Palo Alto Networks has agreed to buy “infrastructure as code” (IaC) specialist Bridgecrew for $156 million, promising today that it would keep investing on Bridgecrew’s open source initiatives — the latter’s free code scanner Checkov surpassed one million downloads in its first year of availability in 2020. (The static code analysis tool scans cloud infrastructure provisioned using Terraform, Cloudformation, Kubernetes, Serverless or ARM Templates to detect security and compliance misconfigurations.)
The startup was only founded in early 2019 and has raised just over $18 million in a seed and Series A round. The buyout emphasises a growing focus — heightened in recent weeks after several upstream software supply chain security breaches — on ensuring software builds are secure as early in the development process as possible (a trend dubbed “shift left”).
The buyout will allow Palo Alto Networks a “single platform that will deliver cloud security from build time to runtime” it claimed in a press release today. Palo Alto Networks’ Chief Product Officer Lee Klarich noted separately: “Bridgecrew, who pioneered a developer-first approach to secure IaC, have built a cloud security product for developer and DevOps teams that makes it really easy to identify and fix issues as early in the development process as possible – hence the term “shift left.”
See also: Security researcher hacks Apple, Google, Microsoft, after compromising upstream software packages.
“By fixing the issues at their source, the IaC template is secured before it is deployed to hundreds of workloads, resulting in a massive reduction in security alerts… We believe that cloud security will need to integrate across the entire application lifecycle, and that the integration of build time and runtime security has to strengthen… the number of developers rapidly pushing code into the cloud outnumbers the security professionals tasked with monitoring these changes for security issues by 10 to 1.
“As security teams mature their runtime security practices, this puts back-pressure on the developers to fix issues found after deploying to production. The imbalance not only risks delays in application deployments, but also results in security missteps at the application development stage that may leave clouds exposed for attack and can be much more costly to fix when found after product release.”
Bridgecrew co-founders, Idan Tendler, Barak Schoster and Guy Eisenkot, and their teams will join Palo Alto Networks. Users will no doubt worry that Checkov is about to be either abandoned or more aggressively monetised. Palo Alto Networks said it will “continue to invest in Bridgecrew’s open-source initiatives as part of its ongoing commitment to DevOps security”.
“We have dedicated ourselves to building developer-first tools that bridge the gap between developers and cloud security. By joining Palo Alto Networks, we will be able to bring codified cloud security to the developer community on a wider scale. We look forward to working together to continue shifting cloud security left”, Tendler said.