Introducing Cimon: Your Superhero for CI/CD Pipeline Security

user profile
Head of Security Research

We are excited to announce the release of Cimon, a revolutionary tool designed to secure your CI/CD pipelines through a runtime security agent. And the best part? Cimon is now available as a free offering to the public!

Securing your CI/CD pipelines is crucial in today’s ever-evolving threat landscape. With the rise in software supply chain attacks, organizations need a robust solution to protect their pipeline infrastructure and prevent unauthorized access to sensitive data. That’s where Cimon comes in.

Cimon (pronounced “Simon”), short for CI Monitor, is a cutting-edge runtime security agent designed to safeguard your CI/CD pipelines against sophisticated cyberattacks. It leverages the revolutionary eBPF (extended Berkeley Packet Filter) technology to monitor and mitigate attacks within the kernel, providing real-time protection and preventing unauthorized access to your valuable assets.

With easy onboarding and a developer-friendly experience, Cimon offers a range of features to detect, prevent, and respond to software supply chain threats, making it an essential tool for modern software development teams.

The SolarWinds & CodeCov Incidents

Recent cyberattacks, such as the SolarWinds and CodeCov incidents, have highlighted the vulnerabilities in build systems. These attacks compromised the security of tens of thousands of organizations, including government agencies and businesses. 

In the SolarWinds compromise, the attackers gained unauthorized access to the build environment, where they injected malicious code into legitimate software updates. This allowed them to distribute the compromised updates to numerous SolarWinds customers, leading to a widespread supply chain attack.

In the CodeCov compromise, the build system was similarly compromised. Attackers tampered with the platform’s Bash Uploader script. By modifying the script, they were able to collect sensitive credentials and exfiltrate them to a remote server, potentially compromising the source code repositories of multiple organizations.

Both incidents exploited vulnerabilities in the build system, allowing hackers to gain unauthorized access to sensitive data. The consequences were severe, highlighting the urgent need for robust security measures in CI/CD pipelines.

Cimon addresses these critical vulnerabilities head-on.

How Does Cimon Work?

Cimon takes a proactive approach to pipeline security by focusing on preventing attackers from performing malicious actions rather than solely trying to prevent their entry into the build environment. By monitoring and mitigating attacks at the kernel level, Cimon ensures that even if your build environment is compromised, attackers cannot exfiltrate or tamper with your sensitive data.

Learning and Applying Security Policies

Cimon’s tasks are divided into two phases: learning and prevention. In the learning phase, Cimon analyzes the behavior of your CI pipeline to understand its normal operations. In the prevention phase, Cimon creates a preventive security policy based on the learned data and applies it to your pipeline. By monitoring and controlling process execution, network access, and file access, Cimon detects breaches, identifies compromised pipeline runners, and takes remedial measures.

For instance, the following policy in GitHub Actions allows the pipeline to run CodeCov without causing any damage to your internal assets or resulting in your internal secrets being exfiltrated:

- uses: cycodelabs/cimon-action@v0
  with:
    prevent: true
    allowed-hosts: >
      uploader.codecov.io
      api.codecov.io

Comprehensive Security Report

Cimon generates detailed security reports embedded in the pipeline summary within your CI environment. These reports provide insights into detected threats, policy suggestions, network connections, resolved domains, process trees, file system events, and more. By analyzing these reports, you can gain a clear understanding of the security posture of your pipelines and take appropriate actions to strengthen them further.

Cimon Report

Why Cimon?

Real-Time Prevention Capabilities

Cimon goes beyond traditional detection-based approaches by actively preventing attacks in real time. Its deep integration with the kernel allows it to intercept and block malicious activities at their source, effectively neutralizing potential threats before they can cause harm. By actively preventing attacks, Cimon significantly reduces the risk of successful exploits and helps maintain the integrity of your CI/CD pipelines.

Maximum Security with Minimal Friction

Cimon’s philosophy is to provide maximum protection with minimal friction for developers. It offers an “install-and-forget” security approach, ensuring that you have robust security without the need for constant maintenance. Additionally, Cimon provides deep inspection capabilities for security engineers who seek a deeper understanding of their pipelines and want to investigate possible attacks.

Cutting-Edge Technology

At the heart of Cimon is the eBPF technology, which allows custom code to run inside the Linux kernel without kernel modifications. Cimon comprises a user-space loader application and secure kernel-space BPF sensor applications. These sensor applications monitor specific kernel events, generate secondary events, and send them to the user space for further processing. Cimon’s high-level architecture ensures secure, scalable, and non-intrusive behavior while detecting and mitigating potential threats.

Developer Friendly

Cimon is designed with developers in mind. It offers an easy onboarding process and a developer-friendly experience:

  • Installation through a single line of code:
    • - uses: cycodelabs/cimon-action@v0.
  • Works seamlessly with popular CI systems, such as GitHub Actions
  • Comprehensive security reports and alerts within GitHub and Slack
  • By recognizing the CI environment, Cimon offers tailor-made policies that reduce false positives

Free Offering

Offering Cimon as a free solution enables organizations of all sizes to enhance the security of their CI/CD pipelines without any financial barriers. Cycode’s commitment to providing free access demonstrates the dedication of the developers behind Cimon in supporting pipeline security for the wider community.

Getting Started with Cimon

Here’s a simple three-step process to begin securing your CI/CD pipeline:

  1. Step 1 – Install GitHub App: Install the Cimon GitHub App, which serves as the foundation for onboarding and managing Cimon. Through the installation, you can also manage the organizations and repositories that you allow Cimon to access.
  2. Step 2 – Generate API Key: Generate an API key in the Cimon Platform, which consists of a client ID and a secret. These keys are used to authenticate the user and should be securely stored as GitHub Actions secrets.
  3. Step 3 – Add Cimon Action to Your Workflow: Incorporate the Cimon Action as the first step in your CI/CD pipeline jobs. We recommend starting Cimon in “Detect Mode” to allow it to learn your environment before applying preventive policies.

Get Started with Cimon

Future Plans

Cimon aims to address the ongoing challenge of supply chain security by expanding its support to additional systems and improving the integrity of the pipeline for the produced artifacts. Cimon recognizes the importance of ensuring the authenticity and trustworthiness of software and hardware components throughout the supply chain. 

To achieve this, Cimon will incorporate industry standards such as Supply Chain Levels for Software Artifacts (SLSA) and provenance data. By implementing SLSA, Cimon will establish a set of security guidelines and best practices that will enhance the security of the supply chain, making it more resilient against potential threats. 

Furthermore, by leveraging provenance data, Cimon will provide transparency and traceability, enabling organizations to track the origin and history of software components, thus reducing the risk of tampering or malicious activity. Through these measures, Cimon aims to strengthen supply chain security and ensure the delivery of trusted and reliable software products to its customers.

Try Cimon to Enhance CI/CD Security Now 

Safeguarding CI/CD pipelines from cybersecurity threats is of paramount importance in today’s digital landscape. With the introduction of Cimon, a state-of-the-art runtime security solution, the concerns surrounding software supply chain security can be effectively addressed. By leveraging eBPF technology and operating within the kernel, Cimon provides real-time protection, ensuring the integrity and safety of your pipelines. The seamless integration and developer-friendly approach make onboarding effortless while maintaining maximum security and efficiency. 

Embrace the power of Cimon today and experience enhanced security for your software development processes. To get started, visit https://cimon.build.