Coveralls Personal Token
Service Name: Coveralls
Service Description: Coveralls is a web-based service that helps developers track their code coverage over time and ensure that all their new code is fully covered by tests. It integrates with various CI services and version control systems to provide detailed code coverage reports.
Service Address: https://coveralls.io/
Validation Type: API Auth
IP Allow list: Does not exist
Secret Access Scope: Grants access to Coveralls API for submitting coverage reports, accessing repository data, and managing account settings.
Secret Revokement URL: https://coveralls.io/account/token
Secret Example: cov_abcdefghijklmnopqrstuvwxyz1234567890
Suspicious Activity Investigation Instructions:
- Review the Coveralls dashboard for unexpected repository access or coverage submissions
- Check for unauthorized repositories being added to your Coveralls account
- Monitor for unusual API activity or coverage report submissions
- Review Git commit history for any unauthorized changes to CI configuration files
- Examine CI build logs for unexpected Coveralls API calls
Mitigation Instructions:
- Log in to your Coveralls account at https://coveralls.io/
-
Navigate to your account settings page
-
Locate the "API Token" section
- Click "Regenerate" to invalidate the existing token and create a new one
- Update the token in all legitimate CI configurations and deployment scripts
- Review and update any repository access permissions
- Enable two-factor authentication on your Coveralls account if available
- Consider implementing repository-specific tokens if available for more granular
access control