Most breaches targeting software supply chains don't start with code. They start with an identity.
The Shai Hulud NPM worm is a recent example — attackers used compromised developer credentials to inject malicious code into trusted packages. By the time it was caught, it had already spread. The entry point wasn't a vulnerability in the traditional sense. It was a developer account doing something it shouldn't have been doing, in a place most security teams weren't watching.
That's the gap BlueFlag was built to close.
Bringing SDLC Visibility into the SOC
Today we're announcing that BlueFlag has joined the Fortinet Fabric-Ready Technology Alliance Partner Program. The integration connects BlueFlag's identity-first SDLC security platform with the Fortinet Security Fabric — including SIEM and SOAR — so the identity risk happening inside development environments can flow into the workflows security operations teams already use.
Development generates a lot of signal: who's committing code, which service accounts are active, which tokens have access to what. Most of that never makes it to the SOC. This integration changes that.
What It Means in Practice
When BlueFlag detects anomalous identity behavior — unusual clone volumes, suspicious off-hours activity, a service account suddenly acquiring new permissions — that finding can now feed directly into Fortinet-powered detection and response workflows. Security teams get context they didn't have before. Response times shrink.
"By integrating our identity-first SDLC security platform with the Fortinet Security Fabric, we're helping organizations close gaps between development and security operations," said Raj Mallempati, CEO of BlueFlag Security.
"Working with BlueFlag helps bring greater visibility into identity-related risks across the software development lifecycle," added Neil Prasad, VP of Global Alliances at Fortinet.
A Stronger DevSecOps Stack
The software supply chain is a target. Developer identities are the entry point. And the SOC has historically had no line of sight into either. This partnership is a step toward fixing that — without adding another siloed tool to manage.
