Alibaba Cloud Terraform-based policies 🆕

Bridgecrew is about to add 25 new out-of-the-box policies for Alibaba Cloud Terraform resources!
The following policies are estimated to be effective starting August 7th:


Helm Support ⎈

Helm is a popular templating language for packaging complex Kubernetes deployments. Last year, Checkov added support for Helm. Now, onboarding a Helm repository to Bridgecrew will automatically render and scan the Helm charts for violations.

Severity changes across 111 policies 🛂

In order to align with the continuous policy changes within Prisma cloud, Bridgecrew has changed the severities of the policies mentioned below.
Note that such change might impact severity-based feature like Enforcement.

Development Pipelines 👩🏻‍💻

The Development Pipeline screen provides a centralized view of organizations’ repositories and latest scans, providing an easy way to review, prioritize, and manage identified misconfigurations and vulnerabilities.

Enforcement Rules Settings 🚥

With Enforcement Settings, users can now easily control how their systems (i.e. CI/CD pipelines) will behave when violations are identified.


OpenAPI Support 💻

OpenAPI (fka Swagger) is a specification for defining your API endpoints, their inputs and outputs, authentication, and other details. Checkov and Bridgecrew now support scanning for OpenAPI v3.0 and Swagger v2.0.0 files for misconfigurations that expose your APIs to exploits.


Bicep Support 💪

Bridgecrew and Checkov now natively support scanning Bicep templates for misconfigurations. A successor to ARM templates, Bicep is Microsoft’s domain specific language (DSL) used to provision Azure resources. Checkov and the platform will scan Bicep files and compare them against ARM-based policies and Bicep specific policies, including graph-based policies.


Terraform Enterprise integration 🏢

Bridgecrew can now be used as a run step in Terraform Enterprise as a mandatory or advisory step between the plan and apply stage. To get started, go to the Terraform Enterprise (Sentinel) wizard.


Initiate scans on-demand in the UI 🔍

Bridgecrew and Prisma Cloud users can initiate scans of onboarded integrations from the Projects screen, in addition to our periodic scans that happen twice a day. This will scan both VCS and Runtime resources. Note that for VCS, the scan will only scan the default branch, which is also true of the periodic scans.


VCS repository auto-onboarding 🤖

Bridgecrew allows owners and admin users to configure the VCS integration such that all existing and future repositories will automatically be integrated with Bridgecrew. The options are now: