Barak Schoster is the CEO of BridgeCrew, a cloud security platform that was just acquired by Palo Alto Networks. He’s also the maintainer of Checkov, a popular static code analysis tool for infrastructure-as-code.

In this episode, we discuss both aspects - the experience running a DevOps company and a popular open-source tool.

Apple Podcasts | Spotify | Google Podcasts

Highlights

1:40 - The story and history of BridgeCrew.

9:30 - Why should engineers run both Checkov and BridgeCrew checks in their infrastructure? In other words - why is static analysis of infrastructure config files not enough?

15:00 - The BridgeCrew VSCode plugin

17:00 - The community response towards Checkov (it’s grown from 50 checks to over 500 checks in one year)

20:00 - The software design behind Checkov made it easy for the community to contribute. Awareness of good software design principles is important, but also responsiveness to community needs - for example, Barak helped out with a refactoring effort to make additional cloud providers (like GCP) easier to check for

25:00 - Fostering an open-source community to ensure inclusivity

30:00 - Future of security in software organizations - the simplification that’s bound to happen

34:30 - Advice for founders of DevOps companies

This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.softwareatscale.dev