Bridgecrew's Codified Security Blog

6 key Kubernetes DevSecOps principles: People, processes, technology

Bridgecrew February 22, 2022February 22, 2022

These are the key principles to keep in mind when developing a Kubernetes DevSecOps strategy—from embedding the right processes across the application lifecycle to measuring the right KPIs and hiring the right talent.

DevSecOps

Introducing Whorf: The Checkov-powered Kubernetes Admission Controller

Steve Giguere February 17, 2022

Our new Kubernetes Admission features Checkov as the core validator for Kubernetes manifests, preventing vulnerable or misconfigured Kubernetes objects from being deployed.

From manifest to workload: Embedding Kubernetes security at each phase of the DevOps lifecycle

Bridgecrew February 15, 2022February 22, 2022

The key to holistic Kubernetes security is to identify risks at each stage of the DevOps lifecycle to prevent risks within a Kubernetes production environment.

DevSecOps

Infrastructure security advantages of leveraging Kubernetes

Bridgecrew February 10, 2022February 22, 2022

Kubernetes offers several built-in security features as well as the opportunity to shift infrastructure security left and embrace DevSecOps.

Announcing new Checkov framework support for Kustomize

Matt Johnson February 3, 2022February 3, 2022

Now with Checkov, you can make reusable Kustomize manifests and all of the resulting environments more secure from the start.

Terraform vs. CloudFormation: Security pros and cons

Bridgecrew February 1, 2022

When it comes to developing and deploying secure infrastructure, Terraform and CloudFormation both have unique quirks and considerations.

Infrastructure as code

All roads lead to code: How Bridgecrew leverages tracing for GitOps and drift detection

Gilad Mark January 27, 2022February 23, 2022

Powered by our open-source tool Yor, Bridgecrew leverages code-to-cloud traceability to fix runtime issues in code and prevent drift.

Easy mitigation for container escape / CVE-2022-0185 Linux kernel vulnerability

Steve Giguere January 26, 2022

Learn about CVE-2022-0185, the latest Linux kernel vulnerability that allows container escape in Kubernetes, and how Checkov’s built-in policies mitigate it.