DevOps.com

  • Latest
    • Articles
    • Features
    • Most Read
    • News
    • News Releases
  • Topics
    • AI
    • Continuous Delivery
    • Continuous Testing
    • Cloud
    • Culture
    • DataOps
    • DevSecOps
    • Enterprise DevOps
    • Leadership Suite
    • DevOps Practice
    • ROELBOB
    • DevOps Toolbox
    • IT as Code
  • Videos/Podcasts
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • DevOps Unbound
  • Webinars
    • Upcoming
    • Calendar View
    • On-Demand Webinars
  • Library
  • Events
    • Upcoming Events
    • Calendar View
    • On-Demand Events
  • Sponsored Content
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • Security Boulevard
    • Techstrong Research
    • DevOps Chat
    • DevOps Dozen
    • DevOps TV
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
  • Media Kit
  • About
  • Sponsor
  • AI
  • Cloud
  • CI/CD
  • Continuous Testing
  • DataOps
  • DevSecOps
  • DevOps Onramp
  • Platform Engineering
  • Sustainability
  • Low-Code/No-Code
  • IT as Code
  • More
    • Application Performance Management/Monitoring
    • Culture
    • Enterprise DevOps
    • ROELBOB
Hot Topics
  • Report Surfaces DevOps Challenges for Mobile Applications
  • Microsoft’s 9th Outage in 2023 ¦ RISE of RISC-V ¦ Meta Ends WFH
  • What’s Hot in DevOps | Predict 2023
  • Supercharging Ansible Automation With AI
  • Coming Soon: AutoOps

Home » Features » BluBracket Community Edition of Secrets Discovery Tool now Available

BluBracket Community Edition of Secrets Discovery Tool now Available

Avatar photoBy: Mike Vizard on February 9, 2021 Leave a Comment

BluBracket today announced general availability of a community edition of a tool that employs machine learning algorithms to discover passwords, tokens and other security vulnerabilities in code.

Prakash Linga, BluBracket’s CEO, said application secrets stored in code enable cybercriminals to compromise applications in ways that can impact an entire software supply chain. The community edition of the company’s namesake tool scans commits to determine if any new risks were introduced, and will then block the staged files from being committed. It works with any continuous integration/continuous delivery (CI/CD) platform or integrated development environment (IDE) that supports pre-commit hooks, including VSCode, Jetbrains IntelliJ and PyCharm.

Cloud Native NowSponsorships Available

Developers are then presented with a risk score based on the number of secrets discovered in their code. For example, an active token for Amazon Web Services (AWS) would receive a high score, while a a password in a test environment would be rated low.

The Community Edition of BluBracket can be accessed via GitHub. The free version of BluBracket can be employed to scan up to 10 repositories and sharing reports in real-time, covering more than 50 types of secrets that might be employed using any programming language.

Linga said BluBracket also cuts down on false positives by combining machine learning algorithms with a built-in rules engine. In contrast to open source tools, BlueBracket generates far fewer false positives, said Linga.

Linga said the Community Edition is intended to help foster adoption of DevSecOps best practices among individual developers, in hopes that when those developers are hired, their organizations eventually license the full instance of BluBracket. The company views its tools as being complementary to both tools that surface vulnerabilities in code as well as secrets management platforms, which are often not employed as widely within an organization, Linga said.

In the wake of recent high-profile breaches that embedded malware in widely-distributed applications, there’s increased focus on securing software supply chains. In some of those instances, Linga said, it’s probable cybercriminals discovered passwords and other secrets that were inadvertently exposed in code.

However those breaches were enabled, it is apparent cybercriminals are becoming more adept at exploiting a weakness in one application to inflict maximum damage across an entire environment. It’s hard to say exactly what role secrets discovery is playing, but cybercriminals tend to prefer the path of least resistance when it comes to exploiting application vulnerabilities.

Of course, the hope is that adoption of DevSecOps best processes will reduce the number of breaches by shifting responsibility for cybersecurity further left toward developers. However, that’s difficult to achieve without finding the simplest way possible of getting the security tools required into the hands of the developers that need them most.

Recent Posts By Mike Vizard
  • Report Surfaces DevOps Challenges for Mobile Applications
  • Atlassian Advances DevSecOps via Jira Integrations
  • PagerDuty Signals Commitment to Adding Generative AI Capabilities
Avatar photo More from Mike Vizard
Related Posts
  • BluBracket Community Edition of Secrets Discovery Tool now Available
  • ReversingLabs Adds Ability to Detect Secrets in Application Binaries
  • Scribe Security Unveils Pair of Tools to Secure Software Supply Chains
    Related Categories
  • Blogs
  • Continuous Delivery
  • Continuous Testing
  • DevSecOps
  • Features
    Related Topics
  • application security
  • BluBracket
  • devsecops
  • software vulnerability
Show more
Show less

Filed Under: Blogs, Continuous Delivery, Continuous Testing, DevSecOps, Features Tagged With: application security, BluBracket, devsecops, software vulnerability

« Codefresh Taps Dan Garfield as Chief Open Source Officer, Strengthening Commitment to Open Source
87% of Enterprises Lack the Budget They Need for Data Analytics According to ‘The Challenges of Massive Data Analytics Report 2021’ »

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

ActiveState Workshop: Building Secure and Reproducible Open Source Runtimes
Thursday, June 8, 2023 - 1:00 pm EDT
DevSecOps
Monday, June 12, 2023 - 1:00 pm EDT
Interactive Workshop: 2023 Kubernetes Troubleshooting Challenge
Wednesday, June 14, 2023 - 9:00 am EDT

GET THE TOP STORIES OF THE WEEK

Sponsored Content

PlatformCon 2023: This Year’s Hottest Platform Engineering Event

May 30, 2023 | Karolina Junčytė

The Google Cloud DevOps Awards: Apply Now!

January 10, 2023 | Brenna Washington

Codenotary Extends Dynamic SBOM Reach to Serverless Computing Platforms

December 9, 2022 | Mike Vizard

Why a Low-Code Platform Should Have Pro-Code Capabilities

March 24, 2021 | Andrew Manby

AWS Well-Architected Framework Elevates Agility

December 17, 2020 | JT Giri

Latest from DevOps.com

Report Surfaces DevOps Challenges for Mobile Applications
June 7, 2023 | Mike Vizard
Microsoft’s 9th Outage in 2023 ¦ RISE of RISC-V ¦ Meta Ends WFH
June 7, 2023 | Richi Jennings
Supercharging Ansible Automation With AI
June 7, 2023 | Saqib Jan
Coming Soon: AutoOps
June 7, 2023 | Don Macvittie
Atlassian Advances DevSecOps via Jira Integrations
June 6, 2023 | Mike Vizard

TSTV Podcast

On-Demand Webinars

DevOps.com Webinar ReplaysDevOps.com Webinar Replays

Most Read on DevOps.com

No, Dev Jobs Aren’t Dead: AI Means ‘Everyone’s a Programmer’? ¦ Interesting Intel VPUs
June 1, 2023 | Richi Jennings
Revolutionizing the Nine Pillars of DevOps With AI-Engineered Tools
June 2, 2023 | Marc Hornbeek
Friend or Foe? ChatGPT’s Impact on Open Source Software
June 2, 2023 | Javier Perez
Cloud Drift Detection With Policy-as-Code
June 1, 2023 | Joydip Kanjilal
Logz.io Taps AI to Surface Incident Response Recommendations
June 1, 2023 | Mike Vizard
  • Home
  • About DevOps.com
  • Meet our Authors
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy

Powered by Techstrong Group, Inc.

© 2023 ·Techstrong Group, Inc.All rights reserved.