The team at Opsera, the Continuous Orchestration platform for DevOps, today announced the release of Opsera GitCustodian. This new solution is intended to alert security and DevOps teams of vulnerable data found in source code repositories so that they can prevent vulnerabilities from making it to production.

GitCustodian also works to automate the remediation process for any uncovered secrets or other sensitive artifacts once vulnerabilities are detected.

“Source code vulnerabilities have the potential to cost organizations hundreds of millions or even billions of dollars a year due to breaches from cyberattackers. This is where Opsera GitCustodian comes in,” said Gilbert Martin, VP of customer success and solutions at Opsera. “It scans and alerts security teams of vulnerable secrets lurking in source code repositories before it’s too late. These teams are now empowered to proactively enforce secure software development lifecycle best practices through orchestrated secrets governance making source code vulnerabilities a thing of the past.”

Key highlights of this release include: 

  • Highly accurate and comprehensive secrets security detection in order to uncover a wide array of secrets and other sensitive data in source code 
  • The ability to scan existing source code repositories and gain a centralized snapshot of any vulnerable secrets across vision control systems 
  • The addition of proactive secrets governance into existing CI/CD workflows to help the user go from detection to remediation to verification with integrated alerting and trouble-ticketing for complete incident lifecycle management 
  • The ability to securely store secrets and keys with a built-in vault that works to eliminate the friction of following secrets management best practices 
  • Collaboration enablement that notifies impacted teams to take action without changing how or where they work 
  • Complete insights and analytics to offer users a full picture of the health and security of the entire lifecycle with actionable insights and compliance reporting.

“The complexity of modern applications brings with it multiple challenges around managing dependencies and configuration information, security tokens, username/passwords and other secrets,” said Jon Collins, VP of research and lead analyst at GigaOM, a technology research company. “It is too much to expect developers to keep on top of all the potential issues, such as inadvertently missing a .gitignore file and publishing confidential information into Git. As well as CI/CD automation, enterprises also need to adopt tools that can scan software code and dependencies proactively, and also prevent the accidental leakage of sensitive data.”