Default policies in Checkov with an API key will now match the platform policies ⚠️

The latest release of Checkov includes an important policy update. The new default behavior when you use an API key is to only have policies that are in Bridgecrew/Code. This makes it a more consistent, integrated experience from Checkov to the platform. The previous behavior was that Checkov has more policies than the platform, leading to confusion about missing policies. You can still show all policies in Checkov scans using --include-all-checkov-policies.

added

Forked repository PR Comments and Code Reviews for Github Enterprise 🍴

This new capability allows users of GitHub Enterprise to fork repos that have Bridgecrew and automatically get insights (PR comments, Projects page information, etc.). Additionally, this feature allows users to:

Supply Chain Graph visualization 🚢

We’ve added a new page to Bridgecrew called Supply Chain Security to visualize the components of your supply chain and quickly see the posture of your application and infrastructure code.

See and filter by severity with Checkov 🚦

Now when you run Checkov with an API key, it will display severities. In addition, you can use severities as a filter in the --check and --skip-check options, as well as in the --hard-fail-on and --soft-fail-on options.

Bridgecrew IaC Tag Rules Manager 🏷

Boost your tagging strategy using Bridgecrew's IaC auto-tagging and centralized management

improved

Clone out-of-the-box policies 👯

You can now clone both out-of-the-box (OOTB) and custom policies from the Policies screen. Go to the menu of the policy and select Clone. Cloned policies will be renamed with the copy number appended (i.e. test policy (1) ).

improved

Platform CI/CD suppressions 🤫

Suppression rules originating from CI/CD now behave the same as standard platform suppressions:

Support for Kustomize scanning 💙

Kustomize makes templatizing and reusing Kubernetes manifests easier without having to recreate entire manifests. To ensure your Kustomize configuration and the resulting environments are secure from the start, Bridgecrew and Checkov now support Kustomize scanning.

CLI autocompletion for Checkov with Fig 💜

Checkov has been added to Fig, a visual autocomplete utility for iTerm, Hyper, VSCode, and macOS Terminal. For Fig users, this addition makes it even easier and faster to use Checkov in the command line with completions as you type.

improved

Smart fixes are now available for PR scans 💬

Smar Fixes will now show up as suggestions for PR comments and can be viewed on the Projects page for PR branches.