Jump to Content

Home Documentation Recipes API Reference Changelog

Platform Resources Sign in Sign Up

Platform Resources Sign in Sign Up

Home Documentation Recipes API Reference Changelog

Welcome

What is Bridgecrew?
Prerequisites
Open Source

Get Started

Sign Up
Integrate with Code Repositories
Integrate with Cloud Providers
Integrate with CI/CD Systems
Integrate with IDE
- Visual Studio Code
- Jetbrains
Integrate with Kubernetes
Integrate with Private Registries
- Integrate with Artifactory

Code Analysis

Infrastructure-as-Code
Images
Open Source (SCA)
Secrets
Supply Chain
Code-to-Cloud

Advanced Setup

Plan & Track
Custom Policies
Fix
Manage Tags
- Traceability
- Manage Tag Rules
Integrations
API Access
SBOM Generation

Organization Management

Notification Systems
SSO Systems
User Management
Billing
- What Happens If My Payment Failed?
- How do I delete my account?

AWS Policies

AWS Policy Index
General Policies
IAM Policies
Kubernetes Policies
Logging Policies
Networking Policies
Public Policies
Elasticsearch Policies
Monitoring Policies
S3 Policies
Secrets Policies
Serverless Policies

Kubernetes Policies

Kubernetes Policy Index

Azure Policies

Azure Policy Index
General Policies
IAM Policies
Kubernetes Policies
Logging Policies
Networking Policies
Secrets Policies
- Ensure AKV secrets have an expiration date set
- Ensure secrets are not exposed in Azure VM customData
Storage Policies
Public Policies
- Ensure MariaDB servers have public network access enabled set to False

Google Cloud Policies

Google Cloud Policy Index
General Policies
IAM Policies
Kubernetes Policies
Logging Policies
Networking Policies
Public Policies
Google Cloud Storage Policies
Cloud SQL Policies

Docker Policies

Docker Policy Index

Git Policies

Secrets Policy Index

OCI Policies

Compute Policies
- Ensure OCI Compute Instance boot volume has in-transit data encryption enabled
- Ensure OCI Compute Instance has Legacy MetaData service endpoint disabled
Secrets Policies
- Ensure no hard coded OCI private key in provider
Storage Policies
Logging Policies
- Ensure OCI Compute Instance has monitoring enabled
Networking Policies
IAM Policies

Alibaba Policies

Alibaba Policy Index
General Policies
IAM Policies
Kubernetes Policies
- Ensure Alibaba Cloud Kubernetes installs plugin Terway or Flannel to support standard policies
- Ensure Alibaba Cloud Kubernetes node pools are set to auto repair
Logging Policies
Networking Policies

Bridgecrew Policies

General
Bridgecrew provider has hard-coded API token
Open source vulnerabilities
Open Source package License Compliance
Open Source Package Unknown License

Open Source Policies

Supported Language Index
- Docker
- Go
- HCL
- Java
- JavaScript
- Kotlin
- Python
- Ruby
- YAML

Build Integrity Policies

GitHub Policies
GitLab Policies
GitHub Actions Policies
Bitbucket Policies
- Ensure BitBucket pull requests require at least 2 approvals
GitLab CI Policies
- Suspicious use of curl with CI environment variables in script
- Avoid creating rules that generate double pipelines
Azure Pipelines Policies

OpenStack Policies

Ensure OpenStack firewall rule has destination IP configured
Ensure OpenStack instance does not use basic credentials
Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 (tcp / udp)

API Policies

OpenAPI Policies

Runtime Resources

Fixing Runtime Resources

For full details on fixing runtime resources, see Incidents.

Updated over 1 year ago

What’s Next

Suppress
Create Issue
IaC Resources

Table of Contents
- Fixing Runtime Resources