BluBracket enhances its code security solution to help enterprises protect software supply chains

By | 7:12 PM Leave a Comment

BluBracket announced that it has enhanced its code security solution to identify and eliminate the most overlooked risks in code. Closing these security gaps makes BluBracket the most effective and complete solution to protect enterprises from rapidly growing software supply chain attacks.

BluBracket does what SAST, DAST, and dependency analysis cannot – it finds the secrets and PII that hackers are using to accelerate their attacks. Many of the existing application security solutions are unable to address certain risks that BluBracket can. Experts are referring to code developed internally, which most often resides in git repositories, as the internal software supply chain and calling this the new attack surface.

The BluBracket Code Security Platform is the first solution that consolidates and acts on security risks from both the internal and external software supply chain. BluBracket scans code to protect software supply chains by preventing, finding, and fixing risks in source code, developer environments, and pipelines. The BluBracket code security solution addresses top risks in code that include secrets in code, exposed PII, access risks, and code leaks.

“The industry needs comprehensive code security solutions that make it easy for customers to secure their code both upstream and within their own internal development teams,” said Jim Zemlin, executive director of the Linux Foundation, a BluBracket customer. “In light of recent attacks on core software projects and the White House Executive Order calling for improved software supply chain security, the need for a comprehensive code security solution is clear.”

Key benefits of the BluBracket code security solution:

  • Most complete view of internal code supply chain health: severity ranking of individual risks combined with sophisticated filtering tools make it easy to find actionable issues now, while aggregate scoring of severity across repos gives users a clear view of overall security health.
  • More comprehensive risk detection: in addition to the detection of secrets, PII, and non-inclusive language in code, git/CI configuration and access risks, and detection of code leaks, BluBracket has partnered to add dependency vulnerability checks powered by Snyk, Infrastructure as Code risks powered by Checkov, and code static analysis risks powered by Semgrep.
  • Composable tools and ready-made recipes for universal risk detection beyond code: open source solutions identify secrets and PII across the enterprise, including S3 buckets, logs, Confluence wiki pages, databases, and more.
  • Developer-first support: for GitHub, GitLab, Bitbucket, Azure DevOps, and Gerrit brings security to existing workflows, rather than forcing developers to bring their workflow to security. Reduce alert fatigue and increase happiness with guidance in-context. IDE integration, including a new IntelliJ plugin provides unobtrusive security guidance while writing code. Integration with pull request workflows (including GitHub Checks and Bitbucket Code Insights) provides guidance while developers are reviewing the code.
  • Fully enterprise ready: SOC2 Type II certification and SAML/single sign-on integration mean implementation takes minutes to provide seamless access to comprehensive security tools across teams. Integration with SIEM, alerting, and ticketing tools like Splunk, PagerDuty, Jira, and others adds comprehensive new security capabilities to the tools and processes teams are already using.

“Developers and application security teams have to collaborate to address the growing need for security at the code level. Security solutions that integrate seamlessly into developer environments are most likely to see successful adoption and ultimately be most effective,” said Prakash Linga, founder and CEO, BluBracket. “BluBracket has bridged the gap to create a unique and superbly effective code security solution that finally supports the needs of both the developer and security communities.”


from Help Net Security https://ift.tt/Af5Xh3q

0 comments:

Post a Comment