CloudFormation scanning on every commit
For AWS users, CloudFormation provides a common language to provision AWS resources in your cloud environment. It also enables you to shift AWS cloud security left.
CloudFormation security and compliance
CloudFormation security risks
Infrastructure as code (IaC) frameworks such as CloudFormation have a lot of benefits when it comes to scaling and streamlining cloud infrastructure. But they can also introduce additional complexities and risks if security configuration is missing or incorrect. For organizations in regulated industries, it’s also crucial to keep infrastructure in compliance with regulatory policies.
CloudFormation security opportunity
Using simple code templates, CloudFormation enables you to automate cloud deployments across all accounts with a single source of truth. CloudFormation enables you to automate security earlier in the infrastructure development process. By shifting cloud security earlier, you can spend less time monitoring security and compliance issues in production.
How it works
CloudFormation security platform
Bridgecrew is designed to enforce policies as part of every code review and fix CloudFormation misconfigurations as early as possible.
Bridgecrew includes hundreds of built-in policies to scan your CloudFormation templates for provisioning AWS and third-party resources.
Seamless VCS integrations
Integrate directly with your CloudFormation repositories to instantly start scanning for security issues. No AWS account access needed.
Keep your CloudFormation templates compliant with continuous scanning as part of your CI/CD pipelines.
Security where code happens
Get started with Bridgecrew for free
CloudFormation and AWS security resources
In addition to providing CloudFormation scanning, Bridgecrew enables teams to address security errors in deployed AWS resources.
To help engineers learn how to spot CloudFormation misconfigurations, we built CfnGoat, a vulnerable-by-design security training tool.