This guide outlines the challenges of leveraging DevSecOps to secure the cloud and highlights how infrastructure as code (IaC) makes it all possible. With research on the state of IaC security, advice for embracing a DevSecOps culture, and practical tips for embedding IaC security guardrails throughout the DevOps lifecycle, this guide is a worthwhile read for anyone interested in taking […]

As the de facto container orchestrator, Kubernetes has undeniable benefits when it comes to building performant and scalable applications. Its complexity and flexibility can create security challenges, but when approached with DevSecOps, can provide an opportunity to automate security from the start. In this guide, we’ll explore the unique considerations Kubernetes presents for cloud-native application security and how to build […]

Software supply chains are core to building and delivering cloud-native applications. They contain software components like open source packages and infrastructure as code (IaC) templates, as well as underlying delivery pipelines such as version control systems (VCS) and continuous integration / continuous delivery (CI/CD) pipelines. Because they have direct access to proprietary code and are just a few pivots away […]

When infrastructure as code (IaC) is paired with GitOps, DevOps teams can apply the same guidelines used to manage application code to infrastructure. The result is faster and more frequent deployment, better scalability, and increased predictability. GitOps also makes it easy to embed security scanning and guardrails throughout the entire development and delivery process. By integrating cloud security and GitOps, […]

People.ai relies heavily on Terraform and AWS for its cloud infrastructure. With over 10,000 resources in their infrastructure, gaining visibility and reducing security risks was proving to be difficult and time-consuming. As they constantly evolved their configured resources and scaled their cloud infrastructure footprint, they wanted to stay on top of best practices in keeping their environments secure. Download this […]

Bridgecrew empowers teams to secure their infrastructure wherever it is using a developer-first approach. It helps enterprises to fix issues in code, automate processes, and streamline cloud security into developer workflows. Benefits of Bridgecrew include:• Cloud drift detection and automated remediation• Cloud DevOps tools and workflows• Infrastructure as code (IaC) scanning Download this overview to learn more about the security […]

Planning, provisioning, and changing infrastructure are vital to rapid cloud application development. Incorporating infrastructure-as-code into software development promotes transparency and immutability and helps prevent bad configurations upstream. In this session, we’ll embed infrastructure-as-code security into a set of Auto DevOps gitlab pipelines, highlighting a workflow for catching issues in frameworks such as Terraform, CloudFormation and Kubernetes right from the developers […]

Gain hands-on experience with the help of experts from Bridgecrew and Hashicorp! From scanning infrastructure as code (IaC) for security misconfigurations to implementing automated DevSecOps workflows, this workshop will provide a hands-on experience to automate your cloud security. In this hands-on workshop, we’ll walk through:• An overview of DevSecOps and Terraform infrastructure as code (IaC)• Getting started with Bridgecrew to […]