Barak Schoster is the CEO of BridgeCrew, a cloud security platform that was just acquired by Palo Alto Networks. He’s also the maintainer of Checkov, a popular static code analysis tool for infrastructure-as-code.
In this episode, we discuss both aspects - the experience running a DevOps company and a popular open-source tool.
1:40 - The story and history of BridgeCrew.
9:30 - Why should engineers run both Checkov and BridgeCrew checks in their infrastructure? In other words - why is static analysis of infrastructure config files not enough?
15:00 - The BridgeCrew VSCode plugin
17:00 - The community response towards Checkov (it’s grown from 50 checks to over 500 checks in one year)
20:00 - The software design behind Checkov made it easy for the community to contribute. Awareness of good software design principles is important, but also responsiveness to community needs - for example, Barak helped out with a refactoring effort to make additional cloud providers (like GCP) easier to check for
25:00 - Fostering an open-source community to ensure inclusivity
30:00 - Future of security in software organizations - the simplification that’s bound to happen
34:30 - Advice for founders of DevOps companies