Exploring security issues related to a resource is easier when you have more background information about that specific resource. Bridgecrew’s Resource Explorer refresh gives you a more context-rich and consistent experience to focus in on IaC, packages, and runtime resources across the entire platform—on the Projects, Supply Chain Graph, Incidents, and Resource Inventory screens.

Bridgecrew now automatically scans and identifies misconfigurations in any GitHub Actions workflow files that are found in onboarded repositories. CLI results will also appear in the platform when scans are performed locally or in a CI pipeline.

In addition to detecting cloud infrastructure drift in Terraform, Bridgecrew now supports drift detection violations for CloudFormation templates!

Bridgecrew is about to add 25 new out-of-the-box policies for Alibaba Cloud Terraform resources!
The following policies are estimated to be effective starting August 7th:

Helm is a popular templating language for packaging complex Kubernetes deployments. Last year, Checkov added support for Helm. Now, onboarding a Helm repository to Bridgecrew will automatically render and scan the Helm charts for violations.

In order to align with the continuous policy changes within Prisma cloud, Bridgecrew has changed the severities of the policies mentioned below.
Note that such change might impact severity-based feature like Enforcement.

The Development Pipeline screen provides a centralized view of organizations’ repositories and latest scans, providing an easy way to review, prioritize, and manage identified misconfigurations and vulnerabilities.

With Enforcement Settings, users can now easily control how their systems (i.e. CI/CD pipelines) will behave when violations are identified.

OpenAPI (fka Swagger) is a specification for defining your API endpoints, their inputs and outputs, authentication, and other details. Checkov and Bridgecrew now support scanning for OpenAPI v3.0 and Swagger v2.0.0 files for misconfigurations that expose your APIs to exploits.

Bridgecrew and Checkov now natively support scanning Bicep templates for misconfigurations. A successor to ARM templates, Bicep is Microsoft’s domain specific language (DSL) used to provision Azure resources. Checkov and the platform will scan Bicep files and compare them against ARM-based policies and Bicep specific policies, including graph-based policies.