Concourse API Key
Service Name: Concourse CI
Service Description: Concourse CI is an open-source continuous integration tool that automates software builds, tests, and deployments through pipelines defined as code. It emphasizes simplicity, scalability, and reproducible builds with isolated resources.
Service Address: https://concourse-ci.org/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the Concourse server level through network policies or reverse proxies.
Secret Access Scope: Grants programmatic access to Concourse CI pipelines, resources, and build configurations. Depending on the permissions associated with the API key, it can allow creating, modifying, or deleting pipelines, triggering builds, and accessing build logs.
Secret Revokement URL: https://concourse-ci.org/managing-tokens.html (Specific implementation depends on your Concourse deployment)
Secret Example: a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
Suspicious Activity Investigation Instructions:
- Review Concourse audit logs for unusual API calls or pipeline modifications
- Check for unauthorized pipeline creations or modifications
- Monitor for unexpected build triggers or resource access
- Examine access patterns for unusual times or locations
- Review team membership changes or permission modifications
Mitigation Instructions:
- Revoke the compromised API token through the Concourse web interface or CLI
- Generate a new API token if needed for legitimate use cases
- Review and update team permissions to ensure the Principle of Least Privilege
- Enable audit logging if not already active
- Consider implementing IP restrictions for API access
- Review all pipelines for unauthorized modifications
- Update any credentials that might have been exposed through pipeline
configurations