BluBracket searches for more than 50 different secrets in code, which include tokens, keys, IDs, credentials and passwords. BluBracket also allows developers to create their own regular expressions and search for them as well. For a complete list of secrets take a look at this document – “What types of secrets in code does BluBracket scan for?”
The BluBracket Community Edition can monitor any GitHub repositories that the developer has owner access to. This could be an individual account or an enterprise repository that the developer has been assigned owner rights. Upgrading to the Teams or Enterprise Editions allows you to monitor not only GitHub repositories but also GitLab and Bitbucket repositories. If you’re interested in GitLab or Bitbucket repositories you can reach out to the BluBracket Sales team for a free trial of the Enterprise Edition.
When you authenticate into BluBracket using GitHub Oauth you will see and approve the following permissions:
Read access to administration, code, members, metadata, organization administration, and pull requests
Read and write access to checks, organization hooks, and repository hooks
These permissions allow BluBracket to monitor the repositories that you select and present you with any secrets found as well as contributor/commit information.
The simple answer here is NO.
During the initial scan of the repositories to be monitored, BluBracket clones the repositories, scans them, creates a hash of each of the files (for later comparisons), and then deletes the repositories from the BluBracket servers. All of this happens within a few seconds depending on the repository size. BluBracket then saves specific metadata for easy reference – things like repository names, file names, contributor IDs, commit IDs and times, etc. BluBracket does not modify or store any actual code or secrets found in code on their servers.