Open source
Powered by open source
We’re always looking for ways to make managing and securing cloud-native applications as easy and accessible as possible. We also love open source. Used together or in isolation, our open source tools promote cloud-native best practices, all with a focus on security.
Open source projects
Created by Bridgecrew
To support our mission to make secure coding seamless and accessible, we’re always looking for projects to open source.
Checkov
As the leading open source policy-as-code engine, Checkov scans for misconfigurations in infrastructure as code (IaC) templates, Kubernetes manifests, pipelines, and more. We built Checkov in 2019 to be fully extensible and 100% open source so that developer-first security is accessible to any team and any workflow.
- Thousands of out-of-the-box policies
- Extended by IDE plugins for VS Code and IntelliJ
- Supports custom policies, suppressions, and enforcement rules
- Powers the Bridgecrew platform

Yor
Yor automatically adds tags to IaC templates that are persisted to deployed cloud resources. With built-in trace and attribution tags and support for custom taggers, Yor helps with triaging incidents, risk management, cost allocation, and more.
AirIAM
AirIAM transforms AWS IAM policies into right-sized Terraform configurations. With AirIAM, you can identify unused roles and groups, over-privileged users, and more to help maintain the principle of least privilege.
Platform
We're better together
The Bridgecrew platform is built on top of our open-source projects and is made better by the community’s contributions.
- Powered by Checkov’s ever-growing index of IaC policies across frameworks and clouds.
- Extends infrastructure security from code to cloud made enabled by Yor tracing IDs.
- Enforces least-privilege IAM with the help of AirIAM’s right-sizing technology.

Bridgecrew is free to get started
Sign up for a free 14-day Bridgecrew trial or learn the ins and outs from a Bridgecrew expert
Contribute and join in on the conversation!
GitHub
Read our contribution guidelines across our open source projects, submit an issue, start a PR, and don’t forget to drop a star on your favorite projects!
Slack
For questions, feedback, and discussions around our open source projects, join our #CodifiedSecurity Slack channel.
YouTube
We’re releasing new videos weekly on everything from IaC basics to advanced security topics. Subscribe to our YouTube channel to stay in the loop.