Automated infrastructure as code security

Infrastructure as code tools like Terraform and CloudFormation enable teams to focus on provisioning rather than individual configuration management. With Bridgecrew, teams can also leverage IaC to enforce cloud security earlier in the development lifecycle to minimize risk and maintain cloud compliance.

How it works

Codify your cloud security with Bridgecrew

Bridgecrew helps teams adhere to infrastructure as code best practices and avoid common IaC misconfigurations that can expose cloud infrastructure to risk.

Scan infrastructure code in build pipeline

Powered by Checkov, our free and open-source infrastructure static analysis tool, Bridgecrew scans infrastructure as code and manifest files for issues. Bridgecrew identifies configuration errors like missing encryption, secrets, weak security group roles, and more.

Fix cloud infrastructure issues at the source

Finding issues at the infrastructure code level is the best way to enforce cloud security best practices earlier and Bridgecrew goes a step further with automated fixes delivered as code. Open a merge-ready pull requests to implement fixes in infrastructure code.

Prevent infrastructure misconfigurations

By fixing issues at the source, Bridgecrew prevents misconfigurations to resurface in cloud infrastructure down the line. By embedding before deployment via infrastructure as code CI/CD pipelines, Bridgecrew actually prevents new cloud security issues from being deployed into run-time.

“We’re big Terraform users, and everything deployed in our account is automated. The Bridgecrew platform provides us visibility into all resources and violations in our account that would be incredibly manual and time-consuming otherwise. Not only has Bridgecrew helped us to ensure we’re following best practices, but we can also prevent insecure configurations from ever being deployed in the first place.”

Sharon Cohen

CISO, BetterHelp

“With Bridgecrew, we were able to address cloud security earlier and more thoroughly. By connecting to our AWS accounts and infrastructure as code GitHub repos, we were able to gauge our current cloud security posture instantly. Their platform goes above and beyond, allowing us to monitor for misconfigurations continuously as part of every commit, and to fix them automatically.”

Tunde Oni-Daniel

VP Cyber Security

Why infrastructure as code security?

Automated for efficiency

Improve developer productivity and team efficiency by shifting cloud security left and automating it.

Codified at the source

Empower engineering teams to implement infrastructure code security best practices with security-as-code.

Streamlined CI/CD workflows

Embed directly into developer workflows to maintain cloud insight in both run-time and build-time.

Getting started with Bridgecrew for infrastructure code security

Embed Bridgecrew earlier in your development lifecycle to get continuous infrastructure code coverage and improve your cloud security.

Enforce security and compliance policies in your infrastructure-as-code Terraform files with support for automated scanning and fixes.

Bridgecrew scans infrastructure-as-code files that are generated on the fly such as CloudFormation templates generated using the AWS Cloud Development Kit (CDK).

Bridgecrew not only supports cloud security posture management for Microsoft Azure environments but also has support for Azure Resource Manager (ARM) templates.

Bridgecrew extends the Serverless Framework’s existing security and compliance policies to further protect its provisioning and operational model. 

Further reading

Check out our recent blog posts to learn more about infrastructure as code security

Infrastructure as code security 101

Read about the rise of infrastructure-as-code over the past few years and how it has impacted the cloud security landscape.

Why you should invest in IaC security

Find out why infrastructure-as-code security should be at the heart of your DevSecOps strategy from a tooling, process, and culture standpoint.