Introducing Incidents 2.0 for faster runtime exploration 🔥

Runtime security alerts are your top priorities. Reviewing and prioritizing incidents including non-compliant resources based solely on severity and benchmarks without the context of the resource that is associated with specific policy is not enough. Bridgecrew now offers advanced capabilities on our Incidents 2.0 page. Explore, manage, and fix your open runtime incidents across cloud providers (AWS, Azure, GCP) and Kubernetes workloads faster with our revamped navigation and visualizations.

added

Log4Shell prevention rules for AWS, Azure, and GCP added ⚠️

Using a vulnerable version of the Apache Log4j library might enable attackers to exploit a Lookup mechanism that enables remote code execution. We’ve added rules to check that your cloud WAFs have the right signatures in place to prevent Log4j exploits (also known as Log4Shell). We’ve added the following policies:

improved

Azure Repos PR Comments upgrade 🚀

Onboarded Azure Repos now automatically receive comments with misconfiguration feedback on every new pull request. These comments include details about the IaC policy violations, their severities, policy descriptions, how to fix them, and relevant benchmarks.

added

Smart Fixes for repo sourced fixed suggestions 🧠

Bridgecrew added Smart Fixes. Frequent fixes for the same policy committed to your repositories will automatically be suggested on the Projects page the next time you violate that policy.

added

Bridgecrew Terraform Provider ⚒️

We’ve launched our official Bridgecrew Terraform provider. With the new provider you can:

improved

Badges for additional mapped benchmarks ☑️

Users can now show Bridgecrew compliance badges in their repositories for the following benchmarks:

added

Password reset 🔑

Users can now reset a password if they sign up using a work email. Clicking on Reset Password will send either a temporary password if the password is not set or a reset request. Successful changes to a password will include an email to the user.

added

Policy cloning for YAML-based out-of-the-box policies 🧑‍🤝‍🧑

Users can now speed up the development of custom policies by cloning and modifying one of our over 50 YAML-based policies. In the Policies screen, find a YAML-based policy, click on the three dots, and clone. This will provide you with a new policy copied from that existing policy.

added

Checkov plugin for JetBrains 💻

The Checkov plugin scans IaC templates for misconfigurations as you code in JetBrains products such as IntelliJ and PyCharm. Fix and skip suggestions are made on the resource block that violates any policies.

improved

Latest Projects screen improvements 🚧

We’ve improved our Projects screen with some usability improvements: