BoostSecurity Blogs, Press & Events

Unveiling Bagel: Why Your Developer's Laptop is the Softest Target in Your Supply Chain

Written by BoostSecurity.io | Feb 11, 2026 6:06:36 PM

TL;DR We're releasing bagel, an open-source CLI that inventories security-relevant metadata on developer workstations. Credentials, misconfigs, and exposed secrets. It's cross-platform, privacy-first, and designed to help security teams understand the attack surface that modern supply chain adversaries are actively exploiting. Stay tuned for more exciting news about how Boost works to secure every part of the modern software factory (developer endpoints included).

The Overlooked Entry Point

We've spent years obsessing over CI/CD pipeline security with poutine, because that was the place where we saw a lot of supply chain risk entering the software factory. But attackers have noticed that there’s another path into your software supply chain: through the machine sitting on your developer's desk.

Developer workstations are credential goldmines. A single compromised laptop typically contains:

  • GitHub tokens with write access to repos
  • AWS/GCP/Azure credentials that can spin up infrastructure or exfiltrate data
  • SSH keys to jump servers and production systems or access code
  • npm/PyPI tokens capable of publishing malicious packages to millions of downstream users
  • AI service keys (OpenAI, Anthropic) that attackers can abuse for financial gain

Taken together, this represents production-level access sitting outside most security controls. And unlike hardened CI runners, these machines browse the web, install VS Code extensions from marketplaces, run npm install on sketchy packages, and open "technical assessments" from fake recruiters. The attack surface is enormous. 

Real World Consequences

The Shai-Hulud (and Shai-Hulud 2.0 etc) malware campaigns, were a self-perpetuating supply chain compromise engine fueled by stolen developer credentials.

How it concretely leveraged developer laptops:

  1. The Hook: A developer accidentally installs a compromised NPM package.
  2. The Exfiltration: The malware immediately scans the laptop for secrets. It specifically targets .npmrc files, .aws/credentials, .git-credentials and more.
  3. The Pivot: Attackers used the stolen NPM automation tokens found on these laptops to gain administrative access to legitimate packages.
  4. The Spread: Using these trusted credentials, they published new, malicious versions of popular packages. Because the "human" developer was compromised, the malicious code was delivered through official channels, bypassing most perimeter defenses.

This is just one example of how this entry point was leveraged. A developer’s laptop is increasingly being recognized by threat actors as an excellent vector into the supply chain of software and organizations.  

Why We Built Bagel

Developer laptops now carry production-grade access, but they’ve historically been outside formal security controls. We built Bagel as an educational tool to help people better understand their own attack surface so that they can reduce the risk if they get compromised. Even we (the authors of Bagel) found interesting things on our own laptops after running it.

🥯 What Bagel Does

Bagel scans developer workstations and produces a structured JSON report of security-relevant findings. It examines:

Configuration Security:

  • Git settings (SSL verification, credential storage, dangerous protocols)
  • SSH configuration (host key checking, agent forwarding, key permissions)
  • NPM/Yarn settings (strict-ssl, registry security)

Secret Detection:

  • Environment variables and shell configs
  • Shell history (those curl -H "Authorization: Bearer …" commands)
  • Cloud credential files (AWS, GCP, Azure)
  • IDE run configurations (JetBrains workspace.xml)
  • Package manager tokens

Authentication Posture:

  • Active GitHub CLI sessions
  • Cached cloud provider tokens
  • SSH agent state

🔒 Privacy by Design 

Bagel keeps developers’ secrets private. It never reads or transmits actual secret values.

When Bagel finds a secret, it reports:

  • That a secret exists
  • Its location
  • A SHA-256 fingerprint for deduplication
  • The secret type (classic PAT, fine-grained, OAuth, etc.)

It does not report the token itself. The same applies to SSH keys, cloud credentials, and every other secret type. You get full visibility into your exposure without creating new exfiltration risk.

{
    "id": "github-token-classic-pat",
    "probe": "env",
    "severity": "critical",
    "title": "GitHub Token Detected (Classic Personal Access Token)",
    "path": "env:GITHUB_TOKEN",
    "metadata": {
        "fingerprint": "sha256:a1b2c3...",
        "token_type": "classic-pat"
    }

🚀 Quick Start

# Intel Mac
curl -sL https://github.com/boostsecurityio/bagel/releases/latest/download/bagel_Darwin_x86_64.tar.gz | tar xz
mv bagel /usr/local/bin/

# Apple Silicon
curl -sL https://github.com/boostsecurityio/bagel/releases/latest/download/bagel_Darwin_arm64.tar.gz | tar xz
mv bagel /usr/local/bin/

# Linux x86_64
curl -sL https://github.com/boostsecurityio/bagel/releases/latest/download/bagel_Linux_x86_64.tar.gz | tar xz
mv bagel /usr/local/bin/

# Execute
bagel scan

 

The Bigger Picture

Poutine secures your pipelines. Bagel secures the environment where code is written, before it ever reaches CI/CD. Together, they apply security controls across a software factory where risks no longer begin at CI/CD.

One important note: Bagel (and Poutine) are open source on purpose. We think these building-block tools should exist in the OSS world, both for transparency and for broad community benefit. 

But we also know enterprises have more complex needs than a CLI can solve on its own. If your goal is full, organization-wide control across the entire software factory (policy, enforcement, workflow integration, reporting, and scale) that’s what the Boost platform is for.

Bagel is one piece of a larger shift inside the Boost platform. Attackers don’t respect boundaries between laptops, repos, and pipelines … so neither do we. Think of Bagel as the first step in extending enforceable security controls across the full software factory. We’re just getting started: stay tuned for some big announcements.


Bagel is open source under GPLv3 Star it, fork it, and contribute probes for tools we missed(Roadmap is in issues).

👉 https://github.com/boostsecurityio/bagel

 
View full post