GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Checkmarx → chainalert-github-action

Checkmarx / chainalert-github-action

Licence: Apache-2.0 license
scans popular packages and alerts in cases there is suspicion of an account takeover

Programming Languages

javascript
184084 projects - #8 most used programming language

Labels

free-servicegithub-actionsupply-chain-security

Projects that are alternatives of or similar to chainalert-github-action

recent-activity
Add your recent activity to your profile readme!
Stars: ✭ 87 (+128.95%)
Mutual labels:  github-action
find-comment
A GitHub action to find an issue or pull request comment
Stars: ✭ 81 (+113.16%)
Mutual labels:  github-action
setup-jdk
(DEPRECATED) Set up your GitHub Actions workflow with a specific version of AdoptOpenJDK
Stars: ✭ 32 (-15.79%)
Mutual labels:  github-action
migu-sign
咪咕爱看签到获流量话费,通过 github action 来实现自动签到。
Stars: ✭ 20 (-47.37%)
Mutual labels:  github-action
aws-assume-role
GitHub action to assume subsequent AWS roles
Stars: ✭ 22 (-42.11%)
Mutual labels:  github-action
ticket-check-action
Verify that pull request titles start with a ticket ID
Stars: ✭ 29 (-23.68%)
Mutual labels:  github-action
restrict-cursing-action
Github Action to prevent cursing and bad language in issues and pull requests
Stars: ✭ 20 (-47.37%)
Mutual labels:  github-action
aws-secrets-manager-actions
🔒 GitHub Action for AWS Secrets Manager
Stars: ✭ 53 (+39.47%)
Mutual labels:  github-action
mpv-winbuild
Use Github Action to build mpv for Windows with latest commit.
Stars: ✭ 78 (+105.26%)
Mutual labels:  github-action
org-audit-action
GitHub Action that provides an Organization Membership Audit
Stars: ✭ 34 (-10.53%)
Mutual labels:  github-action
setup-bats
GitHub Action to setup BATS testing framework
Stars: ✭ 25 (-34.21%)
Mutual labels:  github-action
github-action-wpe-site-deploy
A GitHub Action to deploy code directly to WP Engine.
Stars: ✭ 116 (+205.26%)
Mutual labels:  github-action
pacman-bintrans
Experimental binary transparency for pacman with sigstore and rekor
Stars: ✭ 79 (+107.89%)
Mutual labels:  supply-chain-security
github-action-publish-binaries
Publish binaries when new releases are made.
Stars: ✭ 123 (+223.68%)
Mutual labels:  github-action
codeowners-validator
The GitHub CODEOWNERS file validator
Stars: ✭ 142 (+273.68%)
Mutual labels:  github-action
action-github-workflow-sync
Github Action To Sync Github Action's Workflow Files Across Repositories
Stars: ✭ 51 (+34.21%)
Mutual labels:  github-action
changed-files
Github action to retrieve all (added, copied, modified, deleted, renamed, type changed, unmerged, unknown) files and directories.
Stars: ✭ 733 (+1828.95%)
Mutual labels:  github-action
lcov-cop
A Github Action which helps enforce code coverage
Stars: ✭ 13 (-65.79%)
Mutual labels:  github-action
composer-normalize-action
+ 🎵 Provides a GitHub action for running ergebnis/composer-normalize.
Stars: ✭ 25 (-34.21%)
Mutual labels:  github-action
action-netlify-deploy
🙌 Netlify deployments via GitHub actions
Stars: ✭ 32 (-15.79%)
Mutual labels:  github-action
View All Similar Projects ➔

cover

ChainAlert

A free service by Checkmarx for the Open Source community that scans popular packages and alerts in cases there is a suspicion those packages' accounts were hacked.

Add ChainAlert's GitHub action to your repository to be notified in case of a suspected takeover of one of your dependencies. Giving you the chance to rapidly respond and protect yourself and your users.

For further reading about ChainAlert check out our blog.

The Need

Recent package takeover incidents such as coa and ua-parser-js have stressed the need for an alarm system to alert developers and users.

Learning the lessons of these supply chain incidents we've created ChainAlert, a monitoring service that will help minimize the damages from those attacks by closing the gap between takeover to detection and mitigation.

What It Does?

ChainAlert cloud service continuously monitor and analyse new releases of packages:

  • Detection of newly added auto install scripts such as install, preinstall, postinstall
  • Checking the consistency of the version and if presented in the package's linked git repository tags
  • Changes in package maintainers

Group 468

If ChainAlert finds a suspicious activity of a package, it will automatically open GitHub issues on:

  • The package's linked GitHub repo, to notify the maintainers of that activity
  • Any package dependents' GitHub repo who's opted-in via this GitHub action

111 Frame 240

How Do I Opt In?

You need to add our GitHub action to your project as a cron job.

Create a dedicated workflow file under .github/workflows/chainalert.yml

name: ChainAlert
on:
  schedule:
    - cron:  '0 0 * * *'
  push:
    branches: [ master ]
jobs:
  chainalert:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: checkmarx/chainalert-github-action@v1
  • 💡 This action and service are only available for public GitHub projects
  • 💡 If our service stops receiving for more than 2 days, we will automatically opt you out

Features

  • NPM packages support

WIP

  • PyPi packages support
  • Private repos support
  • Automatic pull-requests

Contact

For any further question please feel free to open an issue or contact us at [email protected]

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].