Ask a developer in a blue shirt if they’d like to don a red shirt and join the security team, and they might pass on that risky proposition, if they’ve seen any classic Star Trek episodes before. But with DevOps teams declaring cloud infrastructure-as-code (IaC) for automated pipelines, a security detail now comes with the job.
Bridgecrew is helping embed secure coding and config practices and automate secure policy enforcement and exploit remediation earlier in the software lifecycle without making developers directly contend with a universe of known and unknown threat vectors in modern cloud application delivery environments.
Bridgecrew’s platform integrates with most known repos, configuration and CI/CD tools, but abstracts away the manual aspects of implementing security policies as code within the developer’s workflow, running automated security scans and offering user-initiated or automated vulnerability fixes, based on the company’s policies.
We barely even knew Bridgecrew as a startup before they were taken aboard by Palo Alto Networks this year — though they continue with their own brand, platform and mission to spread the good news of their open-source Checkov infrastructure security linter as an entry portal for the deeper security scans and remediations their enterprise platform can offer.
One cool wrinkle they’ve just announced is their Checkov Exension for Visual Studio Code, which runs policy and ML-based security checks not just at compile time, but in real-time, engaging with heads-up alerts and suggestions while the developer is coding their cloud infrastructure, kind of like a writing grammar assistant.
©2021 Intellyx, LLC. At the time of writing, Bridgecrew is not an Intellyx customer. Want to see more BrainCandy? Subscribe today. Get our Cloud-Native Computing poster. If you are a vendor seeking coverage from Intellyx, please contact us at PR@intellyx.com.