Edition GitHub integration you can install here that sets this up in under 5 minutes - once you do, it injects canary tokens (decoy credentials that look real but nothing legitimate ever uses) into every running build. If anyone tries to use one, you get an alert straight away. Since no real process ever touches them, a trigger means there’s likely an issue.
I'm also more than happy to raise a PR and implement it myself. No stress if it doesn't fit, thought it would be useful to share with the wider community.
Describe alternatives you've considered
N/A
Additional context
Full disclosure - I work for Tracebit and built this myself. Our Community Edition is fully designed with community in mind and will remain free forever.
Thanks,
Andy