Terms & Concepts

Terms

Infrastructure as code frameworks are systems for automating infrastructure deployment, scaling and management through the use of machine-readable configuration files.

Declarative configurations are absolute methods to design the execution of well-defined infrastructure building blocks.

Imperative configurations are procedural methods to design the steps required to build a required end-result.

Immutable infrastructure defines a version-controlled data model that enables reproducing point-in-time changes to individual attributes of a configuration manifest.

Terraform is a popular open source declarative infrastructure as code framework used primarily to define resource in public cloud services.

CloudFormation is a declarative infrastructure as code framework used to define resources in Amazon Web Services.

Kubernetes is a popular open source declarative infrastructure as code framework used primarily to orchestrate containers in a virtual computing environment.

Concepts

Policy: Security policies define various aspects of your cloud configuration that impact the overall security of the environment. For example, multi-factor authentication should be enabled for the root account.

Incident: Upon each scan, Bridgecrew creates Incidents for each case of non-conformance to a Policy in runtime environments.

Errors: Upon each scan, Bridgecrew identifies Errors for each case of non-conformance to a Policy in IaC files in buildtime environments.

Resource: A Resource is a Cloud Platform entity, for example, an Amazon EC2 instance, a CloudFormation stack, or an Amazon S3 bucket.

Suppression: This is an action that can be taken to indicate that an Incident reported by Bridgecrew is actually not problematic. When Suppressing an Incident, you can Suppress it for all relevant Resources or only specific Resources.

Remediation: Depending on the Incident, Bridgecrew may offer one of the following types of Remediation: Open Jira Ticket, Run Playbook, Open Fix PR