Terraform Enterprise integration 🏢

Bridgecrew can now be used as a run step in Terraform Enterprise as a mandatory or advisory step between the plan and apply stage. To get started, go to the Terraform Enterprise (Sentinel) wizard.


Initiate scans on-demand in the UI 🔍

Bridgecrew and Prisma Cloud users can initiate scans of onboarded integrations from the Projects screen, in addition to our periodic scans that happen twice a day. This will scan both VCS and Runtime resources. Note that for VCS, the scan will only scan the default branch, which is also true of the periodic scans.


VCS repository auto-onboarding 🤖

Bridgecrew allows owners and admin users to configure the VCS integration such that all existing and future repositories will automatically be integrated with Bridgecrew. The options are now:


Additional custom policies operators 🖊️

Bridgecrew now allows users to have additional customized policies capabilities by expanding the vast number of operators supported in our scheme. Newly supported operators include:


Support for AWS Terraform provider V4 🪣

We now support all versions of the Terraform AWS provider including V4! The following changes will not impact users who are using older versions of the provider, and Bridgecrew and Checkov will handle that detail automatically.


Renaming GitHub Code Review Check

As we extend code scanning far beyond infrastructure-as-code it has come the time to rename the GitHub check name used on Pull Request Checks. With current scanning covering images, open source, secrets and supply chain configuration files, the checks previous naming Infrastructure-as-code analysis has confused developers in their path to get a fully checked PR scorecard.

VCS policies for GitHub, GitLab, Bitbucket

Bridgecrew and Checkov will now ingest and scan version control system (VCS) configuration for misconfigurations. The Bridgecrew platform will automatically scan connected GitLab (GitHub and BitBucket coming soon) repositories and organizations and all VCS configuration within CI. To scan VCS configuration using Checkov, you’ll need to include an API key and specify the framework. For example:

Default policies in Checkov with an API key will now match the platform policies ⚠️

The latest release of Checkov includes an important policy update. The new default behavior when you use an API key is to only have policies that are in Bridgecrew/Code. This makes it a more consistent, integrated experience from Checkov to the platform. The previous behavior was that Checkov has more policies than the platform, leading to confusion about missing policies. You can still show all policies in Checkov scans using --include-all-checkov-policies.


Forked repository PR Comments and Code Reviews for Github Enterprise 🍴

This new capability allows users of GitHub Enterprise to fork repos that have Bridgecrew and automatically get insights (PR comments, Projects page information, etc.). Additionally, this feature allows users to:

Supply Chain Graph visualization 🚢

We’ve added a new page to Bridgecrew called Supply Chain Security to visualize the components of your supply chain and quickly see the posture of your application and infrastructure code.