Policy-as-code for everyone

Checkov scans cloud infrastructure configurations to find misconfigurations before they're deployed.

Checkov uses a common command line interface to manage and analyze infrastructure as code (IaC) scan results across platforms such as Terraform, CloudFormation, Kubernetes, Helm, ARM Templates and Serverless framework.

Get started

Supported clouds and frameworks

Verify changes to hundreds of supported resource types in all major cloud providers.

Checkov supports developers using Terraform, Terraform plan, CloudFormation, Kubernetes, ARM Templates, Serverless, Helm, and AWS CDK.

Fully-featured policy-as-code

Extensible integration interface

Prevent misconfigurations from being deployed by embedding it into existing developer workflows.

Checkov can be integrated with custom support for platforms, build processes, and release systems.

Contributing to Checkov

Checkov is built and maintained thanks to a network of supporters worldwide.