BluBracket searches for more tokens, keys and IDs than the other tools as well as scans for passwords and custom patterns via regular expressions. While that’s huge on its own, BluBracket’s rules engine also actively eliminates potential false positives allowing developers to focus on the most important findings. All of that and totally free.
In addition to secrets, BluBracket scans for the following vulnerabilities:
Monitoring for best practice with regards to Git repository and organization configurations.
Personally identifiable information (PII) is any data that could potentially identify a specific individual. BluBracket helps identify PII information in your code to protect your employees, partners and customers.
Words like “master”, “slave”, “blacklist”, “dummy”, etc., may mean nothing to you beyond what they are used for in your industry, but to others they could be triggering thoughts and emotions that you might only sympathetically understand. BluBracket detects these non-inclusive words so you can remove them from your code base.
Insight into developer access to repositories, including number and types of developer access.
Code that has been copied from internal private repositories to internal or external public repositories.
Infrastructure as Code
Misconfigurations found in key infrastructure file types like Helm, Kubernetes, Terraform, etc.
Extended Universe detection
Discover code that developers have copied to public or personal repositories and/or shared with others.