1. Sign in and authorize our app using GitHub
2. Select the repos to scan
3. Review and remediate secrets in your code
The BluBracket Community Edition can monitor any GitHub repositories that the developer has owner access to. This could be an individual account or an enterprise repository that the developer has been assigned owner rights. Upgrading to the Teams or Enterprise Editions allows you to monitor not only GitHub repositories but also GitLab and Bitbucket repositories. If you’re interested in GitLab or Bitbucket repositories you can reach out to the BluBracket Sales team for a free trial of the Enterprise Edition.
BluBracket searches for more than 50 different secrets in code, which include tokens, keys, IDs, credentials and passwords. BluBracket also allows developers to create their own regular expressions and search for them as well. For a complete list of secrets take a look at this document.
When you authenticate into BluBracket using GitHub Oauth you will see and approve the following permissions. These permissions allow BluBracket to monitor the repositories that you select and present you with any secrets found as well as contributor/commit information.
The simple answer here is NO.
During the initial scan of the repositories to be monitored, BluBracket clones the repositories, scans them, creates a hash of each of the files (for later comparisons), and then deletes the repositories from the BluBracket servers. All of this happens within a few seconds depending on the repository size. BluBracket then saves specific metadata for easy reference – things like repository names, file names, contributor IDs, commit IDs and times, etc. BluBracket does not modify or store any actual code or secrets found in code on their servers.