Platform

The code security platform loved by developers

The Bridgecrew platform empowers developers with actionable code security feedback across the development lifecycle and equips security teams with complete supply chain coverage.

Codified security

Proactively address security issues in your code components and delivery pipelines while maintaining code to cloud coverage.

Seamlessly integrated

Natively embed security into your developer tools and across the development lifecycle with actionable feedback and code fixes.

Get started for free See all integrations

Code security

Automate security across your development lifecycle

Bridgecrew builds on top of and extends our open source tool, Checkov, allowing developers to address code security issues straight from their existing tools.

  • Open source CLI
  • IDE plugins
  • VCS integrations
  • CI/CD integrations
  • Cloud account integrations

Secure code across your cloud-native stack

Bridgecrew is equipped with thousands of pre-built infrastructure policies and a leading vulnerability database to identify major cloud-native security issues.

  • Infrastructure misconfigurations
  • Container image vulnerabilities
  • Open-source package vulnerabilities
  • Exposed secrets
  • Overly restrictive open source licenses
  • Overly permissive IAM policies
  • And more

IaC security

Proactively find and fix infrastructure as code misconfigurations to ship secure cloud resources fast.

Learn more →

Secrets scanning

Automatically detect exposed secrets and credentials in your infrastructure and applications from code to cloud.

Learn more →

Software composition analysis

Continuously identify vulnerabilities in images and open source packages and resolve license compliance issues with granular bump fixes.

Learn more →

Supply chain security

Prioritize threats across your stack

Bridgecrew provides code to cloud coverage, allowing security teams to visualize the connections between supply chain components and prioritize fixes.

  • Code to cloud attack surface visualization
  • Limitless dependency tree visualization
  • VCS configuration and repository scanning
  • CI/CD pipeline hardening
  • Graph-based policies and fixes
  • Software bill of materials (SBOM) generation
  • Custom policies

Maintain code to cloud coverage and compliance

Bridgecrew is designed to bridge the gap between developers and security by providing a single platform for improving and maintaining security best practices.

  • Cohesive resource visibility and policy management
  • Code to cloud tracing and drift detection
  • Real-time notifications and ticketing integrations
  • Compliance benchmarking and download-ready reports
  • Trend-based dashboards

Supply chain security

Visualize all your supply chain component connections so you can prioritize fixes based on real-world exploitability.

Learn more →

Drift detection

Trace cloud resources to the IaC templates that provisioned them with insights into how and when they were modified.

Learn more →

Continuous cloud security

Enforce the same policies and compliance requirements from code to cloud and download audit-ready reports.

Learn more →

Get started with Bridgecrew's developer-first security platform

Sign up for a free 14-day Bridgecrew trial or meet with an expert

Start a free trial

Bridgecrew ecosystem

More than just a platform

Bridgecrew is part of an ecosystem designed to support every team at every stage of their cloud-native security adoption journey. Supported by the community and extended by the greatest security engineers in the world, Bridgecrew brings together the best of open source and enterprise software.

As the creator of open source tool Checkov, Bridgecrew works with the open source community to make code security and infrastructure management accessible to anyone and extensible for any stack.

Learn more →

Bridgecrew was acquired by Palo Alto Networks and is integrated into Prisma Cloud’s industry-leading Cloud Native Application Protection Platform (CNAPP) as the shift-left security component.

Request a trial →