Bitrise App Token
Service Name: Bitrise
Service Description: Bitrise is a continuous integration and delivery (CI/CD) platform as a service (PaaS) that enables developers to automate building, testing, and deploying mobile applications.
Service Address: https://bitrise.io/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the organization level through the Security Settings.
Secret Access Scope: Grants programmatic access to Bitrise resources, allowing users to trigger builds, access app information, and manage workflows through the Bitrise API.
Secret Revokement URL: https://app.bitrise.io/me/profile#/security
Secret Example: tQp2sRSGQh3RdHxTc4qIwJM5IBCfAJ1S
Suspicious Activity Investigation Instructions:
- Review the Bitrise dashboard for unusual build activities or unauthorized app access.
- Check build logs for unexpected workflow executions or configuration changes.
- Monitor for unauthorized access to connected repositories or deployment targets.
- Review the audit logs for suspicious API calls or authentication attempts.
- Check for unexpected changes to workflow configurations or environment variables.
Mitigation Instructions:
- Log in to your Bitrise account at https://app.bitrise.io/.
- Navigate to your profile by clicking on your avatar in the top-right corner.
- Select "Account settings" from the dropdown menu.
- Go to the "Security" tab.
- Find the compromised token in the "Personal access tokens" section.
- Click the "Revoke" button next to the token.
- Generate a new token if needed, with appropriate permissions.
- Update any CI/CD pipelines or integrations that were using the old token.
- Review and update security settings, including enabling two-factor authentication if not already enabled.