Bridgecrew Announces Smart Fixes and Talks About the Future of DevSecOps

Today we are delighted to welcome to the show a true veteran of technology, Idan Tendler. Idan is co-founder and CEO at Bridgecrew, a company that builds tools to automate infrastructure security from code to cloud.

In this interview episode, we talked about how Bridgecrew fit into the broader Palo Alto Networks product suite after its acquisition, Smart Fixes, a new announcement by the Bridgecrew team, and the DevSecOps industry trends.

Watch&Listen to the full interview episode.

Idan Tendler

Co-Founder&CEO at Bridgecrew

Idan, can you give us an overview of Bridgecrew: What does it do, and who is it built for?

We founded Bridgecrew to enable developers and DevOps engineers to run security faster and at scale. We saw security being shifted left with DevOps engineers taking more responsibility for the infrastructure’s security and realized that equipping these teams with tools to maintain security faster will become critical for most businesses. 

At Bridgecrew, we saw increased security misconfigurations with more developers and DevOps engineers building their infrastructure using infrastructure code frameworks that allow building applications faster by using code frameworks like Terraform or CloudFormation. By blindly counting on open source libraries, you sometimes make mistakes and bring them into your applications, which is a tipping point for infrastructure security. 

Often when developers write code, it is not enough to identify a mistake; you need to provide a tool to fix these misconfigurations. Therefore we focused on bringing tools and solutions to help identify and fix security issues in code misconfigurations as early as possible. We are proud to see that our tool became the best solution in the industry to identify and fix problems in infrastructures code, with more and more developers and DevOps engineers from small companies to Fortune 100 enterprises worldwide leveraging our solution.

I heard the news that Bridgecrew is announcing ‘Smart Fixes’, which seems like a creative way to leverage your team’s knowledge to solve common problems. Can you tell us a bit about how it works and what it does?

With Smart Fixes, we created a tool that translates a company’s best practices and past secure code behaviours into actionable recommendations providing multiple options for fixing a specific issue and addressing potential vulnerability in your infrastructure. 

Smart Fixes saves tons of time for engineering and DevOps teams as it helps improve and better understand the infrastructure when a misconfiguration occurs. To build it, we leveraged and translated the data in our platform into valuable insights to empower engineering teams.

Palo Alto Networks recently acquired Bridgecrew. How does Bridgecrew fit into the broader Palo Alto Networks product suite?

We are proud to be part of Prisma Cloud and Palo Alto Networks. Prisma Cloud is the fastest-growing cloud security solution with more than 2000 customers. Prisma Cloud enables customers with the broadest set of features and provides excellent value to developers, DevOps engineers, and security teams. By leveraging our solutions, our customers have the best detection tool to identify, fix and prevent issues in code. We enable better coexistence and better productivity of security and DevOps teams and help you avoid up to 90% of misconfigurations in code configurations.

The last time I spoke with Bridgecrew, we talked about Checkov, a popular open-source project created by the Bridgecrew team. Is open-source still a priority for Bridgecrew?

Checkov has become the best practice in our industry in dealing with infrastructures code, scanning for misconfigurations and detecting issues. The fact that it is based on open source allows us to have a close conversation with the developers’ community where developers are not just users of Checkov but also contributors. In this way, Chekhov is a living creature that changes and evolves all the time.

What is the future of DevSecOps? It seems it’s been talked about for a few years now, but in your view, are companies doing it, and where is the movement headed?

The past events showed that security is shifting left where companies want to address security concerns early in the development cycle. That shift is not only in awareness but in how business leaders expect their teams to run security. Now there’s an understanding that you must embed security in your day to day processes. Thus, we have to look at the entire toolchain and provide developers with solutions to run security at scale and less human intervention.

With Bridgecrew, you might use a variety of cloud frameworks, infrastructures, and policies, but you have a single pane of glass to run the security that gives you ultimate visibility from code to cloud.

Since now everybody is responsible for code security, do you foresee the change in DevOps and DevSecOps roles?

This change has already occurred with infrastructure where only a few hacky developers could build your infrastructure but now building infrastructure is democratized. I think security will follow that trend with the democratization of security responsibilities.

Thus, as leaders in the industry, we have two choices – to fight and say, “Hey, we need a centralized security solution and responsibility and accountability.” Or take a step to help and equip all stakeholders with the right tools and technologies to move faster. 

Idan, it’s been an absolute pleasure to have you on the show. Thank you so much for your time!

Stay tuned for more great interviews coming your way!