Checkov 2.1 roundup: Expanding into AppSec, supply chain security, and more
Checkov 2.1 is packed with scanning support for new IaC frameworks, expanded supply chain and AppSec use cases, and more.
Announcing new scanning support for Bicep templates with Checkov and Bridgecrew
Bridgecrew and Checkov now support scanning Bicep templates for misconfigurations! See how you can scan your IaC files and compare them against Azure security best practices.
Bridgecrew’s HashiCorp Terraform Cloud Run Task integration available to all
With Terraform Cloud Run Tasks out of beta, everyone can now natively secure Terraform deployments with Bridgecrew.
The key to DevSecOps success: Cross-team knowledge sharing
The core of DevSecOps includes cross-team collaboration and knowledge sharing. Here are three things devs and security can learn from each other.
5 ways to configure a monorepo for DevSecOps efficiency
As monorepos get more popular, we’re sharing our tips to make sure they’re configured for optimal DevSecOps efficiency.
Building the Business Case for DevSecOps
Find out how the collaboration and productivity benefits of DevSecOps outweigh the upfront investment costs of training and implementation.
Hacktoberfest Highlight: Generate an IaC SBOM using Checkov’s CycloneDX Output
Thanks to Hacktoberfest contributor Paul Horton, Checkov now outputs to CylconeDX XML format so you can build an IaC SBOM and tackle IaC risks.
5 common Kubernetes misconfigs and how to fix them
Kubernetes is a powerful tool with enough settings to deploy a performant, scalable, and reliable…
It’s not all bad! Using cloud drift for teachable moments
Drift between running cloud resources and their associated infrastructure as code (IaC) will inevitably happen. Learn how to use drift as a learning opportunity and provide training on how to prevent it in the future.
Tutorial: Incorporate IaC Security in your CI/CD pipeline with Bridgecrew, Jenkins, and GitHub
Learn how to add security into your Jenkins CI/CD to ensure only secure IaC code is committed to a repository and deployed.
Takeaways from the 2021 State of DevOps Report from Puppet
Puppet has just released the 10 year anniversary version of their annual State of DevOps Report. Important findings include the role of automation, cultural buy-in, and more.
5 tips for securely adopting infrastructure as code
Get our top tips for leveraging infrastructure as code (IaC) for efficient cloud management and a secure cloud environment.