Code security provider GitGuardian has added a new honeytoken module to its platform to help customers secure their software development life cycle and software supply chains with intrusion and code leakage detection assistance.Honeytokens are code scripts containing decoy credentials, which can be placed within a customer\u2019s development environments to lure out attackers looking to target critical DevOps environments such as source control management (SCM) systems, continuous integration continuous deployment (CI\/CD) pipelines, and software artifact registries.\u201cOur honeytokens look just like any other secret to attackers, tempting them to exploit them for further lateral movement inside the victim\u2019s organization,\u201d said Soujanya Ain, product marketing manager at GitGuardian. \u201cRather than allowing access to a customer\u2019s actual resources, they act as tripwires that reveal information about the attacker.\u201dSecurity teams will be able to monitor their honeytokens and based on the triggers, prioritize securing the credentials that hackers target the most\u00a0within GitGuardian\u2019s existing console. This capability will initially be available in beta for free to existing customers on an on-demand basis, with plans for general availability in the future with additional charges per usage.Triggers by any secret scanner used by attackersPasswords, access tokens, and other sensitive information within a customer environment are usually traced through an automated secret scanner tool designed to scan code repositories, application code, and other sources of software code, identifying secrets that should not be publicly accessible.Malicious actors often exploit the functionality of these secret scanners to extract secrets from user repositories. GitGuardian\u2019s honeytokens are meant to be picked by these secret scanners to detect and reveal an attacker\u2019s hack infrastructure (IP addresses).\u201cWe designed our honeytokens to be triggered by all types of secret scanners including open-source projects like TruffleHogs, Gitleaks, and Gitrob. Whenever a hacker uses any of these secret scanners, they will trip on the honeytoken, triggering an alert that notifies the security teams of a potential security incident,\u201d Ain said.When triggered by an attacker, the GitGuardian honeytokens are designed to track critical information about the source of the attempt. These useful deliverables include the timestamp of the attack, type of action performed eg. GetCallerIdentity, ListBuckets etc, and the source of honeytoken indicating the target location.GetCallerIdentity and ListBuckets are two crucial Amazon Web Services API calls that provide access to secrets and buckets (containers for files, images, and other data) stored in different AWS accounts.The number of honeytokens a subscribed customer gets depends on the size of the organization, the number of developers involved, and the collection of assets to safeguard, according to Ain.Unique placement detects code leakageGitGuardian monitors real-time activities in public GitHub. Public GitHub refers to all the public repositories on the GitHub platform that can be accessed and contributed to by anyone on the platform, as opposed to private repositories that restrict access to select accounts and contributors.This real-time monitoring allows GitGuardian to detect any leakage of secrets on public Github, notifying developers as and when they happen. These detections can alert the security teams about the source of the breach and the compromised resources by tracing the placement made for the leaked honeytoken.\u201cWe recommend deploying each honeytoken in a unique location to ensure the most accurate detection and response to potential security threats. If a honeytoken is repeated in multiple locations, when it is triggered, it can make it more difficult to pinpoint the specific asset that has been compromised,\u201d Ain said.This is why despite being an isolated piece of code that can easily be copied and pasted across resources to plant decoys, each honeytoken needs to be unique to be placed at a unique location to efficiently track each incident to the source placement.Nevertheless, the pricing of a GitGuardian honeytoken will not be affected by the number of times a single honeytoken is copied, pasted, or triggered, Ain said.The \u201cpublicly exposed\u201d honeytokens are identified and filtered from the honeytokens list on the GitGuardian dashboard.\u201cWhen a honeytoken is triggered, if we recognize the source IP as one from GitGuardian\u2019s infrastructure, it indicates that their code has been leaked on the public GitHub. We then tag the event and honeytoken as \u2018Publicly exposed\u2019,\u201d Ain said.Last year, GitGuardian launched ggcanary, a free, open source project that enables organizations to deploy honeytokens in their codebase or configuration files to detect intrusions in their DevOps environments.