Case Study: Dividend Finance strengthens GitHub security and limits secrets proliferation with Nightfall

Dividend Finance uses Nightfall to limit the proliferation of tokens and secrets in GitHub

Dividend Finance, a technology-enabled finance platform supporting the energy transition, faced risk during the April 2022 GitHub/Heroku supply chain attack that exposed private repositories to potential data exfiltration. As a Heroku customer, Dividend needed to quickly determine whether tokens, passwords, or other sensitive data in its GitHub repositories had been accessed, while also understanding whether its codebase contained embedded secrets.

Dividend Finance used Nightfall to monitor GitHub repositories for secrets and sensitive data, establish a baseline of normal commit behavior, and spot anomalous activity such as unfamiliar users or unusual commits. With Nightfall, Dividend was able to validate that no tokens or passwords had been compromised, improve visibility into repository contents and commit history, and reinforce its policy of minimizing secret proliferation.

Dividend

Rohan Sathe

CTO and Co-Founder