We’ve updated our GitHub pull request comments with a new design, richer context, and commit fixes in the comments. We provide all the context needed about the error right in the comment itself, so you can get all of the info you need to fix misconfigurations in your repository.

Our visual editor for custom policies already supports multiple frameworks including CloudFormation and Terraform. Now we’ve added a new field to make that differentiation more obvious.

We’ve expanded the Projects page to include every Code Review from VCS commits and CI runs. If a scan is performed on a repository (configurable with Code Repository Settings) or a CI run such as Jenkins and Terraform Cloud with an API key, that run will show up in the Projects page in a dropdown menu. In this launch we’ve included:

In addition to our Terraform Cloud Drift Detection, we’ve added the ability to detect drift for any Terraform resource tagged using Yor. Any onboarded repository across all supported providers will act as the Terraform state. We compare that to runtime environments for AWS, Azure, and GCP. If a difference is detected, we flag that as drift in the Projects page. If you select “Fix Drift” Bridgecrew will create a pull request/merge request in your repo to update your code to match the cloud configurations.

Bridgecrew extended API token management. We now offer the ability to generate, manage, and delete multiple keys for different integrations with the following capabilities:

The Checkov VS Code plugin finds misconfigurations in IaC code as you type. You could always suppress misconfiguration alerts inline using code. Now you can suppress policies in the Bridgecrew platform and they will sync to the VS Code plugin. If you suppress a policy by resource, source, tag, or full policy, VS Code will not show misconfiguration alerts for relevant resources. This allows teams to suppress alerts across organizations and reduces noise for the entire team.

Bridgecrew added 45 new out of the box policies across multiple resource types and providers.

Bitbucket Server users now get our code review status and link in every pull request. Onboard your Bitbucket Server to the Bridgecrew platform and authorize the repositories you want to be scanned. Once onboarded, every pull request will include a link to a Code Review in the Bridgecrew platform and will act as a guardrail with a pass/fail on the commit based on if it passed all of Bridgecrew’s policies at your defined threshold (low/medium/high/critical) that were not excluded or skipped.

We’ve added six graph-based out-of-the-box queries for investigating AWS runtime resources from the Resource Inventory page for better visibility. Many of these are based on our Network Access graph that identifies multiple ways for internet exposure, such as public subnets, internet gateways, and load balancers.

We’ve updated our GitHub pull request comments to provide more information in an easier to digest format. The pull requests now include much more information but are grouped to minimize comment overload. Here’s what’s new: