Skip to content

Buddy API Token

Service Name: Buddy

Service Description: Buddy is a CI/CD (Continuous Integration and Continuous Delivery) platform that automates the software development process with pipelines that build, test, and deploy code from GitHub, GitLab, and Bitbucket repositories.

Service Address: https://buddy.works/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the workspace level in the security settings.

Secret Access Scope: Grants programmatic access to Buddy's API, allowing management of workspaces, projects, pipelines, and executions based on the token's permission level.

Secret Revokement URL: https://app.buddy.works/account/api

Secret Example: 6e89b4ff2d5c4257a7e13f21b1f30d8a9a2db66f

Suspicious Activity Investigation Instructions:

  • Review the API access logs in your Buddy workspace to identify unauthorized actions.
  • Check for unexpected pipeline executions or modifications to your CI/CD workflows.
  • Verify if any new projects or integrations have been added without authorization.
  • Examine workspace member activity for unusual patterns or access times.
  • Monitor for unexpected changes to environment variables or secrets stored in Buddy.

Mitigation Instructions:

  • Log in to your Buddy account and navigate to Account Settings > API.
  • Locate the compromised token in the list of API tokens.
  • Click the trash icon next to the token to revoke it immediately.
  • Create a new token with appropriate permissions if needed.
  • Review and update workspace security settings, including IP restrictions.
  • Enable two-factor authentication for all workspace members if not already enabled.
  • Audit pipeline configurations and environment variables for any unauthorized changes.
  • Consider rotating other credentials that might have been exposed through the compromised token.