Resource Explorer

Overview

Exploring misconfigurations and errors across your resources is more efficient when you have the context of the specific resource the error was found in. Bridgecrew’s Resource Explorer gives you a focused view of the resource you are currently evaluating, allowing you to:

  • Make an educated decision regarding a specific error - prioritize its fix or suppress it.
  • Understand the connections between resources in your Resource Inventory or Supply Chain graph, and decide which of their properties might put them at risk or should not exist at all.
  • Explore the history of a specific resource - when it was first scanned and modified, and which errors Bridgecrew detected, suppressed or resolved.

Access

The Resource Explorer pane is always displayed on the right side of the screen after selecting a specific resource. You can access it from the following pages:

Projects

Select an error box to display the details about the relevant resource.

11421142

Incidents

Select a resource from the resource list displayed below each detected policy.

11521152

Supply Chain

Click on a supported resource node (IaC / package / runtime resource). The Resource Explorer tab will display general details about the resource in this node, its history, and - for package nodes only - a detailed list of all the code errors and vulnerabilities found in this resource, including their total number.

11621162

Resource Inventory

Select a resource from the list.

11451145

Resource Information

The Resource Explorer pane contains the following information tabs. Note that the information available depends on the resource type:

  • Details - displayed for all resources, the listed details vary according to the resource type.
  • Errors - available only for packages
  • History - available only for runtime and IaC resources
  • Traceablility - available only for runtime and IaC resources

Details

Detailes include the properties of the configured resource, such as package name and version (for package resources), repository, code lines, Provider Deep Link for opening the resource via VCS or in CSP (for runtime resources), etc.

Note: the following AWS resources and their equivalent Terraform AWS provider resources also support Nework Access anslysis:

  • EC2 Instance
  • ELB
  • ALB
  • RDS Cluster
  • ElasticCache Cluster
  • EMR Cluster
  • Redshift Cluster
  • ElasticSearch Domain
  • EFS Mount Target
  • ECS Service
  • EC2 Security Group
  • EC2 Security Group Rule
    In addition, the following Terraform AWS provider and AWS resources support Encryption analysis:
  • Athena Database
  • Athena Workgroup
  • CloudTrail
  • CloudWatch Log Group
  • CodeBuild Project
  • CodeBuild Report Group
  • DAX Cluster
  • DocDB Cluster
  • DynamoDB table
  • EBS Volume
  • ECR Repository
  • EFS File System
  • EKS Cluster
  • Elasticache Replication Group
  • ElasticSearch Domain
  • AWS Kinesis Stream
  • MSK Cluster
  • Neptune Cluster
  • RDS Cluster
  • RDS Global Cluster
  • Redshift Cluster
  • S3 Bucket
  • S3 Bucket Inventory
  • S3 Bucket Object
  • SageMaker Feature Group
  • SNS Topic
  • SQS Queue
28722872

AWS resource with Network Access analysis

27222722

AWS resource with Encryption analysis

Errors

This tab displays the policies or vulnerabilities found in a selected resource. Select a vulnerability from the drop-down menu to display data such as CVE ID, fix version, risk factors, and more.

464464

You can also select a non-compliant license (if found) from the same drop-down and view its details, such as the license type and additional data.

469469

History

A timeline of resource events: scans initiated, errors detected, resource modifications, etc. You can click on each historical event to expand it and view its full detail.

519519

The following events are supported in the History display (for IaC and runtime resources only):

Event

Event Title

IaC Resource

Runtime Resource

Initial Scan

When the first resource scan was conducted and which properties were detected

Resource Modified

Which resource properties were updated and when it was detected

Compliant

When the policy was first detected as compliant for a single policy

Fix PR Created

When a Pull Request for code fix was submitted (for a single policy)

Error Remediated

When a runtime incident was remediated by Bridgecrew’s playbook

Jira Issue Created

When a Jira issue was created for a single error

Error Suppressed

When a specific code error was suppressed

Error Detected

When a specific code error was first detected

Drift Detected

When a specific code drift was first detected

Error Fixed

When a specific code error was fixed

Traceability

Traceability tags connects build time (IaC) and runtime resources. They allow the user to locate run time resources that were deployed by a specific build time resource, detect drifts from IaC templates and trace the differences between cloud and code. Resource tagging can be done manually, automatically (using Yor), or by using the Bridgecrew tagging bot (Via Yor). See the Traceability for more information.
The Traceability tab in the Resource Explorer pane displays for each build time resource details of the runtime resource it deploys. Clicking the Resource link directs the user to the relevant runtime resource, and vice-versa (You need to select the Traceability tab again to see the change).

11431143
11461146

Traceability information for runtime and build time resources

Resource Dependencies

For some resources, a list of dependencies is displayed under Details:

  • Depends on - names of resources that the current resource configuration refers to and the specific property (or properties) that creates the dependency.
  • Dependants - names of resources that their configuration refers to the current resource and the specific property (or properties) that creates the dependency.

📘

Note

For packages, only direct dependencies are listed.

28782878

An AWS EC2 resource with a list of dependencies


Did this page help you?