Resource Explorer


Exploring misconfigurations and errors across your resources is more efficient when you have the context of the specific resource the error was found in. Bridgecrewโ€™s Resource Explorer gives you a focused view of the resource you are currently evaluating, allowing you to:

  • Make an educated decision regarding a specific error - prioritize its fix or suppress it.
  • Understand the connections between resources in your Resource Inventory or Supply Chain graph, and decide which of their properties might put them at risk or should not exist at all.
  • Explore the history of a specific resource - when it was first scanned and modified, and which errors Bridgecrew detected, suppressed or resolved.


The Resource Explorer pane is always displayed on the right side of the screen after selecting a specific resource. You can access it from the following pages:


Select an error box to display the details about the relevant resource.



Select a resource from the resource list displayed below each detected policy.


Supply Chain

Click on a supported resource node (IaC / package / runtime / build integrity resource). The Resource Explorer tab will display general details about the resource in this node, its history, and a detailed list of all the code errors / policies / vulnerabilities found in this resource, including their total number.


Resource Inventory

Select a resource from the list.


Resource Information

The Resource Explorer pane contains the following information tabs. Note that the information available depends on the resource type:

  • Details - displayed for all resources, the listed details vary according to the resource type.
  • Errors - available only for all resources
  • History - available only for runtime and IaC resources
  • Traceablility - available only for runtime and IaC resources


Detailes include the properties of the configured resource, such as package name and version (for package resources), repository, code lines, Provider Deep Link for opening the resource via VCS or in CSP (for runtime resources), etc.

Note: the following AWS resources and their equivalent Terraform AWS provider resources also support Nework Access anslysis:

  • EC2 Instance
  • ELB
  • ALB
  • RDS Cluster
  • ElasticCache Cluster
  • EMR Cluster
  • Redshift Cluster
  • ElasticSearch Domain
  • EFS Mount Target
  • ECS Service
  • EC2 Security Group
  • EC2 Security Group Rule
    In addition, the following Terraform AWS provider and AWS resources support Encryption analysis:
  • Athena Database
  • Athena Workgroup
  • CloudTrail
  • CloudWatch Log Group
  • CodeBuild Project
  • CodeBuild Report Group
  • DAX Cluster
  • DocDB Cluster
  • DynamoDB table
  • EBS Volume
  • ECR Repository
  • EFS File System
  • EKS Cluster
  • Elasticache Replication Group
  • ElasticSearch Domain
  • AWS Kinesis Stream
  • MSK Cluster
  • Neptune Cluster
  • RDS Cluster
  • RDS Global Cluster
  • Redshift Cluster
  • S3 Bucket
  • S3 Bucket Inventory
  • S3 Bucket Object
  • SageMaker Feature Group
  • SNS Topic
  • SQS Queue

AWS resource with Network Access analysis


AWS resource with Encryption analysis


This tab displays the policies, vulnerabilities or code errors found in a selected resource.
For open source resources, select a vulnerability from the drop-down menu to display data such as CVE ID, fix version, risk factors, and more.


You can also select a non-compliant license (if found) from the same drop-down and view its details, such as the license type and additional data.


For build integrity or IaC resources, the Errors tab displays the misconfigured code excerpt (only from the default branch).




1, Automated fix suggestions are not available for errors in custom policies. For such errors, you can only select a manual fix.
2. Automated fix suggestions are only available for some out-of-the-box policies. Click See policy documentation to read the error description and the suggested fix, if available.


An out-of-the-box policy with an automated fix suggestion


A timeline of resource events: scans initiated, errors detected, resource modifications, etc. You can click on each historical event to expand it and view its full detail.


The following events are supported in the History display (for IaC and runtime resources only):

EventEvent TitleIaC ResourceRuntime Resource
Initial ScanWhen the first resource scan was conducted and which properties were detectedโœ”โœ”
Resource ModifiedWhich resource properties were updated and when it was detectedโœ”โœ”
CompliantWhen the policy was first detected as compliant for a single policyโœ”โœ”
Fix PR CreatedWhen a Pull Request for code fix was submitted (for a single policy)โœ”โŒ
Error RemediatedWhen a runtime incident was remediated by Bridgecrewโ€™s playbookโŒโœ”
Jira Issue CreatedWhen a Jira issue was created for a single errorโœ”โœ”
Error SuppressedWhen a specific code error was suppressedโœ”โœ”
Error DetectedWhen a specific code error was first detectedโœ”โœ”
Drift DetectedWhen a specific code drift was first detectedโœ”โœ”
Error FixedWhen a specific code error was fixedโœ”โŒ


Traceability tags connects build time (IaC) and runtime resources. They allow the user to locate run time resources that were deployed by a specific build time resource, detect drifts from IaC templates and trace the differences between cloud and code. Resource tagging can be done manually, automatically (using Yor), or by using the Bridgecrew tagging bot (Via Yor). See the Traceability for more information.
The Traceability tab in the Resource Explorer pane displays for each build time resource details of the runtime resource it deploys. Clicking the Resource link directs the user to the relevant runtime resource, and vice-versa (You need to select the Traceability tab again to see the change).


Traceability information for runtime and build time resources

Resource Dependencies

For some resources, a list of dependencies is displayed under Details:

  • Depends on - names of resources that the current resource configuration refers to and the specific property (or properties) that creates the dependency.
  • Dependants - names of resources that their configuration refers to the current resource and the specific property (or properties) that creates the dependency.



For packages, only direct dependencies are listed.


An AWS EC2 resource with a list of dependencies