Checkov Documentation

Checkov is a static code analysis tool for infrastructure-as-code.

Checkov is written in Python and aims to simplify and increase the adoption of security and compliance best practices that prevent common cloud misconfigurations. Its scans adhere and implement common industry standards such as the Center for Internet Security (CIS) Amazon Web Services (AWS) Foundations Benchmark.

See how to install and get Checkov up and running.

Next learn how to customize and add policies.

Last, Checkov supports export to JUnitXML format that enables simple integration to CI/CD pipelines. Read more about here