June 26, 2024

June updates, integration, usability, remediation, incident, pricing

Adding integration scopes

Among source code management tools, you can integrate BitBucket and the cloud storage service Google Drive to centrally manage credential exposure.

  • Depending on your BitBucket license, you can use either the App Password method or the Access Token method.
  • You can integrate Google Drive with your Google Cloud Service Account. For more information on how to integrate, see our Help Center.

Usability updates

We've updated the ability to manage by leaked credentials (Secret, Sensitive). Now you can track the location and status of leaked credentials.

  • Provides context data around the credential to provide more information.
  • Provides action information (Active status and location deletion information) by referencing the active and location status of exposed credentials.

Remediation

With the help of AI, you can learn about the potential risks of exposed secrets and what to do about them.

  • Instead of searching for threats by secret, you can see them at a glance on the Credential Exposure screen.
  • It gives you all the information you need to take internal action and prioritize.

Incident Management

We've added Incident Workflow, which allows you to ticket and track the action status of a credential within the commit web console.

  • You can create incident tickets right from the Secret, Sensitive, and Exposure screens.
  • The action status is all logged through the Timeline and provides all the functionality you need for further management.

Updating your pricing policy

We're making some changes to our pricing (except for existing users, who are on a lifetime plan). The platform now costs less per month, with additional fees based on who you use and the risk you take.

  • Leaked Author (Risk) Fee has been added. You will be charged based on the number of users you expose. The aggregation criteria is not counted by author, but by the unique author of the exposed credential, regardless of how many times a user exposed the credential.
  • Operation Fee has been added. This is a per member per month fee that is charged based on the number of users using Cremit.

March 1, 2024

Update! Login method, Improve Notification, SSO/SAML

Hello, This is Ben.

We are informing you of the update in Feb 2024.

Currently the Cremit service is available as a Private Beta service by contacting hi@cremit.io

It only supports highly secure login methods!

Cremit now only supports highly secure Passwordless login. Login is possible by default through Magic Link or PassKey, and after SSO setup, login is supported through Single Sign One.

  • SSO settings are accessible through the menu described below.
  • The initial PassKey settings can be set in the profile after logging in.
  • If you're having trouble setting up, please contact us and we'll respond quickly.

Can set the notification policy in a more detail!

You can set detailed notification policies, such as conditions arising from Secret Detection (Active, Inactive, All), or Sensitive Data only.

  • You can set up Active Secret receiving notifications; the same can be set up for In-active only or full notifications.
  • can set notifications by classifying them into two main categories: Sensitive Data and Secret.
  • Multiple Slack channels can be set up in conjunction with each other, and multiple policies can also be operated in duplicate.

Can set up SSO login through SAML Settings!

You can set up SSO login from the Settings -> SAML menu to log in through the identity provider (IDP) your organization uses.

  • Settings guides such as Okta, Google SAML, AAD (Entra ID), JumpCloud, and Ping, which are high-occupancy IDPs, can be found on the screen of the product during setup.
  • If you use other IDPs (Identity Providers), you can use them after accessing them based on the SAML 2.0 menu and entering related information.
  • Group Mapping automatically sets the Role of Groups and Create Services used by IDPs to support automated User On-boarding after one setup.
April 27, 2024

Cremit Update / Light Theme, Free Plan, Ferret Engine

Light Theme Update

Previously, only the Dark Mode theme was available, but we've updated the Light theme in response to requests from customers who were experiencing issues with reporting.

  • By default, the theme that matches your system settings is automatically applied.
  • You can change the theme via the profile button on the right.

Free Plan updates

Previously, you could only use the Free Plan after signing up for a card, but now you can use the Free Plan feature without signing up for a card, as requested by customers who want to try out Commit without signing up for a card.

  • If you haven't registered a card, you can automatically register for an initial scan when you log in.
  • If you have any difficulties, you can always email hi@cremit.io and our team will help you onboard!

Ferret Engine updates

The team has been working hard to improve our credential detection, and after months of testing and updates, we're happy to announce that it's now live for customers. With AI model-based PII, sensitive information detection, multi-source scanning, and other big differences, Ferret Engine outperforms other tools!

Introducing Cremit new detection engine Ferret!

  • Ferret means "Ferret Out" in English, and it's a furry animal that scours the cloud for exposed credentials.
  • It goes beyond heuristic, regular expression-based detection and uses AI-powered detection to effectively reduce false positives.
  • More than 2x faster than third-party tools on average, and 8.8x faster on massive data. Ferret finds credentials faster than anyone else.
January 12, 2024

Update! Notion Integration / Sensitive Data Pattern / Support Center

Hello, This is Ben.

We are informing you of the update in January 2024.

Currently the Cremit service is available as a Private Beta service by contacting hi@crmeit.io

Can Integration with Notion for scanning Secrets & Sensitive Data.

It can be Integration through the Notion Application, and it can be used in conjunction with any authority regardless of individual workspace or organization workspace.

  • You can browse Sensitive Data in Notions.
  • You can browse the Secert (API Key) in the Notion.
  • It is interlocked through Application, and a detailed interlocking guide is available at https://support.cremit.io .

Can scanning PII data patterns used in Korea!

With the pattern update for Sensitive Data detection, the resident registration number, driver's license number, passport number, account number, and credit card number have been updated.

  • You can find it on the Sensitive Data tab!
  • Existing customers can find it on the Sensitive Data tab without any additional work.
  • Also, if there is a pattern that you are adding, please feel free to comment at hi@crmeit.io !

Support Center GA!

In addition to the Slack Connect dedicated channel that was only available to some customers, the Support Center has officially opened!

  • You can read our guide to the Knowledge Portal for the comfort of the Create service.
  • If you need support, please open Ticket so that the cream team can easily check and update the status.
December 17, 2023

Update! Dashboard / Graph / Color Schema / Permissions

Hello, This is Ben.

We are informing you of the first update in January 2024.

Currently, the Cremit service is available as a Private Beta service by contacting hi@cremit.io .

Cremit Brand Color Update!

In the existing White-Color-centered design system, eyes have changed based on comfortable background colors.

UX was improved by applying highly visible color palettes such as statistical charts, table data, and highlight colors to dashboards.

Various statistical data have been added to the dashboard.

It has been updated to allow you to see the number of leaks in the secret (API Key), the number of leaks of sensitive information, as well as the statistics of leaked secrets, types of sensitive information, and points of leakage at a glance.

Leaker information of secret and sensitive information has been added.

Previously, only data such as activation, leakage date, and type could be checked in the Secret Table. Now, it is possible to check which user leaked it.

The user's permissions are divided into Administrator, Writer, and Reader.

Previously, everyone had Administrator privileges. From now on, Administrator users will have full functionality, Writers will have modified settings, and Readers will have access to read functions.