KubeCon
+ CloudNativeCon 2021. Will you be in attendance? If so, VMblog
invites you to swing by and check out the Bridgecrew booth in the sponsor
showcase.
Read this exclusive KubeCon pre-show interview
between VMblog and Taylor Smith, Sr. Product Marketing Manager at Bridgecrew. Bridgecrew by Prisma Cloud is the developer-first cloud DevSecOps platform that enables teams to automate infrastructure security throughout the development lifecycle. With support for infrastructure as code (IaC) scanning, security-as-code fixes, and native developer tools integrations, Bridgecrew shifts security left and makes it accessible to developers.
VMblog: Can you give us the high-level rundown of
your company's technology offerings?
Explain to readers who you are, what you do, what problems you solve,
etc.
Taylor Smith: Bridgecrew by Prisma Cloud is the
developer-first cloud DevSecOps platform that enables teams to automate
infrastructure security throughout the development lifecycle. With support for
infrastructure as code (IaC) scanning (Terraform, CloudFormation, etc.),
automated fixes, and native developer tools integrations, Bridgecrew shifts
security left and makes it accessible to developers via the tools they're
already using (IDEs, VCS, CI/CD).
VMblog: And while talking about your products, can
you give readers a few examples of how your offerings are unique? What are your differentiators?
Smith: We differentiate ourselves by being
comprehensive and developer-friendly. We have the industry's most robust policy
library across Terraform, CloudFormation, Kubernetes, Helm, Dockerfile, ARM Templates and Serverless
framework from code to cloud. Our tools are not only embedded in DevOps tools,
such as CI/CD platforms, but they offer guidance and remediation in context,
with IDE inline guidance, pull request comments, and pull request ready fixes.
VMblog: If an attendee likes what they see and hear
at your booth, what message about your product can you send them back with to
sell their boss on your technology?
Smith: Bridgecrew decreases your risk exposure by
improving the posture of cloud infrastructure before it is deployed and
increases developer productivity by minimizing security alerting and lengthy
remediation cycles. For those who are ready to try it for themselves,
Bridgecrew offers a free 14-day trial and we're very proud of our free and open
source offerings Checkov, Yor, and AirIAM.
VMblog: Normally at the KubeCon event, sponsors are
showcasing new products or new product updates and features for the first
time. Do you have anything new that
you've either recently announced or plan to discuss in more detail at the event? Can we get a sneak peek?
Smith: Bridgecrew recently announced our automated
container image scanning. We already identify misconfigurations in IaC
templates such as Terraform and Kubernetes manifests. Now, leveraging twistcli
from Prisma Cloud, we identify and provide remediation guidance for vulnerabilities
in containers (Dockerfiles) found in your onboarded repositories. This moves us
up the stack to help developers create secure cloud native applications from
the infrastructure to Kubernetes up to the containers running on top.
VMblog: At what stage do you feel we are at with
regard to containers? Is there anything
still holding it back? Or keeping it
from a wider distribution?
Smith: Most surveys, including the one from the CNCF,
are showing that containers are nearly pervasive with a vast majority of
organizations adopting containers in production. However, that doesn't mean
every application within those organizations-data also shows that most of those
are held back, at least in part, by security concerns.
What's missing today is taking advantage of
what makes containers unique. Because containers are fully bundled executables
with all of the dependencies, we have an opportunity to create secure
applications before they are ever deployed. Kubernetes, despite its complexity,
is actually fairly secure, if properly configured. If things like
misconfigurations and vulnerabilities are patched in code, the attack surface
and associated risk is drastically reduced.
VMblog: How does your company or product fit within
the container, cloud, Kubernetes ecosystem?
Smith: Bridgecrew offers developer friendly code to
cloud security for cloud native applications. We find security issues in code
and surface them to developers throughout the development lifecycle.
So, if you're provisioning your cloud
infrastructure using Terraform, CloudFormation, etc., we'll secure that at
build time and runtime with drift detection. For Kubernetes based applications,
we detect and provide remediation guidance for misconfigurations in Kubernetes
manifests and Helm charts. For the containers running on top, we just announced
our container image scanning that will identify vulnerabilities and
misconfigurations found in your container code stored in your repos. Container
code looks a lot like IaC, with a configuration file (Dockerfile) and components
that need to be assembled to provision a service. We're bringing a developer
friendly experience to securing container images.
VMblog: How can people find you at the show this
year? Can you give VMblog readers a
sneak peek as to what you will be showing off at your booth? What should
attendees expect to see and hear at your booth?
Smith: At KubeCon this year, we'll be showing off a
demo of our full lifecycle cloud infrastructure security. We'll show off how
you can secure your IaC and your cloud runtime, and fix drift between the two.
And of course the new container image scanning that we're announcing at
KubeCon!
##