December 3, 2023

compossite technologies

The best in technologies

Opsera GitCustodian Proactively Secures Software program Growth Pipelines to Shield Delicate Information Present in Supply Code

4 min read
Opsera GitCustodian Proactively Secures Software program Growth Pipelines to Shield Delicate Information Present in Supply Code

Enterprises leverage Opsera’s no-code pipelines and built-in safety gates to determine and forestall delicate knowledge from leaking into manufacturing

SAN FRANCISCO, Aug. 2, 2022 /PRNewswire/ — Opsera, the Steady Orchestration platform for DevOps, at this time introduced the provision of Opsera GitCustodian. This new answer scans susceptible knowledge present in supply code repositories (i.e., Git) and alerts safety and DevOps groups in order that they’ll stop vulnerabilities from leaking into manufacturing. As soon as vulnerabilities are discovered, GitCustodian automates the remediation course of for any uncovered secrets and techniques or different delicate artifacts.

To study extra about GitCustodian be a part of this in-depth session:

“Supply code vulnerabilities have the potential to value organizations a whole lot of tens of millions and even billions of {dollars} a 12 months as a consequence of breaches from cyberattackers. That is the place Opsera GitCustodian is available in,” mentioned Gilbert Martin, VP of Buyer Success and Options at Opsera. “It scans and alerts safety groups of susceptible secrets and techniques lurking in supply code repositories earlier than it is too late. These groups at the moment are empowered to proactively implement safe software program growth lifecycle greatest practices by means of orchestrated secrets and techniques governance making supply code vulnerabilities a factor of the previous.”

The “as-a-Service” (i.e. Platform-as-a-Service, Infrastructure-as-a-Service, Software program-as-a-Service, and so forth.) development is rising, and together with it comes a motion in direction of “all the things as code.” Nevertheless, as code scales, complexities scale with it – particularly with regards to safety. Many Git customers unknowingly maintain delicate knowledge (i.e. secrets and techniques, passwords, certificates, keys, and so forth.) in supply code repositories – if this knowledge is pushed to manufacturing, it’s in danger to be uncovered to cyberattackers. To guard this knowledge, Opsera’s GitCustodian supplies proactive visibility into supply code vulnerabilities and helps safety and DevOps groups tackle them early on within the Steady Supply/Steady Integration (CI/CD) course of to make sure delicate knowledge shouldn’t be saved or leaked into manufacturing. Groups obtain a centralized snapshot in minutes of any susceptible secrets and techniques and different delicate artifacts in danger throughout model management techniques.

“Stealing credentials and secrets and techniques out of supply code and configuration information is a typical approach that attackers have utilized in many breaches,” mentioned Neil Daswani, co-author of Large Breaches: Cybersecurity Classes For Everybody. “GitCustodian might help determine and mitigate such dangers throughout your codebase as part of automatically-generated and operationalized CI/CD pipelines which is considered one of Opsera’s key strengths.”

The important thing options and advantages of Opsera GitCustodian embrace:

  • Extremely Correct, Complete Secrets and techniques Detection: Uncover a big selection of secrets and techniques and different delicate knowledge in supply code with detectors primarily based on a number of algorithms and industry-standard profiles.
  • Scan Present Supply Code Repositories: Get a centralized snapshot in minutes of any susceptible secrets and techniques and different delicate artifacts in danger throughout model management techniques.
  • Add Proactive Secrets and techniques Governance into Present CI/CD Workflows: Go from detection to remediation to verification with built-in alerting and trouble-ticketing for full incident lifecycle administration. Add detection and governance gates to the software program growth pipeline to catch secrets and techniques and different delicate artifacts earlier than they’re launched.
  • Securely Retailer Secrets and techniques and Keys: A built-in vault eliminates the friction of following secrets and techniques administration greatest practices.
  • Collaboration Enablement: Notify impacted groups to take rapid motion with out altering how or the place they work with versatile alerting through e mail, Slack, Microsoft Groups, Jira and ServiceNow integrations.
  • Full Insights and Analytics: Achieve a whole image of the well being and safety of all the lifecycle with actionable insights and compliance reporting.

Business analysts additionally acknowledge the complexity of supply code administration and enterprises’ want for instruments to assist scale back threat. “The complexity of recent purposes brings with it a number of challenges round managing dependencies and configuration info, safety tokens, username/passwords and different secrets and techniques,” mentioned Jon Collins, VP of Analysis and Lead Analyst at GigaOM. “It’s an excessive amount of to anticipate builders to maintain on high of all of the potential points, equivalent to inadvertently lacking a .gitignore file and publishing confidential info into Git. In addition to CI/CD automation, enterprises additionally must undertake instruments that may scan software program code and dependencies proactively, and in addition stop the unintended leakage of delicate knowledge.”

Schedule a demo to see GitCustodian in motion:

About Opsera
Opsera is the primary Steady Orchestration platform for next-gen DevOps that permits alternative, automation, and intelligence throughout all the software program life cycle. It gives easy, self-service toolchain integrations, drag-and-drop pipelines, and unified insights. With Steady Orchestration, growth groups can use the instruments they need, operations groups acquire improved effectivity, and enterprise leaders have unparalleled visibility. Opsera believes DevOps has reworked from an aspiration to a sensible science, and Steady Orchestration is the longer term to assist organizations speed up DevOps adoption and attain peak innovation velocity.

Olivia Heel
Catapult PR
[email protected]


Leave a Reply