Source: thenewstack.io
Bridgecrew’s Checkov Extension: ‘Far-Left’ Automated SecurityCategory: Security
Bridgecrew, the DevSecOps company that Palo Alto Networks recently agreed to acquire, has expanded its Checkov security tool to scan code and applications from the very beginning of the development cycle. With its new Visual Studio Code (VS Code) extension, Checkov will automatically prompt the developer if code does not meet policy requirements, is misconfigured or demonstrates other security anomalies, the company claims.
In this way, the VS Code extension alleviates many bottlenecks and points of friction that happen downstream from the point a developer is coding, said Barak Schoster, chief technology officer and co-founder of Bridgecrew.
While describing the VS Code extension as “sort of like the last missing puzzle piece in Bridgecrew’s platform and suite of dev tools” and in the context of IaC, the extension continues to scan the same code as it gets compiled further in the development cycle, Schoster said.
The idea behind the new VS Code extension is to automate fixes and policy violations directly within the developer’s IDE, before they integrate that code into a shared repository or deploy it,” said Schoster.
In this way, the VS Code extension alleviates many bottlenecks and points of friction that happen downstream from the point a developer is coding, said Barak Schoster, chief technology officer and co-founder of Bridgecrew.
While describing the VS Code extension as “sort of like the last missing puzzle piece in Bridgecrew’s platform and suite of dev tools” and in the context of IaC, the extension continues to scan the same code as it gets compiled further in the development cycle, Schoster said.
The idea behind the new VS Code extension is to automate fixes and policy violations directly within the developer’s IDE, before they integrate that code into a shared repository or deploy it,” said Schoster.
Related Articles
Community Partners
DevOps Careers