BluBracket announced that it has
enhanced its code security solution to identify and eliminate the most
overlooked risks in code. Closing these security gaps makes BluBracket the most
effective and complete solution to protect enterprises from rapidly growing
software supply chain attacks.
BluBracket does what SAST, DAST,
and dependency analysis cannot - it finds the secrets and PII that hackers are
using to accelerate their attacks. Many of the existing application security
solutions are unable to address certain risks that BluBracket can. Experts are
referring to code developed internally, which most often resides in git
repositories, as the internal software supply chain and calling this the new
attack surface.
The BluBracket Code Security
Platform is the first solution that consolidates and acts on security risks
from both the internal and external software supply chain. BluBracket scans
code to protect software supply chains by preventing, finding, and fixing risks
in source code, developer environments, and pipelines. The BluBracket code
security solution addresses top risks in code that include secrets in code,
exposed PII, access risks, and code leaks.
"The industry needs
comprehensive code security solutions that make it easy for customers to secure
their code both upstream and within their own internal development teams,"
said Jim Zemlin, executive director of the
Linux Foundation, a BluBracket customer. "In light of recent attacks on
core software projects and the White House Executive Order calling for improved
software supply chain security, the need for a comprehensive code security
solution is clear."
Key
Benefits of the BluBracket Code Security Solution
- Most complete view of internal code supply
chain health: severity ranking of individual risks combined with
sophisticated filtering tools make it easy to find actionable issues now,
while aggregate scoring of severity across repos gives users a clear view
of overall security health.
- More comprehensive risk detection: in
addition to the detection of secrets, PII, and non-inclusive language in
code, git/CI configuration and access risks, and detection of code leaks,
BluBracket has partnered to add dependency vulnerability checks powered by
Snyk, Infrastructure as Code risks powered by Checkov, and code static
analysis risks powered by Semgrep.
- Composable tools and ready-made
recipes for universal risk detection beyond code: open source
solutions identify secrets and PII across the enterprise, including S3
buckets, logs, Confluence wiki pages, databases, and more.
- Developer-first support: for GitHub,
GitLab, Bitbucket, Azure DevOps, and Gerrit brings security to existing
workflows, rather than forcing developers to bring their workflow to
security. Reduce alert fatigue and increase happiness with guidance
in-context. IDE integration, including a new IntelliJ plugin provides
unobtrusive security guidance while writing code. Integration with pull
request workflows (including GitHub Checks and Bitbucket Code Insights)
provides guidance while developers are reviewing the code.
- Fully enterprise ready: SOC2 Type
II certification and SAML/single sign-on integration mean implementation
takes minutes to provide seamless access to comprehensive security tools
across teams. Integration with SIEM, alerting, and ticketing tools like
Splunk, PagerDuty, Jira, and others adds comprehensive new security
capabilities to the tools and processes teams are already using.
"Developers
and application security teams have to collaborate to address the growing need
for security at the code level. Security solutions that integrate seamlessly
into developer environments are most likely to see successful adoption and
ultimately be most effective," said Prakash Linga, founder and CEO,
BluBracket. "BluBracket has bridged the gap to create a unique and
superbly effective code security solution that finally supports the needs of
both the developer and security communities."