CircelCI Security Alert

Incident Report for Snyk

Resolved

This incident has been resolved.
Posted Jan 23, 2023 - 20:37 UTC

Monitoring

A fix has been implemented and we are monitoring the results.
Posted Jan 10, 2023 - 21:51 UTC

Update

Yesterday (2023-01-05) Snyk was made aware of a potential security incident via a tool in our supply chain: https://circleci.com/blog/january-4-2023-security-alert/

Investigations have found no indication of unauthorised access to Snyk resources. As a precautionary measure, all secrets and tokens stored within Snyk’s CircleCI have been rotated.

We will continue to monitor the situation.
Posted Jan 06, 2023 - 17:18 UTC

Update

As of this morning (2023-01-05) Snyk was made aware of a potential security incident (https://circleci.com/blog/january-4-2023-security-alert/) with a tool in our supply chain.

At present we have no indication of any breach of Snyk data or credentials. We are continuing to actively investigate this report.
Posted Jan 05, 2023 - 10:48 UTC

Investigating

We are currently investigating this issue.
Posted Jan 05, 2023 - 10:46 UTC