November 25, 2024

November, 2024

Here to share the November 2024 updates and new features with you. 🙂
This update focuses on enhancing features optimized for the Korean market and increasing transparency in security management.

• Expanded verification feature for Korean SaaS API keys, including TossPay       and NCP

• Added Audit Logs feature

• Added Scheduled Report feature

• Added Chat Support feature

You can sign up and start using Cremit at start.cremit.io.

Feel free to reach out anytime at hi@cremit.io! 

Expanded Verification of API keys for Korean SaaS Services

  • Cremit’s credential (secret, sensitive information) detection and verification patterns are now further optimized for the Korean market.
  • In addition to the existing 900+ verification patterns, we now support API key verification for Toss Payments and Naver Cloud Platform (NCP)

Audit Logs Feature

We provide audit logs for security auditing and regulatory compliance.

  • User login/logout
  • Integration setup changes
  • User permission management
  • Changes to settings such as SAML

Scheduled Reports Feature

The alert system has been further enhanced. Now, you can regularly monitor the status of your organization’s secrets and receive the following information periodically via Slack and Telegram.

  • Status of active/inactive secrets with trend analysis
  • Secret statistics by Integration
  • Trends in secret and sensitive information growth

Chat Support Feature

We have introduced a live chat system to improve the technical support experience. Now, technical inquiries and issue resolution can be handled more quickly in both Korean and English.

June 26, 2024

June 2024 Updates: Integration, Usability, Remediation, Incident Management, and Pricing

Expanded Integration Scopes

Now, Cremit supports integration with additional tools to help you manage credential exposure in a centralized way.You can integrate with both BitBucket (for source code management) and GoogleDrive (for cloud storage).

• For BitBucket, choose between the App Password or Access Token method based on your license type.

• For Google Drive, integration is available via your Google Cloud Service Account. For detailed setup instructions, visit our Help Center.

Usability Enhancements

We’ve improved the functionality to track and manage leaked credentials more effectively. You can now see the exact location and status of any exposed credential.

• Contextual Data: View more information around each credential for better understanding and decision-making.

• Action Details: Easily access data on the credential’s active status and location details, so you can address leaks faster.

Enhanced RemediationOptions

Our AI-powered remediation features make it easier to understand potential risks from exposed secrets and guide you on next steps.

• Credential ExposureDashboard: Now, all threats are visible at a glance, helping you focus on the highest-priority issues without searching credential-by-credential.

• Comprehensive ActionInformation: Access all essential data to prioritize and take swift action oninternal exposures.

Incident Management Improvements

We’ve introduced an Incident Workflow that lets you ticket and track remediation actions directly within the Cremit web console.

• Ticket Creation: Generate incident tickets directly from the Secret, Sensitive, and Exposure screens.

• Action Status Logs: The newTimeline feature logs each action, providing a comprehensive audit trail and making it easier to manage ongoing incidents.

Updates to Pricing Policy

Our pricing structure is changing (note: existing users on lifetime plans remain unaffected). The base platform cost is now lower, with new charges based on user volume and risk levels.

• Leaked Author (Risk) Fee: Fees now depend on the unique authors who have exposed credentials, not on the total number of exposures per author.

• Operation Fee: Aper-member, per-month fee based on the number of users actively using Cremit.

April 27, 2024

April 2024 Updates: Light Theme, Free Plan, and Probe Engine

Light Theme Update

We’ve introduced a LightMode theme following requests from customers who experienced challenges with reporting in Dark Mode. Now, by default, Cremit will automatically match your system theme settings. If you’d like to switch manually, you can change themes via the profile button in the top-right corner.

Free Plan Update

Previously, users needed to register a card to access the Free Plan. Now, in response to user feedback, you can use theFree Plan without entering card details, making it easier to try Cremit.

• Upon login, no card registration is required, you’ll automatically be set up for an initial scan.

• Need help onboarding? Reach out to us anytime at hi@cremit.io for assistance.

Probe Engine Launch

After months of development and rigorous testing, we’re excited to unveil Probe, Cremit’s latest detection engine! With advanced AI-powered technology, our team has dramatically improved both the accuracy and speed of credential detection.

  • Why Probe? Like a space probe exploring new frontiers, our engine dives deep into your data landscape, “probing” for hidden threats and delivering unparalleled insights.
  • AI-Powered Detection: Unlike traditional heuristic or regex-based detection, Probe harnesses AI to identify PII and other sensitive information across diverse sources, significantly minimizing false positives.
  • Speed & Efficiency: Probe sets a new standard in credential detection, processing data at over twice the speed of most third-party tools and up to 8.8 times faster with large datasets. It’s the market’s fastest solution for credential detection.
March 1, 2024

February 2024 Updates: Login Method, Improved Notifications, and SSO/SAML Integration

Hello, this is Ben from Cremit!

