Cybersecurity startup BluBracket Inc. today announced that it has raised $12 million in funding to build out the feature set and installed base of its software platform, which enables companies to make their applications less susceptible to cyberattacks.

Hackers employ a variety of different tactics to carry out breaches. Many of those tactics involve exploiting weak points in an application’s source code and, occasionally, the systems in which that source code is kept. BluBracket says its platform automatically detects such vulnerabilities to help development teams reduce the risk posed by cyberattacks.

Among the issues the platform can spot are security weak points related to secrets management. Secrets in developer parlance are encryption keys and other sensitive pieces of data that an application uses for important tasks. The best practice in enterprise software projects is to keep items such as encryption keys not inside the application’s code base itself, but rather in a separate storage system with additional security controls.

Nevertheless, developers occasionally do leave secrets in code repositories, to the point that the phenomenon is considered a fairly common security issue. BluBracket’s platform analyzes developers’ code submissions and catches sensitive items such as encryption keys before they are incorporated into an application. That, in turn, helps reduce the risk of hacking, since secrets are more difficult to compromise when they’re not embedded directly into an application’s code base. 

BluBracket catches other types of security issues as well. The platform can find misconfigured settings in a company’s code repository system that might give hackers an opportunity to gain access.

It also spots configuration-related security issues in Kubernetes clusters, along with cases where a company’s internal code shows up on the public web. The latter scenario can occur for a number of different reasons, such as when a developer accidentally leaves files on a publicly accessible cloud server.

Besides lowering the risk of breaches, code security tools can also improve developer productivity by reducing the manual work involved in finding vulnerabilities. BluBracket claims that its technology simplifies day-to-day work for multiple teams within a company’s software group. “Our technology solves a pressing issue for both application security and DevSecOps teams,” explained BluBracket co-founder and Chief Executive Officer Prakash Linga.

Evolution Equity Partners led the startup’s latest funding round. It was joined by returning BluBracket backers Unusual Ventures, Point72 Ventures, SignalFire and Firebolt Ventures. The startup said that it will use the capital to expand its go-to-market operations and ship new product features.

Image: BluBracket