Security News > 2020 > July > DeepSource Says Hackers Compromised Its GitHub Application
Automated code review tool provider DeepSource this week announced that it reset tokens, secrets, private keys, and employee credentials after being informed that its GitHub application was compromised.
Designed to help developers identify security flaws, bug risks, and performance issues during code review, DeepSource also provides integration with GitHub to allow app authors get started with code analysis fast.
On Tuesday, DeepSource announced that, on July 11, the GitHub Security Team informed them of potentially malicious activity related to the DeepSource GitHub application, and that precautionary measures to limit potential access to resources were taken immediately.
Following a deeper investigation GitHub determined that hackers managed to compromise the GitHub account of one of DeepSource's employees, as part of the Sawfish phishing campaign that was detected earlier this year.
To further improve security, DeepSource plans on launching a bug bounty program in the near future, to identify weaknesses in its assets, even if this incident is not the result of a vulnerability in the DeepSource application itself.