Introducing Smart Fixes: Use your team’s secure coding patterns to fix new issues
Our newest feature extends our built-in fix suggestions with Smart Fixes sourced directly from your repositories.
Vulnerabilities vs. Security Misconfigurations: An Essential Primer
Misconfigurations are flaws in the way the software environment is configured, whereas security vulnerabilities are flaws in the software itself.
9 Essential Infrastructure Security Considerations for Kubernetes
Kubernetes is the go-to platform for managing containerized applications. Learn the best security practices through Kubernetes' layers and components here.
The key to DevSecOps success: Cross-team knowledge sharing
The core of DevSecOps includes cross-team collaboration and knowledge sharing. Here are three things devs and security can learn from each other.
5 ways to configure a monorepo for DevSecOps efficiency
As monorepos get more popular, we’re sharing our tips to make sure they’re configured for optimal DevSecOps efficiency.
Bridgecrew’s 2021 Year in Code Reviews
Join us as we look back on all the milestones we celebrated in 2021—from open-source and platform updates to new research and integrations.
How to prevent the IaC misconfiguration snowball effect
Without the right tooling, one IaC misconfiguration can snowball into thousands of security alerts. Proactive, embedded IaC security can help.
Building the Business Case for DevSecOps
Find out how the collaboration and productivity benefits of DevSecOps outweigh the upfront investment costs of training and implementation.
Bridgecrew configuration as code using our new Terraform Provider
Terraform is one of the most popular infrastructure as code (IaC) tools used to deploy,…
Expanding our DevSecOps integrations with Checkov for JetBrains
To continue making IaC security accessible and actionable, we're excited to introduce our new JetBrains (including IntelliJ) Checkov plugin.
Cloudsplaining and Checkov: Identify AWS IAM least privilege violations from code to cloud
We combined the powers of Cloudsplaining (with the help of its creator Kinnaird McQuade) and Checkov to help organizations assess IAM policies in both build-time and runtime.
Surviving the NGINX Ingress CVE-2021-25742 with Checkov
Read about Checkov's preventative approach to ensuring Kubernetes clusters with NGINX Ingress do not fall victim to the recently published CVE-2021-25742.
Intellyx BrainBlog: Weaving Security Into DevOps Atop Cloud Infrastructure
To get ahead of cloud-native security threats, we must reinforce individual software development threads with IaC security and ensure the entire DevOps lifecycle is strengthened by code to cloud security feedback.