Real-time Threat Detection
for CI/CD workloads

Real-time Threat Detection
for CI/CD workloads

listen.dev continously monitors your builds to detect & prevent malicious behavior coming from 3rd party dependencies & development tools.

listen.dev continously monitors your builds to detect & prevent malicious behavior coming from 3rd party dependencies & development tools.

listen.dev continously monitors your builds to detect & prevent malicious behavior coming from 3rd party dependencies & development tools.

Real-time Threat Detection
for CI/CD workloads

Real-time Threat Detection
for CI/CD workloads

Integrate in minutes


steps:
- uses: listendev/action
with:
jwt: LSTN_API_KEY

ci: true

pytorch/pytorch-test

Update model weights

ba5f55f

13:09

build.created

webhook.triggered

13:09

build.created

Step:actions/checkout@v3

Process

Domain

Status

git-remote-http

A developer-first experience
A developer-first experience
Collaborate with our community
Collaborate with our community

github.com

accessing

pypi.org

Collaborate with our community
Collaborate with our community

python3

A developer-first experience
A developer-first experience

accessing

curl

A developer-first experience
A developer-first experience

accessing

Alert

Step:Update dependencies

e134.pipedream.net

Collaborate with our community
Collaborate with our community

webhook.triggered

Add a single step to your GitHub Actions workflow file, and start listening...

Add a single step to your GitHub Actions workflow file, and start listening...

Add a single step to your GitHub Actions workflow file, and start listening...

Integrate in minutes


steps:
- uses: listendev/action
with:
jwt: LSTN_API_KEY

ci: true

pytorch/pytorch-test

Update model weights

ba5f55f

13:09

build.created

Step:

actions/checkout@v3

Process

Domain

Status

git-remote-http

A developer-first experience

accessing

Collaborate with our community

api.github.com

TCP

via

Step:

Update dependencies

Alert

curl

A developer-first experience
Collaborate with our community

e134.pipedream.net

accessing

TCP

TCP

python3

A developer-first experience
Collaborate with our community

pypi.org

accessing

via

via

webhook.triggered

13:09

Uncover hidden threats in your development environments

Uncover hidden threats in your development environments

Attackers are injecting malware in dependencies, base images, and 3rd-party tools to compromise CI/CD pipelines, leading to security breaches in production apps & infrastructure.
It's critical to catch these threats early.

event-stream: Bitcoin-stealing malware in npm package

Malicious npm package event-stream downloaded 8 million times in the past 2.5 months raises supply chain security alarm

Compromised build environment results in SolarWinds breach

Described as the ‘most sophisticated attack’ by Microsoft, the breach impacts F500 and governments globally.

Popular testing tool exfiltrates sensitive credentials

A malicious bash uploader script undetected for 2 months steals credentials from customers.

Attackers are targeting developer environments now.

Scanning for known CVEs isn't enough.

Attackers are embedding malware in open source packages, base images, and third-party tools to compromise CI/CD processes, leading to major security breaches in production apps & infrastructure. Mitigating these risks pre-production is critical.

Malicious npm package event-stream downloaded 8 million times in the past 2.5 months raises supply chain security alarm

event-stream: Bitcoin-stealing malware in npm package

Popular testing tool exfiltrates sensitive credentials

A malicious bash uploader script undetected for 2 months steals credentials from customers.

Compromised build environment results in SolarWinds breach

Described as the ‘most sophisticated attack’ by Microsoft, the breach impacts F500 and governments globally.

"There are a lot of tools that process security advisory data, but listen.dev is the first I've seen that goes a step further, applying behavioral analysis to find issues before they get reported to an advisory database. This is the kind of thing we'd always wanted to do at npm, Inc., but never got around to. It's super exciting to see it come to fruition."

Isaac Z.Schlueter

Creator of npm,
Former Node.js project lead

Flag suspicious behavior in your build & test workflows

using our dynamic behavioral analysis engine

Monitor system-level interactions in your pipeline–including DNS, network, file, and process events. Continuously observe every change against a set of detections for known bad behaviors. Trace issues back to their source using context and intelligence for faster remediation—all inside your existing code reviews.

Deep visibility
powered by eBPF
Deploy & Forget
solution
Lightweight Runtime Agent
Language & Stack agnostic
Purpose built
for CI/CD
Privacy-first
by design
Language & Stack agnostic
Deploy & Forget
solution

Flag suspicious behavior during
Build, Test & Deploy

with best-in-class dynamic threat analysis & detection coverage

listen.dev observes system-level interactions in your pipeline–including DNS, file, and process events. It continuously monitors every change against a set of detections for known indicators of malicious activity. Trace issues back to their source using context for faster remediation—all inside your existing code reviews.

Out-of-the-box detections
Language & Stack agnostic
Deep visibility powered by eBPF
Deploy & Forget solution

Flag suspicious behavior
in your build & test workflows

Flag suspicious behavior
in your build & test workflows

with best-in-class dynamic threat analysis & detection coverage

with best-in-class dynamic threat analysis & detection coverage

listen.dev observes system-level interactions in your pipeline–including DNS, network, file, and process events. It continously monitors every change against a set of detections for known indicators of malicious activity. Trace issues back to their source using intelligent context for faster remediation—all inside your existing code reviews.

Out-of-the box detections
Language &
Stack agnostic
Deploy & Forget solution
Deep visibility powered by eBPF

"There are a lot of tools that process security advisory data, but listen.dev is the first I've seen that goes a step further, applying behavioral analysis to find issues before they get reported to an advisory database.

This is the kind of thing we'd always wanted to do at npm, Inc., but never got around to. It's super exciting to see it come to fruition."

Isaac Z.Schlueter

npm creator

"There are a lot of tools that process security advisory data, but listen.dev is the first I've seen that goes a step further, applying behavioral analysis to find issues before they get reported to an advisory database. This is the kind of thing we'd always wanted to do at npm, Inc., but never got around to. It's super exciting to see it come to fruition."

Isaac Z.Schlueter

Creator of npm,
Former Node.js project lead