When we started BluBracket, we knew that in order to achieve our mission of making the code that powers our economy safe from attack, we had to shift security left and give developers tools to make their code secure earlier in the software development lifecycle. Security can’t be an afterthought in the world of cloudnative applications.
Today, we’re pleased to announce early-access to a powerful new tool that equips developers and DevSecOps engineers to find secrets in code and remediate those vulnerabilities. And the best part—it’s free.
Passwords, tokens and other secrets in code are a huge attack surface. Research has shown that 18% of all Git repositories have secrets. Hackers are constantly scanning repositories for these credentials, making unsecured code a major threat to corporate security.
We’ve realized that in order to prevent secrets from showing up in code in the first place, we need to provide tools with zero friction. So there’s no account sign ups. No trial period. Developers connect to our tool via GitHub where it begins scanning the repositories you choose (up to 10) and reports on any secrets found. And if you’ve been a good citizen and none are found initially, the BluBracket Community Edition keeps scanning to ensure no secrets are added in the future.
We believe this is the most powerful and efficient scanning tool on the market, which just happens to be free. An early access customer recently compared our product to a popular open source secret tool. The open source tool detected 126,516 “secrets.” With BluBracket, they realized that >125,000 of them were false positives. In security, too much noise means the signal just won’t be found.
Our tool is constantly updated by our security experts, and the community edition uses the same rules engine as our enterprise edition to show you only what’s important, saving you valuable time and resources.
So we invite you to try out the BluBracket Community Edition. We believe you will find it’s the best tool for finding secrets in code, full stop.
This is a product designed for a community. As such we ask you to share your feedback with us and the greater community in our Slack channel.
We believe that together we can stop secrets in code, all within a greater context of code security to ensure that the software that runs our modern economy is safe. Please let us know your thoughts on our new product and work with us to enhance and improve it. We are truly excited for this next chapter for our company.