Checkov

Checkov is a policy-as-code tool that scans cloud infrastructure configurations to detect misconfigurations before deployment.

Freemium

Web

#Infrastructure as Code Security Scanning

Overview

Checkov scans infrastructure as code files across multiple platforms like Terraform, CloudFormation, Kubernetes, and more to identify misconfigurations. It supports attribute-based and graph-based policies, integrates with CI/CD workflows, and allows custom policy creation.

Key Features

Multi-Platform IaC Scanning

Scans infrastructure as code configurations across Terraform, CloudFormation, Kubernetes, Helm, ARM Templates, Serverless framework, and AWS CDK.

Attribute-Based Policies

Uses Python-based policy-as-code framework to scan cloud resources for misconfigured attributes during build time.

Graph-Based Policies

Analyzes relationships between cloud resources with graph-based YAML policies to detect complex misconfigurations.

Key Features

Multi-Platform IaC Scanning

Scans infrastructure as code configurations across Terraform, CloudFormation, Kubernetes, Helm, ARM Templates, Serverless framework, and AWS CDK.

Attribute-Based Policies

Uses Python-based policy-as-code framework to scan cloud resources for misconfigured attributes during build time.

Graph-Based Policies

Analyzes relationships between cloud resources with graph-based YAML policies to detect complex misconfigurations.

How to Use

Install checkov

Download and install checkov via package managers like pip or use prebuilt binaries.

Scan Infrastructure Code

Run checkov CLI commands to scan repositories, folders, or individual IaC files for misconfigurations.

Review Scan Results

Examine the output for detected misconfigurations, vulnerabilities, and policy violations.

Integrate with CI/CD

Add checkov scanning commands into your CI/CD pipeline scripts to automate security checks on every build.

Create Custom Policies

Develop custom Python or YAML policies to enforce organization-specific security requirements.

Pricing

Pricing details are gathered from the official Checkov website and are provided for reference only. Always confirm the latest information directly with the vendor.

Plan	Price	Highlights
Free	0	Open source access to all scanning features Community support Custom policy creation
Enterprise	Contact Sales	Dedicated support and SLAs Advanced integrations and compliance features Custom onboarding and training

Found a change in pricing? We welcome corrections. Reach out so we can keep this listing accurate.

Pros & Cons

Pros

Supports a wide range of IaC frameworks and cloud providers for comprehensive scanning.
Open source with community contributions enabling extensibility and custom policies.
Integrates seamlessly into CI/CD pipelines for automated security checks.
Provides both attribute-based and graph-based policy analysis for thorough misconfiguration detection.
Allows live testing and modification of scan parameters in terminal for flexible usage.

Cons

No explicit pricing or enterprise plans detailed on the website.
Primarily command-line interface based, which may have a learning curve for non-developers.
Limited information on GUI or dashboard features for scan result visualization.
May require Python knowledge to create advanced custom policies.

Checkov

Overview

Featured Video

Key Features

Multi-Platform IaC Scanning

Attribute-Based Policies

Graph-Based Policies

Featured Video

Key Features

Multi-Platform IaC Scanning

Attribute-Based Policies

Graph-Based Policies

CI/CD Integration

Custom Policy Creation

Live Terminal Execution

Scan Credentials and Secrets

Extensible Integration Interface

Who It's For

How to Use

Install checkov

Scan Infrastructure Code

Review Scan Results

Integrate with CI/CD

Create Custom Policies

Pricing

Pros & Cons

Pros

Cons

Use Cases

Frequently Asked Questions

Alternatives

Ratings & reviews