Open source

Powered by open source

We’re always looking for ways to make managing and securing cloud-native applications as easy and accessible as possible. We also love open source. Used together or in isolation, our open source tools promote cloud-native best practices, all with a focus on security.

Open source projects

Created by Bridgecrew

To support our mission to make secure coding seamless and accessible, we’re always looking for projects to open source.


As the leading open source policy-as-code engine, Checkov scans for misconfigurations in infrastructure as code (IaC) templates, Kubernetes manifests, pipelines, and more. We built Checkov in 2019 to be fully extensible and 100% open source so that developer-first security is accessible to any team and any workflow.

  • Thousands of out-of-the-box policies
  • Extended by IDE plugins for VS Code and IntelliJ
  • Supports custom policies, suppressions, and enforcement rules
  • Powers the Bridgecrew platform


We're better together

The Bridgecrew platform is built on top of our open-source projects and is made better by the community’s contributions.

  • Powered by Checkov’s ever-growing index of IaC policies across frameworks and clouds.
  • Extends infrastructure security from code to cloud made enabled by Yor tracing IDs.
  • Enforces least-privilege IAM with the help of AirIAM’s right-sizing technology.

Bridgecrew is free to get started

Sign up for a free 14-day Bridgecrew trial or learn the ins and outs from a Bridgecrew expert

Learn secure coding basics

Our secure training projects are designed to help you learn what code security issues such as IaC misconfigurations or VCS weaknesses look like and how to prevent them in your own codebase.