Bridgecrew: Cloud Security with Guy Eisenkot

Cloud computing provides tools, storage, servers, and software products through the internet. Securing these resources is a constant process for companies deploying new code to their cloud environments. It’s easy to overlook security flaws because company applications are very complex and many people work together to develop them. Wyze Labs, for example, had millions of users’ data stolen due to a mistake by a single employee.
The company Bridgecrew is a cloud security platform helping to prevent mistakes like that from happening. Bridgecrew integrates into developer workloads to automatically find infrastructure errors in cloud accounts, workloads, and infrastructure as code. Their platform also monitors code reviews and build pipelines to prevent errors from being deployed into production. If an error is found then Bridgecrew’s software reverts that code back to its last known correct state.
In today’s episode we talk with Guy Eisenkot, VP Product & Co-founder at Bridgecrew. Guy previously worked as a
Principal Product Manager at RSA Security and as a Product Manager at Fortscale before that. We discuss Infrastructure as code, devsecops, cloud security, software supply chain and composition analysis.

Sponsorship inquiries: sponsor@softwareengineeringdaily.com

 

Transcript

Transcript provided by We Edit Podcasts. Software Engineering Daily listeners can go to weeditpodcasts.com to get 15% off the first three months of audio editing and transcription services with code: SED. Thanks to We Edit Podcasts for partnering with SE Daily. Please click here to view this show’s transcript.

 


Sponsors

WorkOS is a developer platform to make your app enterprise-ready. With a few simple APIs, you can immediately add common enterprise features like Single Sign-On, SAML, SCIM user provisioning, and more. Developers will find beautiful docs and SDKs that make integration a breeze. WorkOS is kind of like “Stripe for enterprise features.” WorkOS powers apps like Webflow, Hopin, Vercel, and more than 100 others. The platform is rock solid, fully SOC-2 compliant, and ready for even the largest enterprise environments. So what are you waiting for? Integrate WorkOS today and make your app enterprise-ready. To learn more and get started, go to softwareengineeringdaily.com/workos

The last thing a developer wants to do is slow down. We like our drinks caffeinated, our tools integrated, and our security simple.

That’s where Snyk comes in. Snyk is a developer security platform that helps you secure your applications from the start. It automatically scans your code, dependencies, containers, and cloud infrastructure configs — finding and fixing vulnerabilities in real time.

And Snyk does it all right from the existing tools and workflows you already use. IDEs, CLI, repos, pipelines, Docker Hub, and more — so your work isn’t interrupted.

Start your free Snyk account at https://snyk.co/sedaily

Data engineers struggling with unreliable data rely on Monte Carlo, the world’s first end-to-end, fully automated Data Observability Platform! Monte Carlo enables data teams with visibility into the quality and reliability of their analytical data to maximize business impact. Start trusting your data with Monte Carlo today! Visit softwareengineeringdaily.com/montecarlodata to learn more.

Rookout is a developer-first observability platform that provides an unparalleled ability to collect any piece of data – including logs, traces, and metrics- from the deepest levels of live code in their production environments with the click of a button. Unlike traditional monitoring tools and APMs, which tend to focus on metrics that DevOps engineers and SREs care about on the infrastructure level, Rookout is built from the ground up for developers, who care more about the actual code and business logic of their applications. Try it at rookout.com today.