SolarWinds (2020)
A tampered build script infiltrated 6,500+ organizations. Attackers gained persistent access through compromised releases.
New: Automatic egress controls for GitHub Actions Runners
Supply Chain Protection for GitHub Workflows
Control third-party code running in your pipeline. Detect malicious dependencies and supply chain attacks before they hit production.
A hidden attack surface
Your CI is part of your production environment
Every time you run npm install or CI, you're executing code from strangers on the internet with access to your secrets and production infrastructure. But do you know whats inside, or where its connecting?
Real Breaches & Widespread Impact
Supply chain breaches start in your GitHub repository
Modern attacks increasingly target dev environments as entry points for injecting malware into your systems. A single script is all it takes to breach your sensitive data, customer trust, and brand reputation.
Codecov (2021)
A malicious bash script in a popular testing tool exfiltrated credentials from thousands of companies, including Mercari, HashiCorp, and Twilio. It went undetected for two months.
Lottie (2024)
Dynamic injections during builds bypassed static analysis tools, enabling widespread cryptocurrency theft that affected millions.
Solana web3.js (Dec 2024)
The official @solana/web3.js npm package was compromised in versions 1.95.6 and 1.95.7, injecting malicious code to exfiltrate crypto wallet keys. Over $190,000 was stolen.
Ultralytics YOLOv8 (Dec 2024)
Attackers exploited GitHub Actions cache to take control of the repository, introducing backdoors that installed crypto miners on host machines. Despite attestation, the malicious behavior went undetected.
Secure your GitHub repositories
Detect and prevent malicious connections in your CI workflows before they compromise your supply chain.
listen.dev provides instant DNS visibility and controls for your pipeline. Know exactly where your builds are connecting—and stop malicious packages and supply chain attacks in their tracks.
DNS protection
Track every DNS request in your CI runs and block connections to suspicious domains with managed blocklists to stop threats like data exfiltration, dynamic loading, and command & control (C2) setup attempts.
File & System Monitoring
Detect abnormal file writes, system calls, and process starts in real time, so hidden scripts or malicious builds are contained before damage. Catch attack patterns early and reduce mean time to detection (MTTD).
Automatic Baselines & Policy Controls
Learn your normal build patterns, then enforce guardrails against unexpected deviations—cutting out noise and reducing false positives.
Actionable Alerts in Your Tools
High-signal alerts are sent directly to your toolchain (e.g., Slack, SIEM) with full context. No noise—just actionable intelligence your team can rely on.
Integrate in minutes
Set & Forget Security for your GitHub Actions
Instant protection with no code changes, config or overhead.
Dev-time Observability
Stop attacks, not development
A new approach to runtime security for modern software -purpose-built for modern teams, stacks and emerging threats.
Deep runtime visibility
Powered by eBPF, listen.dev monitors kernel-level execution with minimal overhead.
Zero-friction setup
A single binary deploys seamlessly, with zero configuration.
Optimized for speed
Lightweight, zero-copy architecture ensures negligible impact on build performance and CI wall times.
Trusted by leaders
Comprehensive supply chain protection for frontier teams
Stay ahead of emerging threats. Release with confidence.
“There are a lot of tools that process security advisory data, but listen.dev is the first I've seen that goes a step further, applying behavioral analysis to find issues before they get reported to an advisory database. This is the kind of thing we'd always wanted to do at npm, Inc., but never got around to. It's super exciting to see it come to fruition.”
Isaac Z. Schlueter
Isaac Z. Schlueter, NPM, Inc.
“Dynamic analysis of package behavior is huge. It will annihilate a whole class of vulnerabilities”
ryootak
ryootak, Crypto wallet
Secure your CI pipeline in minutes
Don’t wait for the next breach. Secure your builds with listen.dev.