Once you’ve authenticated into your Enterprise or Teams tenant, you’ll be able to choose your supported platform (GitHub, BitBucket, Gitlab) and associated repositories that you would like BluBracket to monitor. The Enterprise and Team versions monitor for:
Secrets - Tokens, keys, or passwords that might have accidentally or purposely been added to your code
Compliance - Monitoring for best practice with regards to Git repository and organization configurations in addition to non-inclusive language, PII, and more that may exist in your code
Access - Insight into developer access to repositories, including number and types of developer access.
PII - Personal Identifiable Information such as email, SSN, etc. found in code repositories.
Non-Inclusive Language - The use of expressions or words that might be considered to exclude particular groups of people.
Code Leaks - Code that has been copied from internal private repositories to internal or external public repositories.
Infrastructure as Code - Misconfigurations found in key infrastructure file types like Helm, Kubernetes, Terraform, etc.
BluBracket will initially scan the repositories you have selected and report any vulnerabilities that may be in the repositories. After the initial scan, BluBracket will then scan any commits made to those monitored repositories and report any incidents found in those commits. All of this is displayed in your personal portal interface where you can dig deeper into the information.
I’m logged in. Where do I start?
Step 2: Navigate the UI
The Enterprise and Teams BluPrint Page
Immediately after you have selected the repositories that you would like to monitor, you are navigated to the BluPrint page. This page has several major sections: High Risk Repositories, Alerts, Insights, and Repositories. We’ll start with the High Risks section and then move down the page to through the others.
The high risks report helps answer the question “Where do I get started?” BlueBracket applies a risk score to each repository to help developers understand which repositories are most at risk within their environment.
Click on any repository link to get to the details view. Here is where we show you all of the Risk Categories contributing to the repository Risk Score.
Category Detail View
Clicking on any of the Category Risk links will navigate you to a filtered list view of all of the alerts associated with that risk type.
Within the Alerts list view, after remediating a given risk, you can dismiss the alert by clicking on the Actions menu. This will move the Alert to the Events tab to ensure you have a permeant record of the risk and resolution.
Stop secrets from entering your code base
Use the BluBracket CLI Tool to stop secrets, PII, and Non-inclusive language from ever being uploaded to your code base. You can download the CLI tool by clicking on Settings and selecting Code Scanning. Here you can download the CLI version of your choice (supports MACOS, Window, and Linux).
What about APIs?
BluBracket has a rich set of APIs that allow you to integrate into other solutions including your CICD pipeline. If you’re interested in these you can read all about them in the API Documentation section where you found this document.
Support and Feedback