 Hi everyone, thanks for joining us. I'm Taylor Smith, part of the Bridge Crew team, and I'll walk you through a demo of the Bridge Crew platform and its integrations across the development life cycle. Before we dive into the demo, I wanted to give a quick background on Bridge Crew. DevOps is moving at breakneck speeds. In our digital-first economy, agility is key. Development teams are measured on churning out features and traditional security can't keep up. This has moved down the stack to infrastructure, where developers can define their infrastructure as code. Developers iterate fast on IEC templates, but these templates are often insecure. This is evident in open-source templates. Nearly 50% of AWS modules in the Terraform registry contain misconfigurations exposing organizations to attackers. In just one of those templates is insecure, it often includes hundreds of resources. That leads to an overwhelming amount of alerts for security teams and an intrusive level of tickets for developers. We're here to solve that. Bridge Crew empowers engineers to secure infrastructure amazingly fast. We call it codified security. Bridge Crew identifies misconfigurations leveraging our library of hundreds of policies, source from compliance frameworks like CIS, and from community of open-source contributors. The infrastructure as code scanning is performed by our community-supported open-source tool, Chekhov, with additional features and runtime capabilities in our Bridge Crew platform. We automatically identify misconfigurations and infrastructure as code templates and at runtime. We present fixes in the form of suggestions, pull requests, and commits backed into your development pipeline in an automated playbook for issues identified in runtime. And we create guardrails to prevent misconfigurations from making it into your deployments. This creates a proactive rather than reactive approach to addressing misconfigurations. This automated full-life cycle approach enforces policies early and often via integrations across developer and DevOps stacks. Bridge Crew integrates with IDEs, continuous integration tools, repositories, ticketing, chat, and cloud environments. This creates a powerful feedback loop that increases the likelihood of misconfigurations being repaired. We do this for Terraform, CloudFormation, Kubernetes, Helm, Azure Resource Manager templates, Dockerfiles, and serverless framework, as well as in runtime for AWS, Azure, and GCP. The result is better infrastructure as code templates, more secure cloud workloads, and less noise for security and development teams. Now for the demo. I'm going to walk you through the flow of an infrastructure as code development and deployment and show how Bridge Crew secures cloud infrastructure at every step. From bridgecrew.io, I can access the signup page, or I can go directly to bridgecrew.cloud. Here you can sign up for a free community account that comes with a 14-day trial of the full platform, no credit card required. Sign up through any of these SSO options, or use your work email. I already have an account, so it'll log me right in. I'm going to start with a demonstration of our CLI based infrastructure as code scanner. Checkoff is our open source tool that underpins all of our infrastructure as code scanning. If I run checkoff-l, you can see hundreds of policies that are included out of the box across template types and providers. Running a scan of a directory or file, in this case a Terraform template, will check for all policy violations that are relevant to that template type. The scan runs completely locally. Here you can see I passed 10 checks and failed 21. For example, here's where checkoff identified that instance metadata service version 1 is enabled and that a template includes a hard-coded C-grid. All of this is free and open source. If I run the same scan with an API key and it available for free with a bridgecrew platform, it will reach out to the bridgecrew SAS platform. You'll see it a link at the bottom. This will take me to the code review in the bridgecrew platform, which I'll be going over in a bit. Next I'll show our VS code integration. You'll need to include the API key from the bridgecrew platform. Then checkoff will scan any open template to identify and flag all misconfigurations in the code you're writing. This is an example Terraform repo. Notice that in the three files I've scanned, it's picked up on 45 policy violations. I'm going to add a new template that will create an S3 bucket. First I'll start a new branch. Then I'll add a new file and fill in some HCL. Immediately checkoff will start scanning for misconfigurations. Here it's identified 7 misconfigurations in my new file. Selecting quickfix will provide options to add skip commands, comments, or automatic fixes. Using this quickfix will add the HCL to encrypt the data at rest. Notice the new code added. I'm going to revert that code and commit this new misconfigured bucket to my GitLab repository. Git add, Git commit, Git push to origin. Here you can see the merge requests I just created from that commit. And in here you might notice some of the comments. So I have 7 infrastructure configuration errors identified by Bridge Crew. And this bot automatically comments on each resource to say what are some of the issues identified. So we have a low severity issue about a storage issue. And it's that ensure the S3 bucket has logging enabled. If I scroll down here you can see some more that are low or high. So I should probably prioritize this high misconfiguration. And what I can do if I pop over to the Bridge Crew run for that merge request, you can see those same misconfigurations. Now what I can do from here is I can actually do a fix back to the merge request. So this will create a commit back to the merge request. And let me just do one here. So I'm going to add this encryption by default to the S3 bucket. And I'm just going to ignore the other six misconfigurations. So it's completed. Let's take a look down here and hit refresh. And now you can see that this commit was made on my behalf. So if I open this up and see the changes, here you go. Here's that encryption added automatically. Back to the commit. No problems whatsoever. Now back in the Bridge Crew platform we have our projects page. And the projects page is an aggregation of all the scans across all of my different integrations. And if I open up the integration that I just did with GitLab, you can see all the misconfigurations in the Terrigot repository. Now let's look for the one you can see here that I can filter by owner. And this is using Git Blame. So it'll be the last modified person who last modified that resource. So John was the last person to modify this S3 bucket. And I can filter by category. So I can filter by storage or secrets, severity level, and tagging. And then for each of these resources we include some additional detail that's very easy, that's very helpful, like the bucket name, the ACL, if there are any additional features turned on, tags, and related resources using our graph backend. So this is one dependent C, as well as a resource history. From here I can also create an automatic merge request back to the repository. So if I create a fix automatically, then it will open up a merge request on my behalf with the change automatically. So here's an example right here. It will remove these lines. So if I do fix and submit, it will remove those lines in a pull request, in a merge request, back to GitLab. And once I've done that, I can open up that merge request and accept it automatically. And so it fits into developer workflows, that simple. From here I like to move into the CSPM capabilities that we have. And that's because it's important to have both build time and runtime security. I wanted to show off the integration page to reiterate the different integration options we have, as well as how simple it is to add an integration. For example, to onboard a cloud account, simply select the cloud provider and choose add account and launch stack. This will automatically add a read only stack in your cloud provider to gain visibility. For AWS, you can also add a stack that performs corrective actions on your behalf using the remediation stack. Onboarding your cloud account takes just a few minutes. Once onboarded, the resource inventory view will provide a full inventory of your cloud resources. On the far right column you'll see all the errors identified and updated periodically. You can filter based on resource types, accounts, tags, network access and encryption. Or you can use one of our predefined queries. The predefined queries are for low hanging fruit. For example, unencrypted databases and storage buckets. Next to the resource I can select the number of errors and the violation that will take me to the incidents page. The incidents page lists all of the identified misconfigurations in a central location. Each incident includes all resources that violated the policy in build time and run time. I can directly create a JIRA ticket that includes the details about that misconfiguration for my developers to fix. The resource will include an HCL representation of the misconfiguration in an audit history for that resource. If I have a remediation stack deployed, I can perform auto remediation to fix that misconfiguration in my cloud environment from this incident page. The final screen I wanted to share is the dashboard. This provides a summary view of all of the cloud resources as well as your posture measured against major benchmarks. Many of these charts are interactive so you can quickly filter to find more information. You can monitor your cloud security posture over time. You can sign up for Bridge Crew free, no credit card required, and it comes with a 14-day trial of our full platform. Thanks for joining this demo of the Bridge Crew platform.