8/12 free views

Tool

CLI

Cloud Security

checkov

by bridgecrewio

8.2Kstars

1.3Kforks

54watchers

Updated 5 months ago

About

Checkov is a static code analysis tool that prevents cloud misconfigurations and identifies vulnerabilities in infrastructure as code and container images.

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

Primary Use Case

Checkov is primarily used by developers and DevOps teams to scan their infrastructure as code (IaC) for security and compliance misconfigurations before deployment. It integrates seamlessly into CI/CD pipelines to ensure that vulnerabilities are detected early in the development lifecycle.

Key Features

Scans multiple IaC formats including Terraform, CloudFormation, and Kubernetes
Performs Software Composition Analysis (SCA) for open source packages and images
Detects security and compliance misconfigurations using graph-based scanning
Integrates with Prisma Cloud for enhanced security capabilities
Provides detailed reports on vulnerabilities and misconfigurations
Supports a variety of tool types including CLI and library

Installation

Install Checkov using pip: pip install checkov
For Docker users, pull the image: docker pull bridgecrew/checkov

Usage

>_ checkov -f <path_to_file>

Scans the specified file for security misconfigurations.

>_ checkov --directory <path_to_directory>

Scans all files in the specified directory.

Security Frameworks

Initial Access

Discovery

Defense Evasion

Credential Access

Persistence

Usage Insights

Can be chained with Metasploit for automated exploitation
Useful for continuous security monitoring in CI/CD pipelines
Integrate with Jenkins for automated security checks
Leverage graph-based scanning for advanced threat modeling
Utilize in conjunction with Terraform to ensure secure IaC deployments

Docs Take 2 Hours. AI Takes 10 Seconds.

Ask anything about checkov. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.

3 free chats per tool • Instant responses • No credit card

Security Profile

Red Team80%

Blue Team30%

Purple Team50%

Details

LicenseApache License 2.0

LanguagePython

Open Issues2023

Topics

terraform

static-analysis

aws

gcp

azure

aws-security

cloudformation

scans

compliance

kubernetes

Related Tools

ProxmoxVE

community-scripts/ProxmoxVE

Proxmox VE Helper-Scripts (Community Edition)

prowler

prowler-cloud/prowler

Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.

about 1 month ago

aws-cdk

aws/aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code

my-arsenal-of-aws-security-tools icon

my-arsenal-of-aws-security-tools

toniblyx/my-arsenal-of-aws-security-tools

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

keda

kedacore/keda

KEDA is a Kubernetes-based Event Driven Autoscaling component. It provides event driven scale for any container running in Kubernetes

DevOps-Guide icon

DevOps-Guide

Tikam02/DevOps-Guide

DevOps Guide - Development to Production all configurations with basic notes to debug efficiently.