4 supply chain risks in Terraform and how to prevent them with Checkov
Learn how to prevent Terraform supply chain weaknesses across code and delivery pipelines with Checkov to prevent software supply chain attacks.
Prioritize, skip, and fail with policy severities in Checkov
Policy severities are now included in Checkov to help prioritize findings and make CI/CD skip and fail flags more manageable.
Level-up your cloud tagging strategy with Bridgecrew’s new IaC Tag Rule Manager
Maintaining GitOps and addressing cloud misconfigurations is even easier with Bridgecrew’s IaC auto-tagging and new centralized IaC Tag Rule Manager.
Introducing Whorf: The Checkov-powered Kubernetes Admission Controller
Our new Kubernetes Admission features Checkov as the core validator for Kubernetes manifests, preventing vulnerable or misconfigured Kubernetes objects from being deployed.
Announcing new Checkov framework support for Kustomize
Now with Checkov, you can make reusable Kustomize manifests and all of the resulting environments more secure from the start.
Easy mitigation for container escape / CVE-2022-0185 Linux kernel vulnerability
Learn about CVE-2022-0185, the latest Linux kernel vulnerability that allows container escape in Kubernetes, and how Checkov’s built-in policies mitigate it.
Cloudsplaining and Checkov: Identify AWS IAM least privilege violations from code to cloud
We combined the powers of Cloudsplaining (with the help of its creator Kinnaird McQuade) and Checkov to help organizations assess IAM policies in both build-time and runtime.
Surviving the NGINX Ingress CVE-2021-25742 with Checkov
Read about Checkov's preventative approach to ensuring Kubernetes clusters with NGINX Ingress do not fall victim to the recently published CVE-2021-25742.
Hacktoberfest Highlight: Generate an IaC SBOM using Checkov’s CycloneDX Output
Thanks to Hacktoberfest contributor Paul Horton, Checkov now outputs to CylconeDX XML format so you can build an IaC SBOM and tackle IaC risks.
New research: Graphing misconfigurations and vulnerabilities to visualize blast radius
Following up on our recent IaC security findings in the 2H 2021 Cloud Threat Report, we rewrote Helm Scanner to visualize chained misconfigurations and CVEs.
Hacktoberfest contribution spotlight: Securing software delivery pipelines using Checkov JSON scanning
Hacktoberfest contribution from Brent Souze allows you to inspect JSON configurations using Checkov, including CI/CD configurations
Tutorial: Incorporate IaC Security in your CI/CD pipeline with Bridgecrew, Jenkins, and GitHub
Learn how to add security into your Jenkins CI/CD to ensure only secure IaC code is committed to a repository and deployed.