Feature Descriptions

With Checkov you can:

• Run a variety of scan types
• Enable Checkov to run as part of your CI/CD workflow
• Create and contribute custom Checkov policies

Running Checkov

With Checkov you can scan a repository, branch, folder, or a single file with attribute-based misconfigurations or connection state errors. See CLI Command Reference.

When running Checkov, you can also:

• Review scan results
• Suppress or skip
• Scan credentials and secrets
• Scan Kubernetes clusters
• Scan Terraform plan output and 3rd party modules

Integrating with CI/CD

In addition to integrating with your code repository, Checkov can also integrate with your automated build pipeline via CI/CD providers. When your build tests run, Checkov will scan your infrastructure as code files for misconfigurations and you can review the output directly in your CI pipeline.

• Integrate with Jenkins
• Integrate with Bitbucket Cloud Pipelines
• Integrate with Github Actions
• Integrate with Gitlab CI

Custom Policies

• Create custom Python attribute policies
• Create custom YAML attribute and composite policies
• Custom policy examples
• Share custom policies across repos