For most of us, 2020 is a year we’re more than ready to leave behind. But as a company that started ramping up just as the global pandemic was settling in, we have a lot to be thankful for this year.
Supported by our exceptional investors, advisors, partners, customers, and community, we’ve been hard at work laying the foundation for the codified cloud security movement. This year our product has evolved tremendously with countless new features, our customer base has more than tripled, and our open-source community has grown exponentially.
To round it out, we wanted to take a moment to celebrate our accomplishments and give thanks to everyone who contributed. 💜
2020 company milestones
Although we started building Bridgecrew last year, 2020 is the year our platform and our team really came into their own. Working with our early customers, we identified the opportunity to codify cloud security and embed it into the development lifecycle through automation and infrastructure as code (IaC). To help us build a movement around that opportunity, we announced our $14M Series A led by Battery Ventures in April.
With R&D and engineering growing fast in Tel Aviv already, we started (remotely) building our go-to-market teams this year. From developer relations and marketing to sales and partnerships, I’m so proud of the team we’re building that currently spans five time zones.
By September, we couldn’t fit the entire Crew on one Zoom screen!
Happy #StarTrekDay from the BridgeCREW! 🖖 pic.twitter.com/ubs6BjSb3E
— bridgecrew (@bridgecrewio) September 8, 2020
We’re hiring across the board! Check out our open positions here.
We wouldn’t be where we are today without the support and guidance from our partners. These are our two favorite moments with partners from the year:
- Achieving AWS Security and DevOps Competency status as Advanced APN Technology Partners. Read the release here.
- Being included in Erica Brescia’s GitHub Universe keynote as a featured security partner. Watch the segment below:
These highlights, plus our ongoing partnerships with HashiCorp, CircleCI, Bitbucket, and others, are exciting indicators of what’s to come in 2021.
Building out the Bridgecrew platform
Our top priority for the year was to build the most intuitive developer-first cloud security platform on the market. Here are a few of our proudest accomplishments of the year.
Expanded Bridgecrew ecosystem
Since its official launch earlier this year with support for AWS, Google Cloud, Azure, Terraform, CloudFormation, and Kubernetes, the Bridgecrew platform has expanded immensely.
To expand our support for a more secure development lifecycle, we’re thrilled to announce 🔟 new product updates, including:
☁️ Support for more cloud providers
⚙️ CI/CD pipeline integrations
✨ and more!
Read about our biggest launch yet: https://t.co/Co7yQHDt6p
— bridgecrew (@bridgecrewio) June 8, 2020
Bridgecrew now supports scanning for security issues in Serverless Framework, AWS CDK, and Azure Resource Manager. Our integrations with version control systems, CI/CD providers, ticketing platforms, and notification apps make everything Bridgecrew has to offer even more accessible.
With 500+ security and compliance policies in the Bridgecrew platform, we cover all common cloud risks associated with industry security and compliance benchmarks like CIS, HIPPA, SOC2, and more. But with Bridgecrew, cloud security is more than just enforcing standard policies.
Our security-as-code approach makes it easy to define your own custom policies and fix policy violations in both runtime and build-time. We take that a step further by transforming cloud misconfigurations into secure and compliant infrastructure code.
The developer experience
What we’re most excited about this year is the work we’ve done to improve the developer experience in Bridgecrew. To do that, we invested heavily in our GitHub integration to provide security feedback at the right place and time. We recently launched Code Reviews to make sure feedback is relevant and actionable.
Introducing Bridgecrew Code Reviews! 🎊
Our newest feature makes security feedback even more actionable, so you can spend less time tracking down misconfigs and more time writing awesome (and secure) code. 🛡️ https://t.co/5yWbUBtFrn
— bridgecrew (@bridgecrewio) December 9, 2020
There’s no way to cover all of our new features and improvements in this post. Check out all of our major announcements on our blog and check out our Changelog for all releases.
As a developer-first company, we’ve been committed to our open-source projects and research (such as our 2020 State of Open Source Terraform Security report) from the start. This year we brought four new projects to the codified cloud security community.
We started off 2020 by launching Checkov, our open-source IaC security scanner with initial support for Terraform. Since then, we’ve expanded its supported frameworks (Kubernetes and Helm charts, to name a few), and have worked with our community contributors to add new functionality (like our recently announced Terraform variable evaluation support).
We’ve received overwhelming support from the community with almost 2k stars on GitHub and nearly 1M downloads! It’s been amazing to see how Checkov fits into the ecosystem and how different developers and teams are embracing it.
Incredible deep dive into Terraform static analysis tooling. Highly recommend for practitioners and tech strategists alike.
🧵 – thoughts on building Terraform static analysis tooling, OSSing security tools, and what to look for in Terraform SAST. https://t.co/xNJbKjUqIW
— Kinnaird McQuade ︎🚀💥☁️ (@kmcquade3) December 21, 2020
This year we saw firsthand the challenges that IAM poses for security. To help teams address those risks, we created AirIAM. This open-source project is designed to identify unused and over-privileged roles and permissions and replace IAM sprawl with least-privileged IAM configuration.
In addition to Checkov and AirIAM, we wanted to create helpful resources for developers to get acquainted with IaC security best practices. We built our two vulnerable-by-design projects, TerraGoat and CfnGoat, to demonstrate what IaC misconfigurations look like and how to avoid them in day-to-day infrastructure development.
This looks useful. Terraform to create a purposefully misconfigured infrastructure. Good for testing your tools detect all the issues. Check scanning tools, real-time monitoring tools, and in Bridgecrew’s case they can additionally check the terraform files before it is deployed. https://t.co/MVio7s8CUj
— Scott Piper (@0xdabbad00) May 20, 2020
Join our #CodifiedSecurity Slack channel to join the conversation.
Despite the chaos that the past year has dealt, we’re incredibly proud of the headway we’ve made towards our mission—bringing codified cloud security to everyone.
We look forward to working with you all in the new year and hope 2021 brings you everything you wish for and more. 🖖