Avatar

Announcing Network visibility for GitHub Actions runners

Runtime protection for GitHub Actions

Get real-time visibility and control over the third-party code running in your builds. Prevent supply chain attacks and catch issues before your users do.

A growing attack surface

Every Build Runs Code You Don’t See or Control

Your CI pipeline isn’t just a tool—it’s a gateway to your production environment. Every dependency, tool, and script you pull introduces unseen risks. With each build, this invisible attack surface expands, creating critical blind spots that static tools can’t detect.

Real Breaches & Widespread Impact

Supply Chain Attacks Start in CI

Attackers are targeting CI systems to infiltrate your systems, even if you're securing your code and endpoints. A single malicious script can compromise sensitive data, expose customers, and damage your reputation.

SolarWinds (2020)
SolarWinds (2020)

A tampered build script infiltrated 6,500+ organizations. Attackers gained persistent access through compromised releases.

Codecov (2021)
Codecov (2021)

A malicious bash script in a popular testing tool exfiltrated credentials from thousands of companies, including Mercari, HashiCorp, and Twilio. It went undetected for two months.

Lottie (2024)
Lottie (2024)

Dynamic injections during builds bypassed static analysis tools, enabling widespread cryptocurrency theft that affected millions.

Solana web3.js (Dec 2024)
Solana web3.js (Dec 2024)

The official @solana/web3.js npm package was compromised in versions 1.95.6 and 1.95.7, injecting malicious code to exfiltrate crypto wallet keys. Over $190,000 was stolen.

Ultralytics YOLOv8 (Dec 2024)
Ultralytics YOLOv8 (Dec 2024)

Attackers exploited GitHub Actions cache to take control of the repository, introducing backdoors that installed crypto miners on host machines. Despite attestation, the malicious behavior went undetected.

Secure your GitHub Actions

Runtime Security Monitoring Built for Modern CI/CD

listen.dev provides unparalleled visibility into what runs during your builds, detecting malicious behaviors that static analysis tools miss.

Track every connection

See every endpoint your builds connect to. Map allowed destinations and block unauthorized egress to prevent data leaks.

    Detect runtime threats early

    Monitor execution flows and system interactions in real time. Catch malicious signals early and reduce mean time to detection (MTTD).

      Behavioral baselines and anomaly detection

      Automatically learn normal runtime behavior for every build and flag anything that deviates.

        Actionable Alerts in Your Tools

        High-signal alerts are sent directly to your toolchain (e.g., Slack, SIEM) with full context. No noise—just actionable intelligence your team can rely on.

          Dynamic scanning for your pipeline

          One step in your GitHub Actions workflow

          Integrate in minutes—no code changes, no configuration, no overhead.

          Dev-time Observability

          A modern approach to secure development

          Purpose-built for modern development teams, stacks and emerging threats.

          Deep runtime visibility
          Deep runtime visibility

          Powered by eBPF, listen.dev monitors kernel-level execution with minimal overhead.

          Zero-friction setup
          Zero-friction setup

          A single binary deploys seamlessly, with zero configuration.

          Optimized for speed
          Optimized for speed

          Lightweight, zero-copy architecture ensures negligible impact on build performance and CI wall times.

          Trusted by leaders

          Comprehensive supply chain protection for frontier teams

          Stay ahead of emerging threats. Release with confidence.

          There are a lot of tools that process security advisory data, but listen.dev is the first I've seen that goes a step further, applying behavioral analysis to find issues before they get reported to an advisory database. This is the kind of thing we'd always wanted to do at npm, Inc., but never got around to. It's super exciting to see it come to fruition.
          Isaac Z. Schlueter

          Isaac Z. Schlueter, NPM, Inc.

          NPM, Inc.
          Dynamic analysis of package behavior is huge. It will annihilate a whole class of vulnerabilities
          ryootak

          ryootak, Crypto wallet

          Crypto wallet

          Secure your CI pipeline in minutes

          Don’t wait for the next breach. Secure your builds with listen.dev.

          Stay in the loop

          Join our newsletter for updates, research and latest trends in supply chain security.