Policy-as-code for everyone
Checkov scans cloud infrastructure configurations to find misconfigurations before they're deployed.
Checkov uses a common command line interface to manage and analyze infrastructure as code (IaC) scan results across platforms such as Terraform, CloudFormation, Kubernetes, Helm, ARM Templates and Serverless framework.
Get started
Supported clouds and frameworks
Verify changes to hundreds of supported resource types in all major cloud providers.
Checkov supports developers using Terraform, Terraform plan, CloudFormation, Kubernetes, ARM Templates, Serverless, Helm, and AWS CDK.
Fully-featured policy-as-code
-
Attribute-based policies
Scan cloud resources in build-time for misconfigured attributes with a simple Python policy-as-code framework.
-
Graph-based policies
Analyze relationships between cloud resources using Checkov’s graph-based YAML policies.
-
Live Terminal Execution
Execute, test, and modify runner parameters in the context of a subject repository CI/CD and version control integrations.
-
Extensible policy management interfaces
Extend Checkov to define your own custom policies, providers, and suppressions terms.
Extensible integration interface
Prevent misconfigurations from being deployed by embedding it into existing developer workflows.
Checkov can be integrated with custom support for platforms, build processes, and release systems.
Contributing to Checkov
Checkov is built and maintained thanks to a network of supporters worldwide.