checkov
A static code analysis tool that scans infrastructure as code, container images, and open source packages for security misconfigurations and vulnerabilities.
What is checkov?
Checkov is an open-source static analysis tool that scans Infrastructure as Code (IaC) templates, container images, and open-source packages for security misconfigurations and vulnerabilities. It helps developers and DevOps teams identify risks in cloud resources and dependencies during the build phase, preventing insecure configurations from reaching production.
Cloud engineers, DevOps teams, security professionals, and platform engineers who manage infrastructure using Terraform, Kubernetes, CloudFormation, or similar IaC tools and need to enforce security and compliance policies.
Checkov provides a unified, extensible scanner for multiple IaC frameworks and SCA, with a large built-in policy library and graph-based analysis for accurate detection. It integrates seamlessly into CI/CD pipelines and offers both CLI and API-driven workflows.
Overview
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Use Cases
Best For
- Scanning Terraform plans for AWS, Azure, or GCP security misconfigurations
Related Projects
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
