BluBracket is a code security tool that helps developers identify and resolve security issues in their code. The company was launched in February 2020 as a solution for monitoring open source code stored in GitHub repositories. Once the BluBracket interface is authenticated through GitHub, it performs an initial scan for vulnerabilities as well as any new commits that are made thereafter.
Open source code—which comprises 80% to 90% of the software development supply chain—frequently contains sensitive information like security tokens, access keys, or passwords. Sometimes this information is added accidentally, but sometimes developers may include these items intentionally to make their workflows more efficient. In either case, BluBracket helps DevOps professionals identify these secrets and remove them from the code to prevent potential hacks.
Notable BluBracket features
BluBracket helps developers and security teams address sensitive information in their open source code. It offers vulnerability scanning and incident management capabilities to identify each secret and track their statuses.Then, BluBracket uses artificial intelligence and machine learning to eliminate false positives and prioritize each classified secret in order of risk.
In each edition, BluBracket directly integrates with Slack and continuous integration/continuous delivery (CI/CD) tools. In the Enterprise and CodeSecure editions, BluBracket fully integrates with single sign-on (SSO) apps like Okta and Azure Active Directory among other applications like Jira and Splunk.
Among many benefits BluBracket offers is its ability to enforce fine-grained security policies. It also creates actionable alerts in real time and helps developers address Git misconfigurations that could lead to security breaches. Then, it can send these action items to a connected SIEM platform so security engineers can streamline their efforts with the development lifecycle.
BluBracket’s analytics and reporting capabilities are also beneficial for organizations that are subject to strict regulatory requirements. Plus, the free Community edition lets users connect with other users in a forum to help answer questions and offer suggestions.
Compared to its competitors like GitGuardian, BluBracket does not offer detection for as many secrets. Other code security tools cover a wider range of sensitive data, including SSL certificates and copyrighted code. Some solutions may also be more attuned to the broader needs and workflows of security engineers, which include a wider security perimeter than strictly SaaS-based platforms like BluBracket.
BluBracket is available in four different editions:
- Community Edition: Free
- CodInsights Team: $21/month per developer
- CodeInsights Enterprise: $30/month per developer
- CodeInsights & CodeSecure: Contact sales