You must comply! Why you need proactive open-source license compliance
Learn the basics of open-source license compliance and discover how to adopt a proactive, developer-first approach to open-source security.
Full-stack code visibility with Bridgecrew’s Software Bill of Materials (SBOM) generation
Learn how to get visibility into risk exposure and prevent supply chain attacks with Bridgecrew’s software bill of materials (SBOM) generation capabilities.
How to enforce consistent code scanning rules across Checkov and Bridgecrew
Learn how to create customized and consistent code security scanning rules across the Bridgecrew platform and Checkov.
Checkov enables developer-first CI/CD security with new supply chain security policies
Learn how you can embed CI/CD best practices into your existing DevOps workflows with Checkov’s new CI/CD security policies.
Checkov 2.1 roundup: Expanding into AppSec, supply chain security, and more
Checkov 2.1 is packed with scanning support for new IaC frameworks, expanded supply chain and AppSec use cases, and more.
Announcing new scanning support for Bicep templates with Checkov and Bridgecrew
Bridgecrew and Checkov now support scanning Bicep templates for misconfigurations! See how you can scan your IaC files and compare them against Azure security best practices.
4 supply chain risks in Terraform and how to prevent them with Checkov
Learn how to prevent Terraform supply chain weaknesses across code and delivery pipelines with Checkov to prevent software supply chain attacks.
Prioritize, skip, and fail with policy severities in Checkov
Policy severities are now included in Checkov to help prioritize findings and make CI/CD skip and fail flags more manageable.
Introducing Whorf: The Checkov-powered Kubernetes Admission Controller
Our new Kubernetes Admission features Checkov as the core validator for Kubernetes manifests, preventing vulnerable or misconfigured Kubernetes objects from being deployed.
Announcing new Checkov framework support for Kustomize
Now with Checkov, you can make reusable Kustomize manifests and all of the resulting environments more secure from the start.
Easy mitigation for container escape / CVE-2022-0185 Linux kernel vulnerability
Learn about CVE-2022-0185, the latest Linux kernel vulnerability that allows container escape in Kubernetes, and how Checkov’s built-in policies mitigate it.
Cloudsplaining and Checkov: Identify AWS IAM least privilege violations from code to cloud
We combined the powers of Cloudsplaining (with the help of its creator Kinnaird McQuade) and Checkov to help organizations assess IAM policies in both build-time and runtime.