Automated source code integrity monitoring
Exposure of secret information in source code repositories is an increasingly common problem. Accidental or unwitting inclusion of credentials, API keys, private keys and more in source code repositories are regularly the initial attack vector for larger incidents.
Tines allows end-to-end automation of source code integrity monitoring and response.
details from SCM
Use the Tines Webhook agent to receive details of every push to a source code management system such as Github or Bitbucket.
Fetch commit diffs
For each commit in a push, use the HTTP Request Agent to fetch the commit diff from the source code management system.
Examine commits for
Use a combination of Event Transformation Agents to analyse the contents of each commit for sensitive information.
In the event of a potential disclosure of sensitive information, Tines can perform an unlimited number of response actions, including: changing visibility of the affected repository, immediate escalation to an engineer, and creation/assignment of key rotation tasks to the committer and/or committer's team.