Detect Suspicious Code Commits

JupiterOne is capable of detecting suspicious code commits in a git pull request (PR) by spotting commits self-approved by the code author and code commits made by a user unknown to the organization.

Start Your Free Trial

Direct Integration with Code Repositories

Security of software development and code is more important than ever. JupiterOne has managed integrations with BitBucket and GitHub which connects directly to their APIs to obtain account metadata and analyze resource relationships across teams, projects, pull requests, code repositories and users and map these to other resources and potential vulnerabilities in your environment.

BitBucket support for detecting suspicious code commits in pull requests is available today. Support for GitHub is coming soon.

BitBucket IntegrationGitHub Integration

How to Enable Detection

For the suspicious code commit in pull request detection feature in JupiterOne to work, you will need to follow a couple simple steps.:

Enable Pull Request (PR) and commit analysis in the integration configuration in JupiterOne.
Configure branch permissions in your git source control system to prohibit directly committing to the main branch (e.g. master) and to require pull request reviews before merging.

This option is typically found under the repo settings. This allows PR analysis to catch the suspicious activities.

When enabled, JupiterOne sets the approved and validated flags on each merged PR entity. It is simple to integrate this analysis into your DevOps pipeline to check for suspicious commits in PRs before deploying code to production.

Direct Integration with Code Repositories

BitBucket support for detecting suspicious code commits in pull requests is available today. Support for GitHub is coming soon.

BitBucket IntegrationGitHub Integration

How to Enable Detection

For the suspicious code commit in pull request detection feature in JupiterOne to work, you will need to follow a couple simple steps.:

Enable Pull Request (PR) and commit analysis in the integration configuration in JupiterOne.
Configure branch permissions in your git source control system to prohibit directly committing to the main branch (e.g. master) and to require pull request reviews before merging.

This option is typically found under the repo settings. This allows PR analysis to catch the suspicious activities.

Walk-through of Detecting Suspicious Code Commits

Connect BitBucket with JupiterOne

Through JupiterOne’s managed integration with BitBucket, your organization can automatically pull data around users, PRs, projects and repositories to map with the resources in the rest of your environment, including code scanners, endpoints and more.

Detecting self-approved commits

JupiterOne will analyze the activities on a merged PR to determine if there is any code commit on the PR that was not approved by someone other than the code author. This is especially useful in spotting cases where a PR is considered approved by a reviewer but includes code changes by the reviewer, something not detected in branch detection/permissions. A rule can be configured to alert your team when this happens.

Detecting commits by unknown/external authors

JupiterOne checks the commit author against known BitBucket users that are part of your organization. If a commit was made by an unknown/external author, JupiterOne sets the validated flag on the PR entity to false. A rule can be configured to alert your team when this happens.

Combine suspicious commits checking and vulnerability checking for CI/CD

You can use JupiterOne’s Query Language and rules engine to detect open vulnerability findings that are associated with certain code repos, and use this in conjunction with the PR analysis query previously discussed to make automated decisions for promoting code to production in your CI/CD pipeline.