Codified cloud security resources
Everything you need to navigate through the Bridgecrew universe
Guides
Learn more about the codified security ecosystem
DevSecGuide to IaC
Learn about the challenges of leveraging DevSecOps to secure the cloud and how infrastructure as code makes it all possible.
451 Research
Learn about the importance of IaC security and how to get started with securing your infrastructure earlier in the development lifecycle.
DZone Refcard
Learn about the importance of IaC security and how to get started with securing your infrastructure earlier in the development lifecycle.
Research
Dive into our research on IaC security
State of open-source Helm security
We analyzed open-source Helm charts to get a better understanding as to how secure the composable Kubernetes ecosystem is.
State of open-source Terraform security
We analyzed the open source Terraform Registry to gauge its
current security and compliance posture.
Webinars
See Bridgecrew in action
Cloud DevSecOps with Bridgecrew and Terraform
Learn how to shift left and automate your cloud security with Bridgecrew and HashiCorp Terraform in this hands-on workshop.
Monthly Product Demo
Join us every month to see Bridgecrew in action. You’ll learn how to integrate Bridgecrew into your stack and workflow, and explore each part of the platform.
AWS Dev Day: Cloud DevSecOps with Bridgecrew and CloudFormation
Learn how to codify your AWS security with Bridgecrew for CloudFormation and get hands-on experience shifting cloud security left.
GitOps and Cloud Security with AWS, Bridgecrew, and GitLab
Security leaders from AWS, Bridgecrew, and GitLab share best practices and a live demo for embedding cloud security into your GitOps processes.
Codifying your cloud security at scale with Terraform and Bridgecrew
Learn about the benefits of automating IaC security scanning, best practices for governing IaC continuously and detecting drift at scale with Bridgecrew for Terraform Cloud.
Collaborating with DevOps to Automate Cloud Security at Scale
We join the security experts at AWS, Databricks, and Robinhood to discuss how and why security and DevOps teams should be working together to build scalable cloud security strategies.
Blog highlights
Exciting news bringing cloud security to everyone
We’re excited to announce Palo Alto Networks’ intent to acquire Bridgecrew to bring security-as-code and DevSecOps to Prisma Cloud.
Drift detection for Terraform Cloud
Detect and reconcile cloud infrastructure configuration drifts between AWS and Terraform Cloud in real-time with Bridgecrew drift detection.
2020 Year in Review
2020 was a year to remember for all of us at Bridgecrew. Our 2020 recap celebrates our accomplishments and gives thanks to all that contributed.
Bridgecrew Code Reviews
Review and fix newly identified IaC misconfigurations on every commit with Bridgecrew’s newest platform addition—Code Reviews!
Build an IaC security and governance program
Our strategy guide helps you determine where and how to enforce security controls to meet your goals without slowing your developers down.
Best practices for securing IAM on AWS
Pick up these best practices and tools for Identity and Access Management, a crucial component of cloud security.
Open source projects
We’re huge supporters of open source and are the proud creators and maintainers of several tools and training projects.
Scan your infrastructure as code repositories for misconfigurations. Checkov is open source and can be run locally or as part of your CI/CD pipeline.
Least privilege your AWS IAM automatically. AirIAM transforms existing configurations into a new right-sized Terraform template.
With built-in trace and attribution tags and the ability to write custom taggers, Yor helps with triaging incidents, risk management, cost allocation, and more.
Stay in touch
Slack
Join our CodifiedSecurity community on Slack to connect with other cloud security enthusiasts.
Twitch
Chat with us live on Twitch at our community office hours, panels, and more.
Follow us on Twitter to get a constant feed of industry news, Bridgecrew changelog updates, and new content.