Today we officially became part of Palo Alto Networks, joining Prisma Cloud!
In the two years leading up to this milestone, we’ve celebrated some incredible moments along the way…
- December 2019: Launched Checkov, our open-source IaC scanner with initial support for Terraform
- April 2020: Came out of stealth, releasing our codified cloud security platform and ten+ ecosystem integrations
- April 2020: Open-sourced AirIAM, our IAM right-sizing tool for AWS
- May 2020: Built TerraGoat, our vulnerable-by-design training tool for Terraform, later followed by CfnGoat and CDKGoat
- July 2020: Checkov passed 1k stars on GitHub (it now has over 2k)
- December 2020: Launched Code Reviews feature to provide relevant changes on commits and CI/CD runs
- February 2021: Entered agreement to be acquired by Palo Alto Networks as part of Prisma Cloud
Each of these moments and everything in between has contributed to our success. And in many ways, today’s milestone is simply another along our continued journey. By becoming part of Palo Alto Networks’ Prisma Cloud, we get to continue bridging the gap between developers and cloud security. This is what this acquisition means for our open-source community, the Bridgecrew platform, and the cloud security ecosystem at large.
- Checkov is not only here to stay but will benefit from even more resources to expand the depth and breadth of its coverage.
- We will continue investing in our other open-source projects like our vulnerable-by-design training tools and AirIAM. We also have some exciting new open-source projects in the works to solve other infrastructure development challenges. (Subscribe to our blog 👉 for updates)
- We will double-down on adding features, integrations, and improvements to the Bridgecrew platform.
- Soon, Bridgecrew customers will benefit from many code and cloud security features available in Prisma Cloud.
- Together, Bridgecrew and Prisma Cloud will be the first to secure the entire cloud-native development lifecycle for security and engineering teams alike.
Doubling-down on support for the community
Checkov has been downloaded over 1.2M times and has received over 2,000 stars on GitHub. When we open-sourced Checkov just over a year ago, we only had an inkling that the need for it was so great and that the response would be so resounding.
We are keeping the commitment we made then—to make IaC scanning easy and accessible to all. With the help of the community’s feedback and contributions, we’ve learned that to do so, it needs to be comprehensive in both breadth and depth. That means more built-in checks across more supported frameworks. It also means going deeper into the areas we already support and making the feedback even more valuable.
We take great pride in our open-source commitment and will continue developing our existing projects with exciting plans for new ones.
- We open-sourced AirIAM after identifying access and identity as the ultimate trust boundary being disrupted by IaC. AirIAM creates an immutable snapshot of IAM directories and creates rightsized instances of them. We look forward to introducing additional Terraforming and rightsizing capabilities in the coming months to continue elevating free and accessible IAM security.
- We were inspired by previous “vulnerable-by-design” projects to help developers experience what misconfigured infrastructure looks like without compromising their existing apps. We remain committed to helping DevOps leaders educate the broader developer ecosystem on the risks of human error in cloud infrastructure.
- We are in the final phases of development of a new automated infrastructure tagging tool. (If you’d like to hear more about it and participate in an early private beta, drop me a line.)
Bringing developer-first cloud security to all with Bridgecrew
Launched less than a year ago, the Bridgecrew SaaS platform combines IaC scanning powered by Checkov with runtime security capabilities. We decided early on to make surfaced feedback actionable and accessible in the form of security-as-code fixes, available in our free Community plan. We will continue to offer our free Community plan and accessible pricing options.
Our bread-and-butter is surfacing misconfigurations in IaC as part of pre-commit hooks, code reviews, and CI/CD runs. While IaC continues to be a core focus, our customers will still have complete access to our runtime scanning and automated remediations. This capability is crucial to bridge the divide between code and cloud. It enables us to cover core cloud security use cases like drift detection, blast radius estimation, and more.
One of the things we’re most excited about is the ability to quickly integrate features that are less core to our focus on infrastructure and IaC. As part of the Prisma Cloud family, we get to tap into the market’s leading cloud security solution. Many of its capabilities, like static code analysis and vulnerability scanning in Docker images, will be added to the Bridgecrew platform over time. This is a huge benefit to teams using the Bridgecrew platform to shift cloud security left.
Executing on our long-term vision
Ultimately, we are thrilled at the prospect of developing the first end-to-end security platform for both developers and security teams that covers the entire application lifecycle.
With our focus on IaC and the developer experience, along with Prisma’s incredibly robust cloud native security platform (CNSP) capabilities, we’re excited about what we can achieve together.
When combined, our complementary technologies and approaches will disrupt how teams have addressed cloud and application security. Together we look forward to securing our digital lives and saving teams valuable time and resources along the way.
As the legendary Vulcan philosopher Surak said, “May we together become greater than the sum of both of us.”
· · ·
To learn more about what the acquisition means for us, ask us anything in our Reddit AMA Thursday 3/4 at 8 am PT. Bridgecrew co-founder and CEO Idan Tendler is also joining Varun Badhwar, SVP Products & Engineering, Prisma Cloud, for a Fireside Chat on 3/8!