heart Updates from BridgeCrew..
Story
@bridgecrewio shared a post, 10 months ago

2022 Prediction: DevSecOps will cross the chasm

We’ve been talking about DevSecOps and shift-left security for years. Although this approach probably didn’t “cross the chasm” in 2021, we did see some very telling milestones.

Screen Shot 2022-01-27 at 1.18.22 PM.png
Story
@bridgecrewio shared a post, 10 months ago

The key to DevSecOps success: Cross-team knowledge sharing

A good DevSecOps strategy goes beyond having the right tools and processes in place: it requires consistent and crucially, bi-directional feedback and learning. Both security and engineering teams have such different priorities and strengths, but that doesn’t mean they don’t have anything to learn from each other. This year, make it a resolution to create a culture of bi-directional learning between these two teams and reap the benefit of improved collaboration. Here are the top things one can learn from the other to break down silos in the name of DevSecOps.

Screen Shot 2022-01-27 at 1.21.04 PM.png
Story
@bridgecrewio shared a post, 10 months ago

Vulnerabilities vs. Security Misconfigurations: An Essential Primer

When you hear the term “security breach,” chances are that risks like malware or ransomware attacks come to mind. These exploits tend to feature in headlines about major cybersecurity attacks.

Screen Shot 2022-01-27 at 1.26.23 PM.png
Story
@bridgecrewio shared a post, 10 months ago

What you need to know about Terraform vs. CloudFormation

Selecting the right infrastructure as code (IaC) framework depends largely on your needs and the comfort levels of your team but can have a significant impact on your cloud-native tech stack. When looking at two common IaC frameworks—Terraform by HashiCorp and Amazon CloudFormation—there are a lot of opinions for and against each.

Screen Shot 2022-01-27 at 1.30.07 PM.png
Story
@bridgecrewio shared a post, 10 months, 1 week ago

Security Challenges of Developing Kubernetes Infrastructure with IaC

There are many reasons to love Kubernetes. It’s open source. It’s incredibly scalable and flexible. And it turns out to be a great way to deploy hybrid cloud and multi-cloud workloads.

Screen Shot 2022-01-27 at 1.03.40 PM.png
Story
@bridgecrewio shared a post, 10 months, 1 week ago

9 Essential Infrastructure Security Considerations for Kubernetes

Part of the reason why securing Kubernetes can be challenging is that Kubernetes isn’t a single, simple framework. It’s a complex, multi-layered beast.

Screen Shot 2022-01-27 at 1.10.25 PM.png
Story
@bridgecrewio shared a post, 10 months, 1 week ago

5 Ways to Configure a Monorepo for DevSecOps Efficiency

Monorepos—or the use of a single repository for every part of an application—have been around since before git was invented in 2005.

Screen Shot 2022-01-27 at 1.22.32 PM.png
Story
@bridgecrewio shared a post, 11 months ago

Building the Business Case for DevSecOps

“Resistance to change is proportional to how much the future might be altered by any given act.” — Stephen King

Humans are naturally resistant to change. The fear of the unknown and loss of control can cripple attempts to innovate and modernize. This is often true when it comes to DevSecOps initiatives. Many people accept the need for a more integrated and automated approach to security, but concerns about security teams slowing teams down or hindering innovation hold many companies back from embracing it.

Meanwhile, the digital economy is becoming more competitive, talent is becoming harder and more expensive to acquire, and the cost of breaches — financially and on companies’ reputations — has skyrocketed. In this environment, the benefits of DevSecOps far outweigh the upfront costs and ongoing investment.

Story
@bridgecrewio shared a post, 11 months ago

How to prevent the IaC misconfiguration snowball effect

The goal with infrastructure as code (IaC) frameworks such as Terraform and CloudFormation is to make infrastructure provisioning more efficient. Through a combination of automation and either imperative or declarative configuration, IaC makes it easier to deploy the same environment consistently and repeatably.

IaC’s immutability and machine readability are huge advantages when it comes to building, deploying, and testing infrastructure. It allows for storing and versioning of infrastructure, making it easier to manage, collaborate, and audit. It also allows teams to test—and secure—infrastructure just as they would with any other code. But without the right approach, IaC can actually pose a disadvantage when it comes to security and compliance.

Story
@bridgecrewio shared a post, 1 year, 1 month ago

It’s Not All Bad! Using Cloud Drift for Teachable Moments

Stack Overflow’s 2021 Developer Survey found that 54% of developers use AWS, yet only 7% use Terraform.

drift-detection-learnings.png