Resource Explorer 2.0 🔎

Exploring security issues related to a resource is easier when you have more background information about that specific resource. Bridgecrew’s Resource Explorer refresh gives you a more context-rich and consistent experience to focus in on IaC, packages, and runtime resources across the entire platform—on the Projects, Supply Chain Graph, Incidents, and Resource Inventory screens.

GitHub Actions workflow configuration scan results in Bridgecrew ⚡

Bridgecrew now automatically scans and identifies misconfigurations in any GitHub Actions workflow files that are found in onboarded repositories. CLI results will also appear in the platform when scans are performed locally or in a CI pipeline.

CloudFormation Drift Detection ☁️

In addition to detecting cloud infrastructure drift in Terraform, Bridgecrew now supports drift detection violations for CloudFormation templates!

Alibaba Cloud Terraform-based policies

Bridgecrew is about to add 25 new out-of-the-box policies for Alibaba Cloud Terraform resources!
The following policies are estimated to be effective starting August 7th:

added

Helm Support ⎈

Helm is a popular templating language for packaging complex Kubernetes deployments. Last year, Checkov added support for Helm. Now, onboarding a Helm repository to Bridgecrew will automatically render and scan the Helm charts for violations.

Severity changes across 111 policies 🛂

In order to align with the continuous policy changes within Prisma cloud, Bridgecrew has changed the severities of the policies mentioned below.
Note that such change might impact severity-based feature like Enforcement.

Development Pipelines 👩🏻‍💻

The Development Pipeline screen provides a centralized view of organizations’ repositories and latest scans, providing an easy way to review, prioritize, and manage identified misconfigurations and vulnerabilities.

Enforcement Rules Settings 🚥

With Enforcement Settings, users can now easily control how their systems (i.e. CI/CD pipelines) will behave when violations are identified.

added

OpenAPI Support 💻

OpenAPI (fka Swagger) is a specification for defining your API endpoints, their inputs and outputs, authentication, and other details. Checkov and Bridgecrew now support scanning for OpenAPI v3.0 and Swagger v2.0.0 files for misconfigurations that expose your APIs to exploits.

added

Bicep Support 💪

Bridgecrew and Checkov now natively support scanning Bicep templates for misconfigurations. A successor to ARM templates, Bicep is Microsoft’s domain specific language (DSL) used to provision Azure resources. Checkov and the platform will scan Bicep files and compare them against ARM-based policies and Bicep specific policies, including graph-based policies.