Eliminate Secrets For Free

Get started with BluBracket Community Edition
The best way to experience BluBracket is to use our Community Edition to find secrets in your own code.
Getting started is free and easy:

1. Sign in and authorize our app using GitHub
2. Select the repos to scan
3. Review and remediate secrets in your code

Using GitHub Enterprise, BitBucket or GitLab? Try BluBracket Enterprise Edition for free.

Connect using your GitHub account
By logging in or signing up, you agree to our Terms of Service and Privacy Policy. BluBracket does not store your code or secrets or get access to anyone else’s account. See FAQ below to learn more.

Frequently Asked Questions

The BluBracket Community Edition can monitor any GitHub repositories that the developer has owner access to.  This could be an individual account or an enterprise repository that the developer has been assigned owner rights.  Upgrading to the Teams or Enterprise Editions allows you to monitor not only GitHub repositories but also GitLab and Bitbucket repositories.  If you’re interested in GitLab or Bitbucket repositories you can reach out to the BluBracket Sales team for a free trial of the Enterprise Edition.

BluBracket searches for more than 50 different secrets in code, which include tokens, keys, IDs, credentials and passwords.  BluBracket also allows developers to create their own regular expressions and search for them as well.  For a complete list of secrets take a look at this document.

When you authenticate into BluBracket using GitHub Oauth you will see and approve the following permissions. These permissions allow BluBracket to monitor the repositories that you select and present you with any secrets found as well as contributor/commit information.

  • Read access to administration, code, members, metadata, organization administration, and pull requests
  • Read and write access to checks, organization hooks, and repository hooks

The simple answer here is NO.

During the initial scan of the repositories to be monitored, BluBracket clones the repositories, scans them, creates a hash of each of the files (for later comparisons), and then deletes the repositories from the BluBracket servers.  All of this happens within a few seconds depending on the repository size.  BluBracket then saves specific metadata for easy reference – things like repository names, file names, contributor IDs, commit IDs and times, etc.  BluBracket does not modify or store any actual code or secrets found in code on their servers.

If you’re curious about anything else regarding the BluBracket Community Edition you can browse the Community Edition FAQ section of our help center.