We’re excited to announce our latest updates for February 2024. Cremit is currently available as a Private Beta; if you’re interested, please reach out to hi@cremit.io to get started.

Secure, Passwordless Login

Cremit now exclusively supports highly secure, passwordless login methods to enhance security. You can log in through Magic Link or PassKey by default, and with SSO setup, you can also log in through Single Sign-On (SSO).

• SSO Settings: Access SSO settings from the designated menu.

• PassKey Setup: Set up PassKey authentication in your profile after logging in.

• Need help? Contact us, and we’ll be happy to assist you!

More Detailed Notification Policies

You now have greater control over your notifications, allowing you to customize notifications for Secret Detection and Sensitive Data events according to your needs. 

• Active Secret Notifications: Set notifications specifically for ActiveSecrets, Inactive Secrets, or both.

• Sensitive Data &Secret Classification: Configure notifications based on two main categories—Sensitive Data and Secret.

• Slack Integration: Configure multiple Slack channels and set up multiple notification policies that can operate simultaneously.

SSO Login via SAML

We now support SSO login through SAML, making it easy to integrate with your organization’s identity provider (IDP).

• Guided Setup: Find setup guides for popular IDPs like Okta, Google SAML, AAD (Entra ID), JumpCloud, andPing during the configuration process.

• Other IDPs: If you’re using a different IDP, simply select the SAML 2.0 menu and enter the required information.

• Group Mapping: Automate user onboarding with GroupMapping, which sets up roles and creates services according to your IDP groups, streamlining the process after initial setup.

January 12, 2024

January 2024 Updates: Notion Integration, Sensitive Data Patterns, and Support Center

Hello, this is Ben from Cremit!

We’re excited to share our latest updates forJanuary 2024. Cremit is currently available as a Private Beta; if you’re interested, contact us at hi@cremit.io.

Notion Integration for Secrets & Sensitive Data Scanning

Cremit now integrates with Notion to help you scan for secrets and sensitive data within your workspace.

• Easy Integration: Connect through theNotion Application, compatible with both individual and organizational workspaces.

• Data Browsing: Access scanned sensitive data and secrets (like API keys) directly within Notion.

• Detailed Guide: For setup assistance, see the integration guide at support.cremit.io.

New Patterns for Scanning PII Data in Korea

We’ve updated our Sensitive Data detection to include key PII patterns specific to Korea. Cremit now detects the following:

• Resident Registration Number

• Driver’s License Number

• Passport Number

• Bank Account Number

• Credit Card Number

How to Access: Existing customers can view these new data patterns under the Sensitive Data tab with no additional setup.If you’d like us to add more patterns, please reach out to hi@cremit.io!

Support Center Now Available!

We’ve officially launched our Support Center for all users, complementing the Slack Connect channel previously available only to select customers.

• Knowledge Portal: Access guides and resources to help you get the most out of Cremit.

• Easy Ticketing: For support requests, submit a ticket, and our team will keep you updated on your request status.

December 17, 2023

December 2023 Updates: Dashboard, Graphs, Color Scheme, and Permissions

Hello, this is Ben from Cremit!

We’re excited to share our first update for December 23. Cremit is currently available as a Private Beta; if you’d like to join, please reach out to us at hi@cremit.io.

Updated Brand Color Scheme

We’ve refreshed the Cremit color scheme to provide a more comfortable and visually accessible experience. The dashboard now features high-visibility colors for elements like statistical charts, table data, and highlights, making it easier to navigate and interpret data.

Enhanced Dashboard with Additional Statistical Data

The dashboard has been updated to include more comprehensive statistics. Now, you can view at a glance:

• The number of Secret (API Key) leaks

• The number of sensitive information leaks

• Statistics on types of leaked data and leakage points

This addition makes it easier to monitor and assess data security trends across your organization.

New Leaker Information for Secrets and Sensitive Data

Previously, the Secret Table only displayed data such as activation status, leakage date, and data type. Now, you can also see which user was responsible for each leak, providing greater transparency and accountability.

Expanded User Permissions: Administrator, Writer, and Reader

We’ve introduced role-based permissions to provide more control over user access:

• Administrator: Full access to all functionality

• Writer: Can modify settings and create data

• Reader: Limited to view-only access

This change enhances security by assigning appropriate access levels based on user roles.