Software Supply Chain: Preventing Breaches Early

Secrets in code is one of the most common attack vectors today.  The Solarwinds attack is probably the most recent and egregious example, but for every Solarwinds incident there are dozens, if not hundreds, of similar breaches every day that go unreported.  Having a breach of any kind is, of course, a serious matter.  Even […]

SolarWinds: Intern leaked passwords on GitHub

Last week, SolarWinds’ CEO testified in front of Congress on the hack that is largely considered the most damaging in US history. Representatives chastised the company over how the now infamous password “solarwinds123” was used for a file server. Even more damaging, that password was found in publicly available repos on GitHub. From CNN: “Confronted […]

Finding Secrets in Code the DevSecOps way

Secrets in code have become a massive security challenge for two main reasons: Code driven automation is ubiquitous. Passwords and credentials are quite often accidentally, and sometimes intentionally, checked into code. SaaS and IaaS has led to proliferation of tokens used to invoke other services. These tokens, especially in publicly visible code, are a huge […]

How to reduce false positives while scanning for secrets

Secrets in code are a pervasive and ever increasing attack vector in modern software companies.  If you’ve ever used a secret scanning tool to detect secrets in your code, you’ve probably had to deal with the overwhelming amount of false positives.  In some cases, the level of noise is so high that it can be […]

How Secrets in Code Lead to Security Breaches

Once upon a time, when desktop applications reigned supreme, the security of the application was placed on the shoulders of the end user on his/her desktop. A developer (or team of developers) would create an application and release it to the end users and IT admins, who would, in turn, install the application on their […]

How to prevent and detect secrets in code

We recently recorded a webinar with Security Boulevard featuring a detailed look at both preventing and detecting secrets, tokens and passwords in code, with our CEO Prakash Linga and developer advocate Chris Sammons. We encourage you to watch the full video to get actionable tips on how to shift security left and empower developers to […]

BluBracket Community Edition Eliminates Secrets in Code for Free

In wake of the SolarWinds breach, BluBracket shifts security left by introducing first tool to rank security risks and identify secrets early in the software development cycle PALO ALTO, Calif., February 9, 2020 – BluBracket, the leader in code security for developers and security engineers, today is announcing the general availability of its Community Edition, […]

How to help developers keep secrets out of code

What’s a secret? That’s a good question. But if you’re here, you probably already understand what a secret is, with regards to software engineering. You also understand that once code has been merged, detecting and fixing security related defects in code can cost your business time, money, and expose your organization to security risks. And […]

Find Secrets, Get a $50 Gift Card

Secrets and credentials found in code has become one of the largest vulnerabilities leading to breaches. From SolarWinds to Nissan, we’ve seen massive issues stemming from undetected secrets just in the last few weeks. We decided to do something about it. We’ve created the best way to find secrets in code, the BluBracket Community Edition, […]

What is the Software Supply Chain?

In today’s cloud-native and open source world, an application is made up of many components. Companies need to understand how the software supply chain works so they can ensure their own software is secure. Software integrity is more important than ever, especially in light of the SolarWinds hack. In this short clip from our full […]