garnet.ai
garnet

Detect and block unknown threatsin yourCI/CD runners

Runtime security monitoring and enforcement for modern infrastructure. Protect any environment where you build, test or run your software.

Problem

Your pipeline is always expanding.
Unknown threats lurk in that complexity.

Garnet gives you visibility and control.

tj-actions/changed-files (March 2025)

tj-actions/changed-files (March 2025)

Attackers compromised a popular GitHub Action, injecting code that scanned CI/CD runners for secrets. The attack extracted sensitive credentials from memory and leaked them in build logs, potentially exposing thousands of repositories.

Lottie Player (2024)

Lottie Player (2024)

Attackers injected cryptocurrency miners during npm package builds, exploiting dynamic linking weaknesses that static analyzers missed. Over 4 million deployments were affected before detection.

Solana web3.js (Dec 2024)

Solana web3.js (Dec 2024)

The official @solana/web3.js npm package was compromised, injecting malicious code to exfiltrate crypto wallet keys—resulting in $190,000 theft from users.

Ultralytics (Dec 2024)

Ultralytics (Dec 2024)

Attackers exploited GitHub Actions cache to take control of the repository, introducing backdoors that installed crypto miners in CI runners. Despite attestation, the malicious behavior went undetected.

Codecov (2021)

Codecov (2021)

A malicious bash script in a popular testing tool exfiltrated credentials from thousands of companies, including Mercari, HashiCorp, and Twilio. It went undetected for two months.

SolarWinds (2020)

SolarWinds (2020)

A tampered build script infiltrated 6,500+ organizations. Attackers gained persistent access through compromised releases.

Product

Runtime Protection for Modern Development

Runtime monitoring that goes beyond static analysis to detect and prevent emerging security issues.

Behavioural detection & enforcement

Real-time runtime monitoring for network, file and process behaviours in your host environment.

  • Block malicious DNS
  • Block unauthorized file access
  • Block cryptomining activity
Behavioural detection & enforcement

Instant threat protection

Stop malicious activity like cryptomining, exfiltration, and tampering with out-of-the-box detections and threat intelligence.

Instant threat protection

Actionable alerts where you work

Detect and respond to incidents inside your existing workflow and tools—without the context switch.

  • High fidelity alerts in GitHub and Slack
Actionable alerts where you work
How it works

Deploy and forget

Plug and play runtime protection without complex configuration or code changes.

1

Connect

Integrate with your pipeline in minutes.

2

Detect

Surface only high priority issues.

3

Alert

Actionable alerts wherever your team works.

Powered by Jibril

A new architecture for Security Observability

Garnet is powered by Jibril, a new sensor purpose-built for Security Observability and modern detection and response.

Ultra-Light Footprint

Designed for minimal performance impact, ensuring your pipelines run at full speed while maintaining comprehensive security monitoring.

Universal Compatibility

Seamlessly integrates with any Linux environment in your DevOps pipeline, from local development to CI/CD systems to production servers.

Deep System Visibility

Leverages eBPF technology to operate at the kernel level, providing unparalleled detection and enforcement capabilities for advanced threats.

Trusted by Leaders

Security experts and engineering leaders trust Garnet to protect their pipelines

NPM logo
"There are a lot of tools that process security advisory data, but Garnet is the first I've seen that goes a step further, applying behavioral analysis to find issues before they get reported to an advisory database. This is the kind of thing we'd always wanted to do at npm, Inc., but never got around to. It's super exciting to see it come to fruition."
Isaac Z. Schlueter's profile picture

Isaac Z. Schlueter

Creator of NPM, cofounder of Volt.sh

PreWave logo
"I don't know about you, but having zero observability and no security enforcement in a CI/CD pipeline like GitHub Actions feels pretty scary... I'm looking forward to testing Jibril by Garnet"
Teodor P.'s profile picture

Teodor P.

SRE at Prewave

Crypto Wallet logo
"Dynamic analysis of libraries at build-time is a game changer. It will annihilate a whole new class of vulnerabilities if it works."
Don X.'s profile picture

Don X.

Security Engineer at Crypto Wallet

Contact Us

Get in touch

Have questions about Garnet? Drop us a message and we'll get back to you shortly.

Protect your DevOps pipeline today

Start securing your build, test, and runtime environments against unknown threats and vulnerabilities.