We combined the powers of Cloudsplaining (with the help of its creator Kinnaird McQuade) and Checkov to help organizations assess IAM policies in both build-time and runtime.
To get ahead of cloud-native security threats, we must reinforce individual software development threads with IaC security and ensure the entire DevOps lifecycle is strengthened by code to cloud security feedback.
During spooky season we were inspired to find the scariest security stats out there and give some tips to stop terrifying threats in their tracks.
Thanks to Hacktoberfest contributor Paul Horton, Checkov now outputs to CylconeDX XML format so you can build an IaC SBOM and tackle IaC risks.
Following up on our recent IaC security findings in the 2H 2021 Cloud Threat Report, we rewrote Helm Scanner to visualize chained misconfigurations and CVEs.
Hacktoberfest contribution from Brent Souze allows you to inspect JSON configurations using Checkov, including CI/CD configurations
Bridgecrew's new Terraform Cloud Run Tasks integration is the simplest way to ensure that only secure IaC is deployed.
Drift between running cloud resources and their associated infrastructure as code (IaC) will inevitably happen. Learn how to use drift as a learning opportunity and provide training on how to prevent it in the future.