When BluBracket launched we were focused on being the best tool to find risks in code and related to code—as we describe it: what’s in your code, who has access, and where it’s going. But our work with companies ranging from nimble five-person startups to enterprises at the top of the fortune 100 has taught us that detection is the easy part.
What our users really needed—from individual developers to engineering and security leaders—was a way to answer three key questions:
- What’s the overall health of my code?
- What’s the area of highest risk?
- What can I do to improve it right now?
For most people, detection without tools to make sense of the alerts and a workflow to manage them was just noise and wasted time. Today we’re introducing filtering tools that make it easy to get quick and actionable answers to those questions.
See the big picture, dive into details
As developers and security experts, we need to see the big picture to prioritize our efforts, but we also need to see the details to make sure we trust the big picture evaluation and identify actionable improvements we can make now.
The new filtering experience makes it easy to explore data by risk category, repo, and 12 other dimensions. Want to see risks since a given date? Easy. Want to see risks across a set of repos by repo label? Easy.
Focus on the present, easy access to history
Most developers and security pros know the history of a repo can go deep, but the practice of continuous improvement requires focusing on the present and future: reducing the number of new risks that get into our repos, and removing old risks when we can.
The new filtering experience defaults to showing risks at the tip of each repo’s primary branch. This makes it easy to work in the present and see real-time progress as new commits remove risks from code. But security teams can also review code history for secrets and PII. Secrets in history can be rotated, but teams might need to rewrite history to eliminate PII.
Find and eliminate risks across the codebase
Our users tell us one of the biggest barriers to rotating secrets is knowing where those secrets are used. BluBracket makes it easy to discover secrets used across the codebase so you can rotate secrets with more confidence about the operational impact.
Part of a complete workflow
Filtering is just a part of BluBracket’s complete solution for securing git environments and the internal software supply chain.
BluBracket’s automated risk detection in the pull request workflow in GitHub, Bitbucket, and other CI environments helps companies eliminate secrets at the source. The advisory mode, which doesn’t block developers, has been shown to be more than 80% effective at eliminating new risks from the repos—virtually eliminating the accrual of security debt while supporting high-velocity developer workflows.
BluBracket has the most extensive integration options of any solution in its category—including Slack, Microsoft Teams, Jira, Splunk, and others—to help teams leverage their existing tools and workflows to drive continuous security improvement across their internal software supply chain.
Who can access the new filters?
The new filtering experience is available today for new accounts and free trials, and we’re rolling it out to enterprise users globally over the coming week. Current customers can contact the customer success team to schedule a hands-on tour.
What filters are available?
BluBracket supports filtering by multiple dimensions of risk. The risk categories BluBracket supports include:
- Secrets in code
- Non-inclusive language in code (NIL)
- Personally identifiable information in code (PII)
- Infrastructure as code risks (IaC)
- Git access and configuration risks
- Code leaks
Additional filters include:
- Risk type (within a category)
- Repo label
- Repo type
- Branch / tag
- Developer type
- Alert time
- Commit time
- Code server
Additional filters are being added as we expand the feature. Please let us know what you’re most interested in filtering on.
Can I filter by X?
Probably, but we’re eager to hear about it if there’s something you’d like to filter on that isn’t available. Please contact our customer success team to let us know.
How can I try it?
Start a free trial (approx 15 seconds), add a code server (approx 30 seconds), and start exploring your code in less than 60 seconds. Be sure to add the BluBracket GitHub Checks app to eliminate new security debt going forward.
Current customers can contact our customer success team for a demo and priority deployment.