Buddy API Token
Service Name: Buddy
Service Description: Buddy is a CI/CD (Continuous Integration and Continuous Delivery) platform that automates the software development process with pipelines that build, test, and deploy code from GitHub, GitLab, and Bitbucket repositories.
Service Address: https://buddy.works/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the workspace level in the security settings.
Secret Access Scope: Grants programmatic access to Buddy's API, allowing management of workspaces, projects, pipelines, and executions based on the token's permission level.
Secret Revokement URL: https://app.buddy.works/account/api
Secret Example: 6e89b4ff2d5c4257a7e13f21b1f30d8a9a2db66f
Suspicious Activity Investigation Instructions:
- Review the API access logs in your Buddy workspace to identify unauthorized actions.
- Check for unexpected pipeline executions or modifications to your CI/CD workflows.
- Verify if any new projects or integrations have been added without authorization.
- Examine workspace member activity for unusual patterns or access times.
- Monitor for unexpected changes to environment variables or secrets stored in Buddy.
Mitigation Instructions:
- Log in to your Buddy account and navigate to Account Settings > API.
- Locate the compromised token in the list of API tokens.
- Click the trash icon next to the token to revoke it immediately.
- Create a new token with appropriate permissions if needed.
- Review and update workspace security settings, including IP restrictions.
- Enable two-factor authentication for all workspace members if not already enabled.
- Audit pipeline configurations and environment variables for any unauthorized changes.
- Consider rotating other credentials that might have been exposed through the compromised token.