Exposure of secret information in source code repositories is an increasingly common problem. Accidental or unwitting inclusion of credentials, API keys, private keys and more in source code repositories are regularly the initial attack vector for larger incidents.
Tines allows end-to-end automation of source code integrity monitoring and response.
RECEIVE COMMIT DETAILS FROM SCM
Use the Tines Webhook agent to receive details of every push to a source code management system such as Github or Bitbucket.
Fetch commit diffs
For each commit in a push, use the HTTP Request Agent to fetch the commit diff from the source code management system.
EXAMINE COMMITS FOR SENSITIVE INFORMATION
Use a combination of Event Transformation Agents to analyse the contents of each commit for sensitive information.
REMEDIATE POTENTIAL EXPOSURES
In the event of a potential disclosure of sensitive information, Tines can perform an unlimited number of response actions, including: changing visibility of the affected repository, immediate escalation to an engineer, and creation/assignment of key rotation tasks to the committer and/or committer's team.
Start your free trial today!
The Tines security automation platform helps the world's leading security teams automate any manual task.
Making them more effective and efficient.