News
BluBracket announced that it has enhanced its code security solution
June 2022 by Marc Jacob
BluBracket announced that it has enhanced its code security solution to identify and eliminate the most overlooked risks in code. Closing these security gaps makes BluBracket the most effective and complete solution to protect enterprises from rapidly growing software supply chain attacks.
BluBracket does what SAST, DAST, and dependency analysis cannot - it finds the secrets and PII that hackers are using to accelerate their attacks. Many of the existing application security solutions are unable to address certain risks that BluBracket can. Experts are referring to code developed internally, which most often resides in git repositories, as the internal software supply chain and calling this the new attack surface.
The BluBracket Code Security Platform is the first solution that consolidates and acts on security risks from both the internal and external software supply chain. BluBracket scans code to protect software supply chains by preventing, finding, and fixing risks in source code, developer environments, and pipelines. The BluBracket code security solution addresses top risks in code that include secrets in code, exposed PII, access risks, and code leaks.
Key Benefits of the BluBracket Code Security Solution
Most complete view of internal code supply chain health: severity ranking of individual risks combined with sophisticated filtering tools make it easy to find actionable issues now, while aggregate scoring of severity across repos gives users a clear view of overall security health.
More comprehensive risk detection: in addition to the detection of secrets, PII, and non-inclusive language in code, git/CI configuration and access risks, and detection of code leaks, BluBracket has partnered to add dependency vulnerability checks powered by Snyk, Infrastructure as Code risks powered by Checkov, and code static analysis risks powered by Semgrep.
Composable tools and ready-made recipes for universal risk detection beyond code: open source solutions identify secrets and PII across the enterprise, including S3 buckets, logs, Confluence wiki pages, databases, and more. (Click here to learn more.)
Developer-first support: for GitHub, GitLab, Bitbucket, Azure DevOps, and Gerrit brings security to existing workflows, rather than forcing developers to bring their workflow to security. Reduce alert fatigue and increase happiness with guidance in-context. IDE integration, including a new IntelliJ plugin provides unobtrusive security guidance while writing code. Integration with pull request workflows (including GitHub Checks and Bitbucket Code Insights) provides guidance while developers are reviewing the code.
Fully enterprise ready: SOC2 Type II certification and SAML/single sign-on integration mean implementation takes minutes to provide seamless access to comprehensive security tools across teams. Integration with SIEM, alerting, and ticketing tools like Splunk, PagerDuty, Jira, and others adds comprehensive new security capabilities to the tools and processes teams are already using.
