Policy-as-code for custom Terraform providers with Checkov
Learn how to create your own Checkov policies for Terraform providers to enforce infrastructure best practices across your IaaS, PaaS, and SaaS applications.
CodifiedSecurity Office Hours Recap: Episode 05
We’re back with Episode 05 of the #CodifiedSecurity Office Hours! We welcomed Rob Eden from…
Finding and fixing Terraform misconfigurations in variables
With variable rendering support in Checkov, you can now analyze a misconfig even if it was sourced in a parameter defined on a different code block, ensuring that no risk goes unidentified.
Best practices for securing Identity and Access Management on Amazon Web Services
Pick up these best practices and tools for Identity and Access Management, a crucial component of cloud security.
Scan Helm charts for Kubernetes misconfigurations with Checkov
Learn how to automate security scanning of Helm charts for Kubernetes misconfigurations with Bridgecrew's open-source scanner, Checkov.
CodifiedSecurity Office Hours Recap: Episode 03
We sat down with Corcoran Smith from Slalom to discuss new Checkov developments, enterprise DevSecOps challenges, and infrastructure as code solutions.
IAM drift detection with AirIAM and GitHub Actions
Automatically detect AWS IAM drift and manage access with AirIAM and GitHub Actions.
CodifiedSecurity Office Hours Recap: Episode 02
Catch up with the the latest open source and cloud security updates in Episode 02 of Bridgecrew's #CodifedSecurity Office Hours.
CodifiedSecurity Office Hours Recap: Episode 01
Join us for live community chats covering the latest news in cloud security, open source, and infrastructure as code.
Introducing CfnGoat, a vulnerable-by-design CloudFormation training tool
We’re excited to release CfnGoat 🐐, a security training project for AWS CloudFormation. In addition…
Introducing the State of Open Source Terraform Security Report
We scanned the Terraform Registry and analyzed the overall state of infrastructure-as-code security and compliance. Read the full report to learn about the security posture of the IaC ecosystem.
Kubernetes static code analysis with Checkov
Use Checkov, Bridgecrew's OSS infrastructure as code analysis tool, to scan Kubernetes manifests and identify security issues in Kubernetes workloads.