BluBracket Enhances Code Security Solution
June 09, 2022

BluBracket has enhanced its code security solution to identify and eliminate the most overlooked risks in code.

Closing these security gaps makes BluBracket the most effective and complete solution to protect enterprises from rapidly growing software supply chain attacks.

BluBracket does what SAST, DAST, and dependency analysis cannot - it finds the secrets and PII that hackers are using to accelerate their attacks. Many of the existing application security solutions are unable to address certain risks that BluBracket can. Experts are referring to code developed internally, which most often resides in git repositories, as the internal software supply chain and calling this the new attack surface.

The BluBracket Code Security Platform is a solution that consolidates and acts on security risks from both the internal and external software supply chain. BluBracket scans code to protect software supply chains by preventing, finding, and fixing risks in source code, developer environments, and pipelines. The BluBracket code security solution addresses top risks in code that include secrets in code, exposed PII, access risks, and code leaks.

Key Benefits of the BluBracket Code Security Solution:

- A complete view of internal code supply chain health: severity ranking of individual risks combined with sophisticated filtering tools make it easy to find actionable issues now, while aggregate scoring of severity across repos gives users a clear view of overall security health.

- More comprehensive risk detection: in addition to the detection of secrets, PII, and non-inclusive language in code, git/CI configuration and access risks, and detection of code leaks, BluBracket has partnered to add dependency vulnerability checks powered by Snyk, Infrastructure as Code risks powered by Checkov, and code static analysis risks powered by Semgrep.

- Composable tools and ready-made recipes for universal risk detection beyond code: open source solutions identify secrets and PII across the enterprise, including S3 buckets, logs, Confluence wiki pages, databases, and more.

- Developer-first support: for GitHub, GitLab, Bitbucket, Azure DevOps, and Gerrit brings security to existing workflows, rather than forcing developers to bring their workflow to security. Reduce alert fatigue and increase happiness with guidance in-context. IDE integration, including a new IntelliJ plugin provides unobtrusive security guidance while writing code. Integration with pull request workflows (including GitHub Checks and Bitbucket Code Insights) provides guidance while developers are reviewing the code.

- Fully enterprise ready: SOC2 Type II certification and SAML/single sign-on integration mean implementation takes minutes to provide seamless access to comprehensive security tools across teams. Integration with SIEM, alerting, and ticketing tools like Splunk, PagerDuty, Jira, and others adds comprehensive new security capabilities to the tools and processes teams are already using.

"Developers and application security teams have to collaborate to address the growing need for security at the code level. Security solutions that integrate seamlessly into developer environments are most likely to see successful adoption and ultimately be most effective," said Prakash Linga, Founder and CEO, BluBracket. "BluBracket has bridged the gap to create a unique and superbly effective code security solution that finally supports the needs of both the developer and security communities."

Share this

Industry News

January 30, 2023

F5 announced the general availability of F5 NGINXaaS for Azure, an integrated solution co-developed by F5 and Microsoft that empowers enterprises to deliver secure, high-performance applications in the cloud.

January 30, 2023

Tenable announced Tenable Ventures, a corporate investment program.

January 26, 2023

Ubuntu Pro, Canonical’s comprehensive subscription for secure open source and compliance, is now generally available.

January 26, 2023

Mirantis, freeing developers to create their most valuable code, today announced that it has acquired the Santa Clara, California-based Shipa to add automated application discovery, operations, security, and observability to the Lens Kubernetes Platform.

January 25, 2023

SmartBear has integrated the powerful contract testing capabilities of PactFlow with SwaggerHub.

January 25, 2023

Venafi introduced TLS Protect for Kubernetes.

January 25, 2023

Tricentis announced the general availability of Tricentis Test Automation, a cloud-based test automation solution that simplifies test creation, orchestration, and scalable test execution for easier collaboration among QA teams and their business stakeholders and faster, higher-quality, and more durable releases of web-based applications and business processes.

January 24, 2023

Harness announced the acquisition of Propelo.

January 23, 2023

Couchbase announced its Couchbase Capella Database-as-a-Service (DBaaS) offering on Azure.

January 23, 2023

Mendix and Software Improvement Group (SIG) have announced the release of Mendix Quality & Security Management (QSM), a new cybersecurity solution that provides continuous deep-dive insights into security and code quality to immediately address risks and vulnerabilities.

January 23, 2023

Trunk announces the public launch of CI Analytics.

January 23, 2023

Panaya announced a new Partnership Program in response to ongoing growth within its partner network over the past year.

January 23, 2023

Cloudian closed $60 million in new funding, bringing the company’s total funding to $233 million.

January 19, 2023

Progress announced the R1 2023 release of Progress Telerik and Progress Kendo UI.

January 19, 2023

Wallarm announced the early release of the Wallarm API Leak Management solution, an enhanced API security technology designed to help organizations identify and remediate attacks exploiting leaked API keys and secrets, while providing on-going protection against hacks in the event of a leak.