Powered by open source
We’re always looking for ways to make managing and securing cloud-native applications as easy and accessible as possible. We also love open source. Used together or in isolation, our open source tools promote cloud-native best practices, all with a focus on security.
Open source projects
Created by Bridgecrew
To support our mission to make secure coding seamless and accessible, we’re always looking for projects to open source.
As the leading open source policy-as-code engine, Checkov scans for misconfigurations in infrastructure as code (IaC) templates, Kubernetes manifests, pipelines, and more. We built Checkov in 2019 to be fully extensible and 100% open source so that developer-first security is accessible to any team and any workflow.
- Thousands of out-of-the-box policies
- Extended by IDE plugins for VS Code and IntelliJ
- Supports custom policies, suppressions, and enforcement rules
- Powers the Bridgecrew platform
Yor automatically adds tags to IaC templates that are persisted to deployed cloud resources. With built-in trace and attribution tags and support for custom taggers, Yor helps with triaging incidents, risk management, cost allocation, and more.
AirIAM transforms AWS IAM policies into right-sized Terraform configurations. With AirIAM, you can identify unused roles and groups, over-privileged users, and more to help maintain the principle of least privilege.
We're better together
Contribute and join in on the conversation!
Read our contribution guidelines across our open source projects, submit an issue, start a PR, and don’t forget to drop a star on your favorite projects!
For questions, feedback, and discussions around our open source projects, join our #CodifiedSecurity Slack channel.
We’re releasing new videos weekly on everything from IaC basics to advanced security topics. Subscribe to our YouTube channel to stay in the loop.