Detect Source Code Overwrite
CI/CD jobs typically should not overwrite source code, specially for release builds.
- This is a potential indicator of compromise
- Malicious source code overwrites have caused major supply chain security breaches in the past, e.g. the SolarWinds breach
- You can learn more about the significance of this activity by visiting
Attack Simulations
Source Code Overwrite Insights
On the insights page, you can discover file overwrite events by looking for the file overwrite icon under Operations with Details highlighted in Red.
- All source code files are monitored, which means even changes to Infrastructure as Code files (Kubernetes manifest, Terraform) are detected
- The process that overwrote the file is shown in the insights page
- You can enable notifications to get one-time alert when source code is overwritten
