Developer teams work hard to deliver high quality code that meets business requirements. Having an internal development team that produces source code is a huge investment for any size enterprise. Optimizing these investments creates the drive to deliver more code faster, with higher code quality and that is written to be secure as well.
End-to-end visibility into the code realization process involving planning, coding, testing, and deployment stages can take place with certain common platforms, however developers have a preference to use their favorite best in breed tools in each of the phases. This is particularly true for cloud based environments.
There are two main reasons why these tools need to be integrated:
- It provides teams and their managers to automate the orchestration of code delivery and provision instrumentation that can track individual tasks as well as deliver consolidated progress across disparate application development tools acquired from multiple providers
- Equating code security with the same importance as code quality (if not more) drives the need for specific application security tools to be integrated with distinct parts of the code development process.
Integrations across all of these elements allow security to be integrated into all of the relevant steps for overall security. The process of addressing security concerns very early in the process is a facet of DevSecOps where security starts at the very beginning of the development process thereby enabling security to shift left.
Application security, and more specifically code security integrations could encompass version control systems, source code management, continuous integration (CI) processes that encompass source code repositories with automated builds, automated testing and exception management with visibility so that entire teams can collaborate on rapid deployment while resolving security risks in flight.
BluBracket automates the detection, identification, and removal of secrets in code. BluBracket identifies all categories that make up secrets in code, ranks them by risk and provides a means to remediate. BluBracket protects code from leaking into public repositories and prevents secrets and IP from getting into the wrong hands. BluBracket works across multiple git providers, integrates with enterprise CI/CD tools, version control, code servers, identity and access management systems, messaging, ticketing and many other IT resources.
Integrations commonly supported by the BluBracket code security platform include:
- Local workflow tools
- Code servers
- CI servers
- Identity, authentication, and authorization
- Ticketing & incident management
- Build your own integration
The following section details how each of these integrations can be configured and leveraged for security.
Available local tools and integrations
- IntelliJ (via CLI, full plugin coming soon)
- Visual Studio Code (via CLI)
Usage guide: installing and using the CLI.
Certified & supported code servers:
- GitHub Cloud
- GitHub Enterprise (including on-prem)
- GitLab Cloud
- GitLab on-prem
- Bitbucket Cloud
- Bitbucket Server
- Azure DevOps
Usage guide: adding code servers.
Certified & supported CI servers:
- GitHub Checks
- Bitbucket Code Insights
Additional integrations are available via our open CI API.
Usage guide: configuring CI checks.
Certified & supported identity integrations:
- Azure AD
- GitHub OAuth
- Gitlab OAuth (coming soon)
- Bitbucket OAuth (coming soon)
Certified & supported messaging integrations:
- Microsoft Teams
Certified & supported ticketing & incident management integrations:
- Webhooks (coming soon)
BluBracket’s git access and configuration monitoring tools make it easy to see who and what has access across the codebase, and alert when access permissions don’t conform to policy.
For more information on how BluBracket delivers code security and protects against code leaks visit https://blubracket.com/products/enterprise-edition/To get started with BluBracket for free visit https://blubracket.com/contact/get-started/
*** This is a Security Bloggers Network syndicated blog from BluBracket: Code Security & Secret Detection authored by Pan Kamal. Read the original post at: https://blubracket.com/integrating-code-security-with-ci-cd-and-enterprise-tools/