Detect Suspicious Code Commits
JupiterOne is capable of detecting suspicious code commits in a git pull request (PR) by spotting commits self-approved by the code author and code commits made by a user unknown to the organization.
Direct Integration with Code Repositories
Security of software development and code is more important than ever. JupiterOne has managed integrations with BitBucket and GitHub which connects directly to their APIs to obtain account metadata and analyze resource relationships across teams, projects, pull requests, code repositories and users and map these to other resources and potential vulnerabilities in your environment.
BitBucket support for detecting suspicious code commits in pull requests is available today. Support for GitHub is coming soon.


How to Enable Detection
For the suspicious code commit in pull request detection feature in JupiterOne to work, you will need to follow a couple simple steps.:
-
Enable Pull Request (PR) and commit analysis in the integration configuration in JupiterOne.
-
Configure branch permissions in your git source control system to prohibit directly committing to the main branch (e.g.
master
) and to require pull request reviews before merging.This option is typically found under the repo settings. This allows PR analysis to catch the suspicious activities.
When enabled, JupiterOne sets the approved
and validated
flags on each merged PR entity. It is simple to integrate this analysis into your DevOps pipeline to check for suspicious commits in PRs before deploying code to production.
Direct Integration with Code Repositories
Security of software development and code is more important than ever. JupiterOne has managed integrations with BitBucket and GitHub which connects directly to their APIs to obtain account metadata and analyze resource relationships across teams, projects, pull requests, code repositories and users and map these to other resources and potential vulnerabilities in your environment.
BitBucket support for detecting suspicious code commits in pull requests is available today. Support for GitHub is coming soon.

How to Enable Detection
For the suspicious code commit in pull request detection feature in JupiterOne to work, you will need to follow a couple simple steps.:
-
Enable Pull Request (PR) and commit analysis in the integration configuration in JupiterOne.
-
Configure branch permissions in your git source control system to prohibit directly committing to the main branch (e.g.
master
) and to require pull request reviews before merging.This option is typically found under the repo settings. This allows PR analysis to catch the suspicious activities.
When enabled, JupiterOne sets the approved
and validated
flags on each merged PR entity. It is simple to integrate this analysis into your DevOps pipeline to check for suspicious commits in PRs before deploying code to production.

Walk-through of Detecting Suspicious Code Commits
Connect BitBucket with JupiterOne
Through JupiterOne’s managed integration with BitBucket, your organization can automatically pull data around users, PRs, projects and repositories to map with the resources in the rest of your environment, including code scanners, endpoints and more.


Detecting self-approved commits
JupiterOne will analyze the activities on a merged PR to determine if there is any code commit on the PR that was not approved by someone other than the code author. This is especially useful in spotting cases where a PR is considered approved by a reviewer but includes code changes by the reviewer, something not detected in branch detection/permissions. A rule can be configured to alert your team when this happens.
Detecting commits by unknown/external authors
JupiterOne checks the commit author against known BitBucket users that are part of your organization. If a commit was made by an unknown/external author, JupiterOne sets the validated
flag on the PR entity to false
. A rule can be configured to alert your team when this happens.


Combine suspicious commits checking and vulnerability checking for CI/CD
You can use JupiterOne’s Query Language and rules engine to detect open vulnerability findings that are associated with certain code repos, and use this in conjunction with the PR analysis query previously discussed to make automated decisions for promoting code to production in your CI/CD pipeline.
Detect Suspicious Code Commits
JupiterOne makes it easy to spot suspicious activity that could impact the security of your production environment.
DevSecOps is rocket fuel for software teams.
By embracing DevSecOps, software providers can stay nimble with efficient development cycles even as they scale to 3, 5 and 10 times their team size, without sacrificing security.
Providing Complete Visibility for Leading Cloud-Native Organizations






Providing Complete Visibility for Leading Cloud-Native Organizations





