Code Reviews in Bitbucket Server 🔍

Bitbucket Server users now get our code review status and link in every pull request. Onboard your Bitbucket Server to the Bridgecrew platform and authorize the repositories you want to be scanned. Once onboarded, every pull request will include a link to a Code Review in the Bridgecrew platform and will act as a guardrail with a pass/fail on the commit based on if it passed all of Bridgecrew’s policies at your defined threshold (low/medium/high/critical) that were not excluded or skipped.


Six new queries in the Resource Inventory 💡

We’ve added six graph-based out-of-the-box queries for investigating AWS runtime resources from the Resource Inventory page for better visibility. Many of these are based on our Network Access graph that identifies multiple ways for internet exposure, such as public subnets, internet gateways, and load balancers.


Updated pull request comments 💬

We’ve updated our GitHub pull request comments to provide more information in an easier to digest format. The pull requests now include much more information but are grouped to minimize comment overload. Here’s what’s new:


Checkov baseline ⬇️

Set a baseline for a directory (not an individual file) to skip all existing misconfigurations for future runs. Use checkov -d path/to/directory --create-baseline to set a baseline file .checkov.baseline in the scanned directory. Then in subsequent runs, use checkov -d path/to/directory --baseline path/to/directory/.checkov.baseline to only check for new misconfigurations identified.


Checkov Secrets Scanning 🤫

Checkov now finds and flags identified secrets in your infrastructure as code templates using regular expressions, keyword matching, and entropy based scanning. This feature is on by default and will show up as a dedicated section of the Checkov output. As of this post, Checkov secrets checks range from CKV_SECRET_1 through CKV_SECRET_19.


Simplifying severity management by deprecating the “Info” severity ℹ️

To make severity management easier, Bridgecrew has removed the “Info” severity for both out-of-the-box and custom policies. The following modifications will be made:


Custom Policy API 🔗

We’ve added application programming interfaces (APIs) for deeper integrations between our tools and others. With our new APIs, teams can:

Updated pricing 🤝

To simplify our plans and make it consistent with Prisma Cloud’s pricing, we’ve made two major updates.


Projects 🚀

Our latest addition is a long-awaited feature for our DevOps team leads: Projects 🚀, our newest addition to the Bridgecrew platform, offers a centralized console view of everything currently going on in a subject repository. From this birds-eye-view, DevOps admins can now quickly sort through critical issues already merged into their main branches and evaluate what findings should be prioritized for fix.

Latest CIS Benchmarks Versions Support

Bridgecrew policies are natively mapped to industry benchmarks that translate into operational best practices and compliance requirements.