Have you heard about canary (or honey) tokens? In his latest Security Zines, Rohit Sehgal explains what they are and how they offer a smart solution for implementing intrusion detection in any system.

Security Zines is a project led by Rohit Sehgal, Staff Security Engineer at Gojek. Check out his work at securityzines.com/#comics and give him a follow on Twitter @sec_r0 to see what he comes up with next!

We are also pleased to introduce ggcanary, the easiest way to create ready-to-disseminate AWS-based canary tokens.

ggcanary is a fully open-sourced project using Terraform to manage your canary tokens infrastructure. Using well-known AWS components, it is ready to be deployed in minutes.

  • Use Terraform to manage canary tokens infrastructure
  • Deploy up to 5,000 canary tokens on your perimeter
  • Track every action with AWS CloudTrails logs
  • Get real-time email alerts when canaries are triggered

Start now! Create your first canary token with ggcanary...

Canary tokens can be used everywhere on your infrastructure to lure attackers:

  • Source control systems (Git repositories)
  • CI/CD systems
  • Internal registries & package managers
  • Production environments
  • Other places in the supply chain

Want to learn about supply chain attacks and why intrusion detection can prove useful?

From vulnerability to advantage: turn exposed secrets into your best allies to detect intrusion.
We are happy to announce the release of our latest open-source project, ggcanary, the GitGuardian Canary Tokens, to help organizations detect intrusion in their developer and DevOps environments.
Software supply chain security - GitGuardian | GitGuardian
Why is software supply chain security critical? ✔️ What is a software supply chain? ✔️ What are the software supply chain’s security concerns? ✔️ How do you secure a software supply chain? ✔️
Supply Chain Attacks: 6 Steps to protect your software supply chain
This article looks at software supply chain attacks, exactly what they are and 6 steps you can follow to protect your software supply chain and limit the impact of a supply chain attack.
Compromising CI/CD Pipelines with Leaked Credentials [Security Zines]
He struck again! New Security Zine, this time focusing on how leaked Jenkins credentials can lead to a complete supply chain takeover...
Best practices: 5 Risks to Assess for a Secure CI Pipeline
More and more parts of the software development process can occur without human intervention. However, this is not without its drawbacks. To keep your code and secrets safe, you should add the following security practices to your CI pipeline.