Open source

Powered by open source

We’re always looking for ways to make managing and securing cloud-native applications as easy and accessible as possible. We also love open source. Used together or in isolation, our open source tools promote cloud-native best practices, all with a focus on security.

Open source projects

Created by Bridgecrew

To support our mission to make secure coding seamless and accessible, we’re always looking for projects to open source.

Checkov

As the leading open source policy-as-code engine, Checkov scans for misconfigurations in infrastructure as code (IaC) templates, Kubernetes manifests, pipelines, and more. We built Checkov in 2019 to be fully extensible and 100% open source so that developer-first security is accessible to any team and any workflow.

  • Thousands of out-of-the-box policies
  • Extended by IDE plugins for VS Code and IntelliJ
  • Supports custom policies, suppressions, and enforcement rules
  • Powers the Bridgecrew platform
Explore Checkov →

Yor

Yor automatically adds tags to IaC templates that are persisted to deployed cloud resources. With built-in trace and attribution tags and support for custom taggers, Yor helps with triaging incidents, risk management, cost allocation, and more.

Explore Yor →

AirIAM

AirIAM transforms AWS IAM policies into right-sized Terraform configurations. With AirIAM, you can identify unused roles and groups, over-privileged users, and more to help maintain the principle of least privilege.

Explore AirIAM →

Platform

We're better together

The Bridgecrew platform is built on top of our open-source projects and is made better by the community’s contributions.

  • Powered by Checkov’s ever-growing index of IaC policies across frameworks and clouds.
  • Extends infrastructure security from code to cloud made enabled by Yor tracing IDs.
  • Enforces least-privilege IAM with the help of AirIAM’s right-sizing technology.

Bridgecrew is free to get started

Sign up for a free 14-day Bridgecrew trial or learn the ins and outs from a Bridgecrew expert

Learn more about the platform Learn about Checkov

Contribute and join in on the conversation!

GitHub

Read our contribution guidelines across our open source projects, submit an issue, start a PR, and don’t forget to drop a star on your favorite projects!

Slack

For questions, feedback, and discussions around our open source projects, join our #CodifiedSecurity Slack channel.

YouTube

We’re releasing new videos weekly on everything from IaC basics to advanced security topics. Subscribe to our YouTube channel to stay in the loop.

Learn secure coding basics

Our secure training projects are designed to help you learn what code security issues such as IaC misconfigurations or VCS weaknesses look like and how to prevent them in your own codebase.

TerraGoat

Vulnerable-by-design Terraform modules.

CfnGoat

Vulnerable-by-design CloudFormation templates.

CDKGoat

Vulnerable-by-design AWS CDK templates.

KustomizeGoat

Vulnerable-by-design Kustomize files.

SupplyGoat

Vulnerable-by-design delivery pipelines and more.