BuildKite
Service Name: BuildKite
Service Description: BuildKite is a CI/CD platform that combines the power of your own infrastructure with their hosted orchestration to create fast, secure, and scalable pipelines.
Service Address: https://buildkite.com/
Validation Type: API Auth
IP Allow list: Does not exist
Secret Access Scope: Grants access to BuildKite API resources based on the token's permissions.
Secret Revokement URL: https://buildkite.com/user/api-access-tokens
Secret Example: bkua_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
Suspicious Activity Investigation Instructions:
- Check BuildKite audit logs for unauthorized build triggers or configuration changes.
- Review API access logs for unusual patterns of access or API calls.
- Verify if any pipelines have been modified unexpectedly.
- Check for unauthorized webhooks or integrations added to your BuildKite organization.
Mitigation Instructions:
- Immediately revoke the compromised token through the BuildKite dashboard.
- Go to User Settings > API Access Tokens.
- Find the compromised token and select Revoke.
- Create a new token with appropriate scopes if needed.
- Review and update any applications or services that were using the compromised token.
- Consider implementing IP restrictions for API access if available.