There has been a surge in the number of organizations who have reported theft of source code, exposure of secrets in code and in many cases, their proprietary code getting exposed in external repositories due to unauthorized access or code leaks. 

In a recent survey we conducted with ESG that included 350 IT, application security and developer teams, it was determined that 31% of organizations have reported secrets stolen from their git repositories. Most application security tools do not recognize these secrets. (Can you imagine a bank saying “a third of our depositors have money stolen from their account”, and still remaining in business?).

What is BluBracket?

BluBracket is a code and git security suite that identifies risks in your code, monitors who and what has access to your code, and tracks where your code goes outside your git repos.

BluBracket automates the detection, identification, and removal of secrets in code. BluBracket identifies all categories that make up secrets in code, ranks them by risk and provides a means to remediate. BluBracket protects code from leaking into public repositories and prevents secrets and IP from getting into the wrong hands. 

BluBracket works across multiple git providers, integrates with enterprise CI/CD tools, version control, code servers, identity and access management systems, messaging, ticketing and many other IT resources.

BluBracket use-cases 

• Identifying, preventing, and removing risks in code
  • Secrets
  • Personally identifiable information (PII)
  • Non-inclusive language (NIL)
  • Code analysis (SAST)
  • Infrastructure-as-code (IAC) risks
  • Dependency vulnerabilities
• Monitoring who and what has access to your code
• Monitoring where your code goes

Who is BluBracket for? 

BluBracket is for individual developers, development and appsec teams of all sizes, and enterprise infosec teams.

• BluBracket Community Edition
  Core BluBracket code security features—including the CLI tools. Available free with no time limit for personal use and teams under 50 devs.
• BluBracket Team Edition
  All the BluBracket features to identify risks in your code, and improve code security with every commit. Available as a full-featured, free, no-obligation trial.
• BluBracket Enterprise Edition
  The entire suite of BluBracket code security features to identify risks in your code, git access and configuration risks, and track where code goes outside your git repos. Contact our customer success team for a free demo.

How BluBracket works 

BluBracket has two parallel modes of operation:

1. As a SaaS suite providing protection and alerts across a codebase, supporting the detection, analysis, and remediation of security risks in the code and related to code access
2. As a local code security tool, with integrations to popular IDEs to support immediate identification of potential risks in the code, without the risk of sending that code to remote servers

And BluBracket integrates at multiple points in the SDLC workflow:

• Before code is committed, via the CLI and pre-commit hooks, and in popular IDEs
• Before code is merged, via CI checks (GitHub Checks, Bitbucket Code Insights, Jenkins, etc.)
• Actionable alerts in Slack and other tools when new risks are detected
• Tools to analyze and understand existing risks, and trend reports to see improvement over time

Where does BluBracket integrate? 

• Local/workstation tools
• Code servers, like GitHub and Bitbucket
• CI servers, like GitHub Actions and Jenkins
• Identity, authentication, and authorization systems like SAML and Active Directory
• Messaging systems, like Slack
• Ticketing & incident management systems, like Jira and PagerDuty
• Build your own with APIs and webhooks

BluBracket helps answer three critical questions

BluBracket helps application security teams and development teams assess and mitigate risks in code by answering three critical questions:

1. What’s in your code? Including dependencies, behavioral risks and content risks
2. Who has access? Access and configuration monitoring as well as enforcement from code to delivery
3. Where is it going? Active intelligence and monitoring for intentional and unintentional leaks of secrets in code.

How to get started with BluBracket 

Our Community Edition is always free and you can do a no-obligation trial of our Team Edition, just sign in here to get started. Interested in all our features? Contact our customer success team for a free Enterprise Edition demo.See all the steps to getting started for free, online here.

*** This is a Security Bloggers Network syndicated blog from BluBracket: Code Security & Secret Detection authored by Pan Kamal. Read the original post at: https://blubracket.com/blog-how-blubracket-identifies-risks-in-source-code-to-enhance-code-security/