Threat coverage

listen.dev provides coverage on common attack vectors and known indicators of harmful behavior against a set of rules and heuristics. This includes:

Build-time threat coverage in CI

Our starting coverage is on threats that trigger during installation of packages in the build phase, which is the stage where 3rd party open source code gets bundled with internal application code.

These threats compromise build systems, or can be used by the attacker as an entrypoint to attack production infrastructure and applications.

Threats that trigger during build processes and CI/CD (install-time) If a malicious package gets installed during the build, an attacker can perform some of these activities in the context of the build system:

• Steal code and any hardcoded sensitive data along with it.
• Plant a backdoor in code to be used after the code is deployed to the production environment.
• Steal compute resources like CPU, RAM, etc. for activities like crypto mining.
• Steal environment variables, sensitive files, credentials, certificates, etc.
• Perform lateral movement and privilege escalation with the data collected.

What kind of attacks does it prevent against?

listen.dev provides the first line of defense against a range of known and unknown supply chain threats, including:

• Typo-squatting
• Dependency confusion
• Dependency poisoning through malware
• Package & maintainer hijacking

Feedback and requests

Our team is constantly improving the ruleset and adding coverage for more attack vectors. If you have any specific requests or feedback, please reach out to us.