-
Introducing the Soteri Partner Incentive Program
We’re proud to announce the Soteri Partner Incentive program! The Soteri Partner Incentive Program allows Atlassian Solution Partners to resell Soteri products at a larger discount than the default Atlassian model. This program will allow solution partners to quickly generate revenue while also helping Soteri grow its customer base. Soteri’s security applications are highly desired within large Fortune 500 organizations. […]
-
Introducing Soteri’s Scanning as a Service
Over the past year, multiple Fortune 500 companies in the defense, financial, and health sectors have deployed our proprietary technology to audit their repositories and document management systems for secrets, PII and more. We’re excited to announce we have now codified that technology into a REST-enabled cloud service. Soteri’s Scanning Service gives access to the […]
-
Cyber Defense – Thinking like a hacker in 2022
It’s one thing to build your IT security by ticking the box next to each threat, and deploying a best of breed tool to address it. But in the face of their ever-growing sophistication, truly effective defense against cyber attacks also requires you to get inside the mind of your hacker. What do they really […]
-
Soteri Scanning found a password. Now what?
Nobody installs Soteri’s Security for Bitbucket or Security for Confluence Cloud hoping to find a an improperly stored password or an accidentally committed API key. Yet our customers know that this is an all too common occurrence. It’s very possible that in the near future, you’ll run a Soteri Security Scan, and have a scan […]
-
Security for Confluence Cloud is now free
We’re proud to announce that our second product, Security for Confluence Cloud, is now free! Security for Confluence helps teams improve security, demonstrate compliance, and gain visibility into Confluence. Easily audit Confluence for credentials, API keys, credit card numbers, personally identifiable information (PII), and more. With team members drafting all kinds of documents, both personal and […]
-
Security for Bitbucket now detects scans performed with old settings
In earlier versions of Security for Bitbucket, a branch was considered “Up to date” if the latest commit was scanned, even if the scan rules had changed since the scan was performed. Our customers brought to our attention the use case of rolling out a new global rule, or modifying an existing rule — and […]
-
Securing Bitbucket Server: best practices in the face of the Ukraine cyber warfare
A global cybersecurity crisis has been brewing for years, but with the recent war in Ukraine, hacking has become highly weaponized. Companies publicly supporting Ukraine have been experiencing state-sponsored retaliation attacks. So we figured it’s a good time to review some basic best practices for Bitbucket Server — the most effective security practices are often […]
-
Security for Bitbucket per-repository configuration will be loaded from the default branch
Soteri’s Security for Bitbucket offers an option to customize the configuration of scans on a per-repository basis using a YAML file placed at the root of the repository. This flexibility can provide a lot of benefits for repositories which have a lot of binary data, or require custom rules to detect potentially sensitive content. Starting with Security […]
-
Mitigating Trojan Source Attacks with Security for Bitbucket
The Trojan Source Attack, tracked as CVE-2021–42574, and disclosed on Nov 1, 2021, works by using invisible unicode characters used to control interpretation of text as left-to-right or right-to-left to craft malicious source code which appears to function in one way, but is compiled in another. Code which seems to be valid could be commented […]
-
The Latest Features in Soteri’s Security for Bitbucket
Over the last quarter, we’ve added some impressive enhancements to Security for Bitbucket that give users greater control over their security scans, streamline auditing, and improve performance. They are: Interactively review & hide false positives Grant access to additional users and groups Warn-only mode for the security hook Email notifications upon scan completion Bypass the […]