Exposed credentials across the DevSecOps pipeline: 5 places secrets hide in plain sight
Discover the top five places exposed credentials hide in your organization and learn best practices to shift your secrets security left.
Infrastructure as code security and AppSec: Streamlined DevSecOps from app to infra
Learn how to get streamlined DevSecOps when you consolidate AppSec and infrastructure as code security.
Secure vulnerable images found in IaC templates with Bridgecrew
Learn how to proactively identify and scan vulnerable images sourced in IaC and CI/CD files with Bridgecrew’s new Image Referencer capability.
Full-stack code visibility with Bridgecrew’s Software Bill of Materials (SBOM) generation
Learn how to get visibility into risk exposure and prevent supply chain attacks with Bridgecrew’s software bill of materials (SBOM) generation capabilities.
AppSec and CloudSec 101: Blurring the lines between cloud-native app layers
Learn why AppSec and CloudSec are blurring together, and get tips for leveraging IaC to maintain cohesive application and infrastructure security for your cloud-native teams.
How to prevent the 5 most common software supply chain weaknesses
Learn the basics of software supply chain security and 7 best practices to protect yourself against common software supply chain weaknesses.
Crawl, walk, run: Operationalizing your IaC security program
Learn how to operationalize your infrastructure as code security program with our rollout timeline and guidance for your first ninety days.
How to adopt infrastructure as code with a secure-by-default strategy
Learn about challenges with building a secure IaC strategy. Here are seven tips to help you build a security-first IaC strategy.
6 key Kubernetes DevSecOps principles: People, processes, technology
These are the key principles to keep in mind when developing a Kubernetes DevSecOps strategy—from embedding the right processes across the application lifecycle to measuring the right KPIs and hiring the right talent.
Introducing Smart Fixes: Use your team’s secure coding patterns to fix new issues
Our newest feature extends our built-in fix suggestions with Smart Fixes sourced directly from your repositories.
New in Bridgecrew: YAML-based policy creator and composite custom policies
Our newest updates to our custom policy editor makes policy-as-code even more relevant, customizable, and shareable.
Inline IaC scanning and fixes with the Checkov Visual Studio Code extension
Get real-time IaC security and compliance scanning and inline fixes with our new Checkov VS Code extension.