Infrastructure-as-Code

Overview

Bridgecrew uses a processing logic with a graph-based framework to accurately evaluate infrastructure configuration posture. Graph data models are already used by most CSPs and IaC frameworks to describe resources, and the only way to accurately enforce security and compliance best practices is using a graph-based policy engine. With a graph of interconnected nodes and edges, we can now ask questions that require context from more than one resource.

Policies

The Policies tab in Bridgecrew allows you to view details, latest scan metrics and status of any Policy or group of Policies. You can also drill down to view the full details of Incidents associated with a Policy.

📘

Custom Policies

In addition to the extensive set of out-of-box policies provided by Bridgecrew, you can also create robust custom policies. For more information, click here.

📘

Code Repository Badges

You can get Badges in your Code Repository that indicate compliance with a range of Benchmarks, each of which is associated with a set of Policies. See Code Repository Badges.

1004

Filtering

You can filter Policies by Category, Severity, Resource Type, Account or related Benchmarks.

740

Policy Details

The Category column shows the Category in which the Policy is grouped (e.g, Secrets, Storage, ElasticSearch, etc.).

Press a Policy to expand the entry and see the Policy's key details:

  • Provider: the Provider (e.g., AWS, Azure, Kubernetes, etc.) with which the Policy is associated
  • Guideline: link to an explanation of the Policy
  • Resource Type: for example, S3 Bucket, ECR Repository, etc.
719

View Associated Incidents

Hover over Last Update and press Inspect to go to the entry on the Incidents Dashboard associated with this Policy.

1121

Scan Results

The Passed, Failed and Suppressed columns show the number of resources associated with this Policy that, in the most recent scan, Passed or Failed the related check, or were Suppressed in regard to the check.

727

📘

Note

The data in this table is an aggregation based on data for all relevant accounts. For example, if a Policy relates to an AWS issue, and you have multiple AWS accounts connected to Bridgecrew Cloud, the data relates to all of those accounts.
If you've filtered the Policies Dashboard by Account, the aggregated data is for those accounts only.

Policy Status

The colored checkmark in the Status column indicates the overall status in regard to this Policy.

  • Green: All resources associated with this Policy passed the related check.
  • Red: One or more resource has failed checks associated with this Policy and has not been Suppressed or Remediated.
  • Black: One or more resource associated with this Policy is in violation of this Policy but has been Suppressed.
1167

📘

Note

See Benchmark Compliance Reports for details on exporting PDF reports.