Codefresh API Token
Service Name: Codefresh
Service Description: Codefresh is a modern CI/CD platform built for Kubernetes and microservices deployments. It provides a complete DevOps toolchain for building, testing, and deploying applications to Kubernetes.
Service Address: https://codefresh.io/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level through Codefresh's security settings.
Secret Access Scope: Grants programmatic access to Codefresh resources, allowing users to manage pipelines, builds, environments, and other CI/CD resources.
Secret Revokement URL: https://g.codefresh.io/user/settings
Secret Example: cf-1234567890abcdef1234567890abcdef
Suspicious Activity Investigation Instructions:
- Review the Codefresh audit logs for unusual pipeline executions or configuration changes
- Check for unauthorized pipeline creations or modifications
- Monitor for unusual resource usage or unexpected deployments
- Examine API call patterns for anomalies in frequency or type
- Verify if the token has been used from unusual IP addresses or locations
Mitigation Instructions:
- Log in to your Codefresh account and navigate to User Settings
-
Go to the "API Keys" section
-
Locate the compromised API token
- Click the "Revoke" or "Delete" button next to the token
- Create a new API token with appropriate scopes if needed
- Update any legitimate applications or services that were using the revoked
token
- Review and adjust token permissions to follow the principle of least privilege
- Consider implementing IP restrictions for API access if available