We’ve updated our GitHub pull request comments to provide more information in an easier to digest format. The pull requests now include much more information but are grouped to minimize comment overload. Here’s what’s new:
Set a baseline for a directory (not an individual file) to skip all existing misconfigurations for future runs. Use
checkov -d path/to/directory --create-baseline to set a baseline file
.checkov.baseline in the scanned directory. Then in subsequent runs, use
checkov -d path/to/directory --baseline path/to/directory/.checkov.baseline to only check for new misconfigurations identified.
Checkov now finds and flags identified secrets in your infrastructure as code templates using regular expressions, keyword matching, and entropy based scanning. This feature is on by default and will show up as a dedicated section of the Checkov output. As of this post, Checkov secrets checks range from CKV_SECRET_1 through CKV_SECRET_19.
To make severity management easier, Bridgecrew has removed the “Info” severity for both out-of-the-box and custom policies. The following modifications will be made:
We’ve added application programming interfaces (APIs) for deeper integrations between our tools and others. With our new APIs, teams can:
To simplify our plans and make it consistent with Prisma Cloud’s pricing, we’ve made two major updates.
Our latest addition is a long-awaited feature for our DevOps team leads: Projects 🚀, our newest addition to the Bridgecrew platform, offers a centralized console view of everything currently going on in a subject repository. From this birds-eye-view, DevOps admins can now quickly sort through critical issues already merged into their main branches and evaluate what findings should be prioritized for fix.
Bridgecrew policies are natively mapped to industry benchmarks that translate into operational best practices and compliance requirements.
Pull Request Bot Comments now include comments for your custom policies.
Code Repository Settings screen enables you to configure scan properties in your VCS, including enabling/disabling Code Reviews and Pull Request Bot Comments.