Skip to content

Code Climate API Key

Service Name: Code Climate

Service Description: Code Climate is a platform that provides automated code review and quality metrics for software development teams. It helps identify technical debt, security issues, and maintainability problems in codebases.

Service Address: https://codeclimate.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the organization level through access policies.

Secret Access Scope: Grants programmatic access to Code Climate's API, allowing users to retrieve quality metrics, test coverage data, and integrate with CI/CD pipelines.

Secret Revokement URL: https://codeclimate.com/profile/tokens

Secret Example: cc_test_AbCdEfGhIjKlMnOpQrStUvWxYz0123456789

Suspicious Activity Investigation Instructions:

  • Review the Code Climate audit logs for unusual API calls or access patterns.
  • Check for unauthorized repositories being added to your Code Climate account.
  • Monitor for changes in user permissions or organization settings.
  • Look for unexpected integrations with third-party services.
  • Verify if there are any unusual analysis reports being generated.

Mitigation Instructions:

  • Log in to your Code Climate account and navigate to your profile settings.
  • Go to the API Access Tokens section.
  • Identify the compromised token and click the "Revoke" button next to it.

  • Generate a new API token if needed for legitimate services.

  • Review and update access permissions for all users in your organization.
  • Enable two-factor authentication for all users with access to Code Climate.
  • Consider implementing IP restrictions for API access if available for your plan.
  • Update any CI/CD pipelines or integrations to use the new token.