Although security-as-code provides a foundation for the binary analysis of infrastructure, cloud security isn’t always as straightforward or objective as we’d like it to be. When multiple cloud accounts and infrastructure as code (IaC) frameworks are in play, investigating security issues requires a historical and context-driven understanding of risk.
To make it easier to investigate errors and their impacted resources within Bridgecrew, we’re excited to unveil our reimagined Resource Explorer.
The new Resource Explorer isn’t just a UI upgrade—it provides a more complete view of your infrastructure so that you can better understand its complexities and, ultimately, address risk faster.
Let’s take a look at each component, starting from the top:
To understand where and why errors have been identified, we’ve exposed several new data points around resource configuration arguments and their values. Bridgecrew continuously polls this metadata from connected IaC repositories and cloud accounts.
Using the new Resource Explorer links, you can jump directly into your cloud console or quickly copy the Bridgecrew link to your clipboard to send a teammate for further investigation.
Code block UI improvements
The new code block UI highlights the exact lines in question for both run-time and build-time resources, helping teams narrow in on errors and their suggested fixes.
For cloud resources scanned with Bridgecrew, we’ll now provide a Terraformed configuration that can easily be migrated to your VCS and CI/CD pipeline. As an alternate remediation option, Terraformed resources allows you to transform existing manually configured resources into immutable, version controlled, and secure IaC.
We’ve selected Terraform as our go-to language to help customers shift their manual configurations into infrastructure as code because it’s cloud-agnostic and has an incredibly strong community. Subscribe to our blog 👉 for more updates on this exciting new feature.
IaC’s modularity makes it incredibly customizable and flexible, but it can also confuse your efforts when investigating misconfigurations. Powered by our dependency graph, Bridgecrew supports multi-level IaC variable evaluations and now exposes those related resources in the Resource Explorer.
Understanding a resource’s blast radius—what the current resource depends on and its dependent resources—you better understanding an error’s impact and how to best address it.
Last but not least, you can review a resource’s entire history since its first Bridgecrew scan. Also powered by our dependency-aware infrastructure model, the resource history gives you a unified, version-controlled view of a resource’s evolution.
The timeline shows activities from both within the Bridgecrew platform and externally, and across run-time and build-time, including:
- Historical changes made to the resource
- Previously identified occurrences of the same error
- Other previously identified errors
- Previous fixes implemented via Bridgecrew
- Previous suppressions and Jira issues created via Bridgecrew
With this additional context at hand, teams more easily detect drift in resource configuration.
By connecting the dots between run-time and build-time and equipping teams with a comprehensive analysis of resources and their dependents, we hope we can reduce some of the friction of addressing cloud security feedback. To see Resource Explorer in action, log into your Bridgecrew account, or get started for free.