In light of recent attacks on core software projects and US President’s Executive Order calling for improved software supply chain security, the need for a comprehensive code security solution is clear. Code security company BluBracket is joining Snyk’s Technical Alliance Partnership Program as a founding member and will integrate Snyk’s Open Source security product into its Code Security Suite. The integration with Snyk will provide developers and application security engineers one comprehensive way to find and remediate code risk.
The Snyk Open Source solution enables developers to find and remediate upstream vulnerabilities in their open source dependencies, but supply chain risks don’t end with the open source dependencies included in projects. BluBracket’s internal supply chain security tools include detecting secrets and other sensitive content in code, auditing and enforcing git access and configuration, and tracking and alerting when code leaves the organization.
Together the two solutions provide a comprehensive way for developers and AppSec engineers to secure their code, pipelines and development environments and deliver a complete picture of their code health.
Snyk and BluBracket have a history of collaboration via the Linux Foundation’s LFx security project, which provides vulnerability and secrets-detection for the open source community and is used by many of the largest open source projects.
The integration with Snyk will be available to BluBracket customers by the Summer of 2022.