Cloud-based organizations are increasingly leveraging open-sourced tools to help in their security and compliance monitoring. Whether it's trying to keep a handle on cost or just reducing some of the complexity that comes with additional UIs, the move to add open-sourced tools to your security toolkit makes a lot of sense.
Because these are open-sourced tools, we aren't able to develop one of our traditional, managed integrations like with other SaaS solutions. However, this vulnerability data is critical to maintaining your security posture so it needs to be mapped on the JupiterOne graph of your environment.
New Open-Source Tool Integrations
These integrations pull the vulnerability data returned form the open-sourced tools directly into JupiterOne, mapping to the resources in your organization's environment. By connecting vulnerabilities to resources, users, devices, etc., it is easier to identify what prompted the vulnerability and who is the most appropriate person to take action to correct it.
Vuls is an agentless vulnerability scanner for Linux/FreeBSD designed to help system administrators overcome the resource burden that comes from daily security vulnerability analysis and software updates. The tendency for most system administrators is to manually perform these updates to avoid production downtime, but the reality is, when opting to go manual, this process results in oversight and tremendous time demands.
Vuls combats this cycle by automatically scanning for vulnerabilities and alerting users when and where they arise.
Gitleaks audits your git repos for secrets to help users find unencrypted secrets and other unwanted data types in git repositories.
Organizations leverage Gitleaks to complete audit for uncommitted changes, Bitbucket, GitHub and GitLab repository scanning, as well as private repository scans, and repositories that require key based authentication.
A Growing List of Integrations
JupiterOne now provides more than 30 managed integrations with various cloud and DevOps tooling providers. Peeling back that onion a layer deeper to specific services – like on AWS or GitHub – JupiterOne gives organizations the ability to ingest data from more than 50 places into a single, searchable graph.
As we build integrations, the depth and reliability of analysis and understanding that can happen for security teams remains our top priority. If there is an integration you would like to see added to JupiterOne, request it here.