Prevent cloud misconfigurations during build time
Checkov is a static code analysis tool for infrastructure-as-code. It scans cloud infrastructure managed in Terraform, Cloudformation, Kubernetes, Arm templates or Serverless Framework and detects misconfigurations.
InstallCheckov is written in Python and provides a simple method to write and manage codified, version-controlled policies.
Features
Built-in policies cover security and compliance best practices for AWS, Azure & Google Cloud
Get your output in CLI, JSON or JUnit XML
Handles variables by building a dynamic code dependency graph
Supports in-line suppression for accepted risk
Simple and open-source
Install from pypi using pip
Select an input folder that contains your Terraform & Cloudformation files and run scans
Export results to a color-coded cli print
Integrate scans to your ci/cd pipelines
Install from pypi using pip
Select an input folder that contains your Terraform & Cloudformation files and run scans
Export results to a color-coded cli print
Integrate scans to your ci/cd pipelines