Keep your software supply chain secure with these new VCS policies
To help organizations enforce supply chain security best practices, Checkov and Bridgecrew now scan GitHub, GitLab, and Bitbucket configurations.
4 supply chain risks in Terraform and how to prevent them with Checkov
Learn how to prevent Terraform supply chain weaknesses across code and delivery pipelines with Checkov to prevent software supply chain attacks.
Cloudsplaining and Checkov: Identify AWS IAM least privilege violations from code to cloud
We combined the powers of Cloudsplaining (with the help of its creator Kinnaird McQuade) and Checkov to help organizations assess IAM policies in both build-time and runtime.
Hacktoberfest contribution spotlight: Securing software delivery pipelines using Checkov JSON scanning
Hacktoberfest contribution from Brent Souze allows you to inspect JSON configurations using Checkov, including CI/CD configurations
Drift detection tools: Terraform vs CloudFormation vs Bridgecrew
Drift occurs when changes are made directly to a resource in a cloud provider. Learn how CloudFormation, Terraform, and Bridgecrew handle drift detection.
Integrating Yor with AWS IAM for better access control
Use Yor to automate the process of adding team ownership and environment tags to IaC and enforce AWS IAM policies using tagged resources.
Checkov Secrets Scanning: Find exposed credentials in IaC
Learn how Checkov's Secrets Scanning feature helps look for exposed credentials in IaC templates before a damaging leak occurs.
Using Yor and Checkov to authorize IaC modifiers from CI/CD
Authorize who can modify an IaC resource straight from your CI/CD pipeline using auto-tagging with Yor and policy-as-code with Checkov.
Announcing our latest open-source project, Yor: Automated IaC tag and trace
Yor is an automated IaC tag and trace tool that automatically adds attribution and trace tags to lower MTTR and simplify access control and cost allocation.
Addressing security throughout the infrastructure DevOps lifecycle
No, this isn’t another post about the Secure Development Lifecycle. This is a practical post…
Creating and sharing custom policies-as-code with Checkov
Define how infrastructure should be governed with custom Checkov policies that can easily be shared across your organization for reuse.
Bridgecrew + Palo Alto Networks: What’s next?
Today we officially became part of Palo Alto Networks, joining Prisma Cloud! In the two…