Bridgecrew's Codified Security Blog

Introducing Supply Chain Security: Visualize and secure your code and delivery pipelines

Guy Eisenkot March 9, 2022March 15, 2022

Software supply chain attacks are on the rise. Our new supply chain visualization provides a snapshot of your supply chains to understand your code to cloud attack surface.

Crawl, walk, run: Operationalizing your IaC security program

Mike Urbanski June 30, 2022June 30, 2022

Learn how to operationalize your infrastructure as code security program with our rollout timeline and guidance for your first ninety days.

Infrastructure as code

A primer on secure DevOps: Learn the benefits of these 3 DevSecOps use cases

Julia Benson June 16, 2022

Learn best practices and benefits of taking a DevSecOps approach to AppSec, IaC security, and software supply chain security.

DevSecOps

Announcing new scanning support for Bicep templates with Checkov and Bridgecrew

Taylor Smith June 9, 2022June 9, 2022

Bridgecrew and Checkov now support scanning Bicep templates for misconfigurations! See how you can scan your IaC files and compare them against Azure security best practices.

Product update

How to adopt infrastructure as code with a secure-by-default strategy

Julia Benson June 3, 2022

Learn about challenges with building a secure IaC strategy. Here are seven tips to help you build a security-first IaC strategy.

Infrastructure as code

5 ways K8s apps are vulnerable to supply chain attacks

Payton O'Neal May 31, 2022

Learn about 5 common security risks when working with Kubernetes apps. We’ll also walk through tips to help you secure your software supply chain.

DevSecOps

Bridgecrew’s HashiCorp Terraform Cloud Run Task integration available to all

Taylor Smith May 4, 2022May 4, 2022

With Terraform Cloud Run Tasks out of beta, everyone can now natively secure Terraform deployments with Bridgecrew.

Product update

5 CloudFormation security tips to take your AWS security to the next level

Bridgecrew April 26, 2022April 26, 2022

Learn these 5 AWS CloudFormation security best practices to protect your pipelines, manage compliance, and detect cloud drift.

Infrastructure as code

Terraform Enterprise + Bridgecrew: Secure development at enterprise scale

Matthew Scott April 21, 2022April 20, 2022

Our newest HashiCorp integration allows Terraform Enterprise customers to enforce security best practices at scale with policy-as-code.

Four steps to get started with a ‘bottom-up’ cybersecurity approach

Idan Tendler April 19, 2022April 19, 2022

Learn about bottom-up cybersecurity. We give you 4 tips to get started with creating a culture of developer-centered security in your organization.

DevSecOps

CloudFormation security 101: Four basic best practices for secure infrastructure as code

Bridgecrew April 13, 2022April 13, 2022

Learn some basic AWS CloudFormation best practices you can use to build and maintain CloudFormation templates securely.

Infrastructure as code

Keep your software supply chain secure with these new VCS policies

Barak Schoster April 4, 2022

To help organizations enforce supply chain security best practices, Checkov and Bridgecrew now scan GitHub, GitLab, and Bitbucket configurations.

Product update

Code to Cloud Summit Recap: Highlights from 15+ DevSecOps Sessions and 25+ Expert Speakers

Payton O'Neal March 25, 2022March 29, 2022

Watch our Code to Cloud Summit reel to see the 24 hours of DevSecOps and shift-left security talks in 24 minutes or read a play-by-play by theme.

Company news

Intellyx BrainBlog: Don’t break the software supply chain. Secure it.

Intellyx March 22, 2022March 25, 2022

In this Intellyx BrainBlog, Jason English explores the components and risks of modern software supply chains and the part developers play in securing them.

DevSecOps

Subscribe to our newsletter