Code security startup BluBracket today announced it has raised $12 million in a series A round led by Evolution Equity Partners. The capital will be used to further develop BluBracket’s products and grow its sales team.
Detecting exploits in source code can be a pain point for enterprises, especially with the onset of containerization, infrastructure as code, and microservices. According to a recent Flexera report, the number of vulnerabilities remotely exploitable in apps reached more than 13,300 from 249 vendors in 2020. In 2019, Barracuda Networks found that 13% of security pros hadn’t patched their web apps over the past 12 months. And in a 2020 survey from Edgescan, organizations said it took them an average of just over 50 days to address critical vulnerabilities in internet-facing apps.
BluBracket, which was founded in 2019 and is headquartered in Palo Alto, California, scans codebases for secrets and blocks future commits from introducing new risks. The platform can monitor real-time risk scores across codebases, Git configurations, infrastructure as code, code copies, and code access and resolve issues, detecting passwords and over 50 different types of tokens, keys, and IDs.
Coralogix estimates that developers create 70 bugs per 1,000 lines of code and that fixing a bug takes 30 times longer than writing a line of code. In the U.S., $113 billion is spent annually on identifying and fixing product defects.
BluBracket attempts to prevent this by proactively monitoring public repositories with the highest risk factors, generating reports for dev teams. It prioritizes commits based on their risk scores, minimizing duplicates using a tracking hash for every secret. A rules engine reduces false positives and scans for regular expressions, as well as sensitive words. And BluBracket sanitizes commit history both locally and remotely, supporting the exporting of reports via download or email.
BluBracket offers a free product in its Community Edition. Both it and the company’s paid products, Teams and Enterprise, work with GitHub, BitBucket, and Gitlab and offer CI/CD integration with Jenkins, GitHub Actions, and Azure Pipelines.
“Since our introduction early last year, the industry has seen through Solar Winds how big of an attack surface code is. Hackers are exploiting credentials and secrets in code, and valuable code is available in the public domain for virtually every company we engage with,” CEO Prakash Linga, who cofounded BluBracket with Ajay Arora, told VentureBeat via email.
BluBracket competes on some fronts with Sourcegraph, a “universal code search” platform that enables developer teams to manage and glean insights from their codebase. It has another rival in Amazon’s CodeGuru, an AI-powered developer tool that provides recommendations for improving code quality. There’s also cloud monitoring platform Datadog, codebase coverage tester Codecov, and feature-piloting solution LaunchDarkly, to name a few.
But BluBracket, which has about 30 employees, says demand for its code security solutions has increased “dramatically” since 2020. Its security products are being used in “dozens” of companies with “thousands” of users, according to Linga.
“DevSecOps and AppSec teams are scrambling, as we all know, to address this growing threat. By enabling their developers to keep these secrets out of code in the first place, our solutions make everyone’s life easier,” Linga continued. “We are excited to work with Evolution on this next stage of our company’s growth.”
Unusual Ventures, Point72 Ventures, SignalFire, and Firebolt Ventures also participated in BluBracket’s latest funding round. The startup had previously raised $6.5 million in a seed round led by Unusual Ventures.
VentureBeatVentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
- up-to-date information on the subjects of interest to you
- our newsletters
- gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
- networking features, and more