BluBracket introduced significant new functionality to its Code Security Suite, allowing companies for the first time to find stolen and copied source code in public repositories.
In today’s digital coding environment, code can be copied and shared with one click. Code proliferation represents a significant threat to companies today—not just in the loss of intellectual property, but also in the risks code poses to general enterprise security. Code not only gives critical details of how a company runs its business, it also can give hackers a blueprint and the needed credentials to unlock proprietary systems.
“Code is stolen and leaked online everyday,” said Prakash Linga, CEO of BluBracket. “The world runs on code. Our customers need an efficient way to find and remove code that has been leaked to the public. By adding this functionality to our CodeSecurity Suite, we’re offering customers the opportunity to protect their critical corporate assets, all without hampering developer productivity.”
Fighting Code Proliferation
During BluBracket’s initial scan of a repository, it creates a hash of all the source code contained within the repo. This hash is then compared against any other source code that is scanned in the future, which could be code in other private repositories or repositories in the public realm. If the hash is matched up with code found outside of the original repository, BluBracket alerts the appropriate security or engineering personnel via its own interface or through a SIEM tool.
BluBracket scans both public and private repos designated by the company at launch. In addition, BluBracket uses the list of contributors to a company’s repos to identify the public repos to which they have added code. This means that if your code has made its way to open source projects, or to a developer or contractor’s non-company accounts, you can find and remediate the issue.
BluBracket also allows companies to scan and find code copies on developer endpoint machines. By invoking the BluBracket Scanner, you can scan developer devices for both known repositories and cloned repositories from private or public sources. This can be an effective step when transitioning developers from one project to the next and can provide assurance that especially sensitive code has not unwittingly been copied to public repositories.
BluBracket’s machine learning-based alerting system is constantly learning and adjusting to avoid false positives and will alert users based on their classification of the code’s importance. This means that companies can configure alerts, for instance, for only the code that is critical to company security and competitive advantage. This type of alerting and monitoring is critical for both the security and DevSecOps teams responsible for code and general digital security.
Additional Code Security Suite functionality
Code Fingerprinting and Discovery is a critical piece of the Code Security Suite which allows companies to:
- Discover and classify code. Companies can run a BluPrint of their Git environments to understand where their code is and who has access to it. They can also classify their most critical code for detailed chain of custody information for any compliance or audit needs.
- Detect and monitor your risks. BluBracket can detect secrets in code, misconfigurations and other risks and ensure that no sensitive passwords or tokens are being misappropriated, mishandled or misused.
- Protect valuable code. All the visibility, alerting and remediation needed to take action and protect code investment from both insider and outsider code theft or unauthorized publishing to open source.
- Enforce security policies. BluBracket bridges the gap between your security, development and devops teams by making security policies actionable and enforceable in your CICD pipeline.