HashiCorp Inc. is buying BluBracket Inc., a venture-backed startup with software that helps developers catch and fix insecure code before it’s released.
HashiCorp announced the deal today without disclosing the financial terms. BluBracket previously raised $18.5 million in funding.
BluBracket provides a software platform that helps development teams find cybersecurity issues in their code. It can spot, among other risks, so-called hardcoded secrets. That capability is one of the main reasons HashiCorp has decided to buy BluBracket.
In software development, secrets are particularly important pieces of data that an application uses to carry out its work. The term covers, among other items, any passwords that an application may store. Encryption keys are another type of secret, as are the authentication tokens that workloads use to verify one another’s security before exchanging data.
Because an application uses its secrets regularly, developers sometimes embed them directly into the application’s code base for easy access. Such hardcoded secrets, as they’re known, pose a major cybersecurity risk.
Hackers can in some cases reverse-engineer an application and extract its source code, which is usually inaccessible. If that source code contains hardcoded secrets such as passwords or encryption keys, the hackers can potentially use them to launch cyberattacks.
Another reason hardcoded secrets pose a risk is that code files are frequently copied by developers. If a code file contains an encryption key, then all its copies will contain that encryption key as well. The result is an increased risk of data leaks.
BluBracket’s namesake platform can automatically scan developers’ code for hardcoded secrets and generate an alert if any are found. The platform scans new code files for issues before they’re released to rather than after, which prevents cybersecurity risks from entering a company’s production environment. For added measure, BluBracket also offers the ability to detect secrets in a company’s existing Docker containers and file archives.
Security-conscious software teams don’t hardcode secrets directly into their applications but rather store them in a so-called secret vault. That’s an isolated software sandbox designed to block hacking attempts. An application can retrieve its secrets from the sandbox when they’re needed without making them accessible to hackers.
HashiCorp provides a popular open-source secret vault called Vault. The company will use the software that it’s gaining through the BluBracket acquisition to extend the product’s capabilities. After it’s enhanced with BluBracket’s technology, Vault will be capable of not only securely storing secrets but also ensuring they’re not accidently hardcoded into code files.
“BluBracket will help HashiCorp Vault expand into new areas as part of a more comprehensive lifecycle of managing secrets,” said HashiCorp Chief Executive Officer Dave McJannet.
Vault is only one of several products offered by HashiCorp. The publicly-traded software maker also provides tools that help companies optimize the configuration settings of their cloud infrastructure, create network connections between applications and manage other key technology tasks. HashiCorp generated $138 million in revenue from its products last quarter.
HashiCorp intends to detail the first BluBracket-powered enhancements to Vault later this year. However, the company didn’t specify its plans for the other tools BluBracket offers besides its secret detection capability. The startup’s platform can spot not only hardcoded secrets but also other risks such as code repositories with misconfigured security settings.
Your vote of support is important to us and it helps us keep the content FREE.
One-click below supports our mission to provide free, deep and relevant content.
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.