Infrastructure as code static analysis
Project description
Checkov
Table of contents
Description
Checkov is a static code analysis tool for infrastructure-as-code. It scans cloud infrastructure provisioned using Terraform and detects security and compliance misconfigurations.
Checkov is written in Python and provides a simple method to write and manage policies. It follows the CIS Foundations benchmarks where applicable.
Features
- 40+ built-in policies cover security and compliance best practices for AWS, Azure & Google Cloud.
- Policies support variable scanning by building a dynamic code dependency graph (coming soon).
- Supports in-line suppression of accepted risks or false-positives to reduce recurring scan failures.
- Output currently available as CLI, JSON or JUnit XML.
Screenshots
Scan results in CLI
Scheduled scan result in Jenkins
Getting started
Start using Checkov by reading the Getting Started page.
Alternatives
For Terraform compliance scanners check out tfsec, Terrascan and Terraform AWS Secure Baseline.
For CloudFormation scanning check out cfripper and cfn_nag.
Support
Bridgecrew builds and maintains Checkov to make policy-as-code simple and accessible.
Start with our Documentation for a quick tutorial and examples.
If you need support contact us at support@bridgecrew.io or open a ticket.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.