Checkov and Bridgecrew now support Kubernetes graph policies! Kubernetes graph policies make connections between two or more resources. This allows you to identify issues that are not misconfigurations unless they are combined.
We’ve added a few more advanced Terraform capabilities to Checkov and the Bridgecrew platform!
Checkov software composition analysis (SCA) scans now build out a full dependency tree for supported package manager files. Before, only the root package was analyzed in the CLI, whereas full dependency trees were built in the platform. This lets users know about vulnerabilities in indirect dependencies locally and in CI/CD integrations.
Bridgecrew now scans CircleCI for misconfigurations from both Checkov and the platform. If public images are found in the configuration file, Bridgecrew will pull that image and scan it for vulnerabilities. The findings include checking that images use proper tags and avoiding the use of unstable Orbs.
Bridgecrew now supports dynamic blocks in Terraform. Dynamic blocks are a useful way to create multiple configurations for the same resource by writing a structure for the configuration and then using a list or object to fill in the gaps. For example, instead of writing out multiple ingress rules with the same CIDR block and different ports, you can define the CIDR block and then create a list of ports.
Repository misconfigurations, such as only having one reviewer, can lead to supply chain attacks. With Bridgecrew, users can now detect those misconfigurations from the platform for GitHub and GitLab. The platform automatically surfaces these findings when a user adds a GitHub or GitLab VCS integration.
Bridgecrew now identifies and provides fix suggestions in code for unmanaged Terraform and CloudFormation resources. Unmanaged resources are runtime resources that don’t have an equivalent build-time resource traced to them, which introduces cloud infrastructure drift.
Bridgecrew now automatically gathers templates and module blocks from onboarded GitHub repositories to scan them for compliance violations. Before, the platform only supported modules that were either public or local to a repository.
Bridgecrew and Checkov can now identify misconfigurations in your version control system (VCS) provider using Terraform. Many of Checkov’s policies for VCS providers can now be applied to Terraform code that uses either GitHub or GitLab.