Bridgecrew's Policy-as-Code uses a processing logic with a graph-based framework to accurately evaluate infrastructure configuration posture. Graph data models are already used by most CSPs and IaC frameworks to describe resources, and the only way to accurately enforce security and compliance best practices is using a graph-based policy engine. With a graph of interconnected nodes and edges, we can now ask questions that require context from more than one resource.
The Policies tab in Bridgecrew allows you to view details, latest scan metrics and status of any Policy or group of Policies. You can also drill down to view the full details of Incidents associated with a Policy.
In addition to the extensive set of out-of-box policies provided by Bridgecrew, you can also create robust custom policies. For more information, click here.
Code Repository Badges
You can get Badges in your Code Repository that indicate compliance with a range of Benchmarks, each of which is associated with a set of Policies. See Code Repository Badges.
You can filter Policies by Category, Severity, Resource Type, Account or related Benchmarks.
The Category column shows the Category in which the Policy is grouped (e.g, Secrets, Storage, ElasticSearch, etc.).
Press a Policy to expand the entry and see the Policy's key details:
- Provider: the Provider (e.g., AWS, Azure, Kubernetes, etc.) with which the Policy is associated
- Guideline: link to an explanation of the Policy
- Resource Type: for example, S3 Bucket, ECR Repository, etc.
Hover over Last Update and press Inspect to go to the entry on the Incidents Dashboard associated with this Policy.
The Passed, Failed and Suppressed columns show the number of resources associated with this Policy that, in the most recent scan, Passed or Failed the related check, or were Suppressed in regard to the check.
The data in this table is an aggregation based on data for all relevant accounts. For example, if a Policy relates to an AWS issue, and you have multiple AWS accounts connected to Bridgecrew Cloud, the data relates to all of those accounts.
If you've filtered the Policies Dashboard by Account, the aggregated data is for those accounts only.
The colored checkmark in the Status column indicates the overall status in regard to this Policy.
- Green: All resources associated with this Policy passed the related check.
- Red: One or more resource has failed checks associated with this Policy and has not been Suppressed or Remediated.
- Black: One or more resource associated with this Policy is in violation of this Policy but has been Suppressed.
See Benchmark Compliance Reports for details on exporting PDF reports.
Updated 6 months ago