Runtime security alerts are your top priorities. Reviewing and prioritizing incidents including non-compliant resources based solely on severity and benchmarks without the context of the resource that is associated with specific policy is not enough. Bridgecrew now offers advanced capabilities on our Incidents 2.0 page. Explore, manage, and fix your open runtime incidents across cloud providers (AWS, Azure, GCP) and Kubernetes workloads faster with our revamped navigation and visualizations.

Using a vulnerable version of the Apache Log4j library might enable attackers to exploit a Lookup mechanism that enables remote code execution. We’ve added rules to check that your cloud WAFs have the right signatures in place to prevent Log4j exploits (also known as Log4Shell). We’ve added the following policies:

Onboarded Azure Repos now automatically receive comments with misconfiguration feedback on every new pull request. These comments include details about the IaC policy violations, their severities, policy descriptions, how to fix them, and relevant benchmarks.

Bridgecrew added Smart Fixes. Frequent fixes for the same policy committed to your repositories will automatically be suggested on the Projects page the next time you violate that policy.

We’ve launched our official Bridgecrew Terraform provider. With the new provider you can:

Users can now show Bridgecrew compliance badges in their repositories for the following benchmarks:

Users can now reset a password if they sign up using a work email. Clicking on Reset Password will send either a temporary password if the password is not set or a reset request. Successful changes to a password will include an email to the user.

Users can now speed up the development of custom policies by cloning and modifying one of our over 50 YAML-based policies. In the Policies screen, find a YAML-based policy, click on the three dots, and clone. This will provide you with a new policy copied from that existing policy.

The Checkov plugin scans IaC templates for misconfigurations as you code in JetBrains products such as IntelliJ and PyCharm. Fix and skip suggestions are made on the resource block that violates any policies.

We’ve improved our Projects screen with some usability improvements: