To help you sift through noisy alerts, Bridgecrew verifies if a found secret is valid or not. The platform will take secrets found in repository and CLI scans and validate them against public APIs to help prioritize removing or revoking valid secrets.

Want some remediation help? How about if it's from AI?

You can now create custom secrets policies using regular expression patterns. Once custom policies are defined, Bridgecrew will search for matches to your regular expressions across your repositories, including in integrations and Checkov. This way, you can easily find secrets that follow organization-specific patterns, which is especially useful if your organization follows internal naming conventions for secrets such as API tokens.

Users can leverage recent enhancements to Bridgecrew’s Projects screen to streamline their risk prioritization and decision making processes. The updated Projects page now enables you to:

Users can now get automated PR comments for all scan types such as IaC security, SCA, and secrets scanning across all VCS providers like GitHub, Gitlab, Bitbucket, and Azure Repos. Some of the enhancements include:

You can now leverage Bridgecrew’s new Okta integration to enable single sign-on for your organization's users. With this new integration, you can get dynamic and up-to-date permissions when you map SSO groups to Bridgecrew roles.

We now support .NET packages in SCA. Bridgecrew will find CVEs and licenses in *.csproj, Packages.config, and Paket package manager files. The platform surfaces these findings in all of our existing developer integrations, along with fixes where available.

Checkov can now output results in GitLab SAST format using the -o gitlab_sast flag. This will allow GitLab Ultimate users to see the results in merge requests and the GitLab security dashboard. Findings from our IaC, SCA, and Secrets scans can be exported to the GitLab SAST format and uploaded to the GitLab platform.

Users can now seamlessly add policy-as-code checks to their Terraform pipelines, which empowers them with completely automated security guardrails and the ability to collect feedback and directly block insecure deployments.

Users can now add the Bridgecrew Run Task during either the Pre-Plan or Post-Plan stages for both Terraform Cloud and Terraform Enterprise.