Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Tired of managing hundreds or thousands of configurations as your microservice footprint scales? Tired of config files, environment variables, poorly managed secrets, and constantly crashing containers due to configuration mismanagement? There’s a better way. Figgy!
Cultivate configuration clarity with Figgy. Open-source, cloud-native, configuration & secret management in AWS.
Learn everything you need to know about Figgy by checking out the website:
Join our Slack community:
Figgy is a free and opensource serverless application config framework designed to bring simplicity, security, and resilience to
application config management. Figgy is built on top of AWS ParameterStore and leverages native AWS constructs such as AWS IAM,
KMS, among other services to ensure a simple and elegant integration with your AWS environment.
Never roll another application to production having forgotten to set that last pesky config in production.
Figgy makes it possible to bind your code directly to configurations. Easily break builds if configs are missing and application deployments are destined to fail.
Control user access like a champ
Figgy makes it easy to set up and control access to across all of your AWS environments and configuration namespaces. Consider your role types and use cases, map them up in a simple config file, and let Figgy do the rest. Audit all user activity and changes over time, and roll back any config or group of configurations to any point-in-time -- to the second!
Integrate with your SSO provider, abandon long-lived AWS Keys for good
Figgy supports SAML based SSO integrations with multi-factor authentication. Simplify AWS access control with Figgy!
Feature rich CLI to speed-up your development workflow.
Figgy will help you:
As your cloud footprint grows, so do the configurations you need to manage your applications. Figgy is a framework for simple, secure, and resilient config management in AWS. The best part? No new servers to deploy, upgrade, and patch. No complex software to learn. Follow Figgy’s laid-out path for config management. It’s AWS native, compatible with all AWS services, and follows AWS best practices. Let Figgy help you get it right from the start.
Figgy provides a suite of utilities that link your code to your configs. Detect and remedy misconfigurations before deployment rather than scrambling after the alarm bells are going off.
Figgy establishes a framework for teams of secret owners to securely track, manage, and rotate their secrets in their team’s secure space. From that space they can share secrets directly with the applications that need them -- without going through a middle-man. No more LastPass, one-time urls, secrets sent over Slack, email, encrypted files, or any of those annoying secret management hoops. In a few weeks, when your coworker "Bill" finds new employment, don’t ask yourself, "What secrets passed through Bill that we need to rotate now?"
Figgy makes it easy to give both users and applications the exact amount of access they need and nothing more, and provides a framework for scalably maintaining and enforcing least privilege. By following Figgy best practices you can easily maintain appropriate access for users and services while keeping your IAM policies short and sweet.
Figgy maintains a history of every event that has ever occurred in your configuration store since the day you installed Figgy. Know what happened, where, when, and by who. Then, roll back any configuration, or hierarchy of configurations, to any point-in-time in the past, to the second.
Want to dip your toes in and test out the waters? Try out our free Sandbox
FAQs
Tired of managing hundreds or thousands of configurations as your microservice footprint scales? Tired of config files, environment variables, poorly managed secrets, and constantly crashing containers due to configuration mismanagement? There’s a better way. Figgy!
We found that figgy-cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.