added

Policy cloning for YAML-based out-of-the-box policies 🧑‍🤝‍🧑

Users can now speed up the development of custom policies by cloning and modifying one of our over 50 YAML-based policies. In the Policies screen, find a YAML-based policy, click on the three dots, and clone. This will provide you with a new policy copied from that existing policy.

added

Checkov plugin for JetBrains 💻

The Checkov plugin scans IaC templates for misconfigurations as you code in JetBrains products such as IntelliJ and PyCharm. Fix and skip suggestions are made on the resource block that violates any policies.

Suppression rules improvements ✋

We’ve expanded suppression rule functionality and made several improvements to make managing suppression rules easier across the Bridgecrew platform.

added

Dockerfile container image scanning 📦

If an onboarded repository contains one or more Dockerfiles, Bridgecrew will automatically build those images and scan them for package vulnerabilities and compliance violations. Violations will be surfaced in the Projects page.

added

40 new policy fixes added 🛠️

We've added 40 new policy fixes across AWS, Azure and GCP. Now if Bridgecrew spots these misconfigurations, the platform will suggest a fix in PR comments, VS Code, and as PR fixes in the platform.

added

Bitbucket Server PR quality reports 🤖

Bridgecrew’s Bitbucket Server integration now includes bot generated pull request quality reports to provide misconfiguration guidance in context. Once a Bitbucket Server repo is added to Bridgecrew, all new pull requests will include reports with policy violations and severity levels. Also, the results are graph based, so reports will be based on rendered variables and modules.

added

Bridgecrew Tagging Bot operated by Yor 🏷️

With this new feature, Bridgecrew users can easily activate Yor tagging and tracing by enabling the Tagging Bot on the Code Repository Settings page.

added

Bridgecrew Terraform Cloud Run Tasks 🏃

Terraform Cloud (TFC) users can now use the new Run Tasks feature (currently beta) to have Bridgecrew scan every new plan they run in TFC. The task provides a simple status for the run with a summary and a link to a Bridgecrew Code Reviews page.

improved

Integrations redesign 🤝

We’ve made Bridgecrew integrations easier to add, find, and manage. Our latest update includes an integration catalog, integration grid, integration wizards.

added

Code Reviews for Azure Repos 🚀

Customers using Azure Repos now receive Bridgecrew scan results in every pull request as a Code Review. The included link will take you to the repository and branch of the scan on Bridgecrew’s Projects page.