Friday, May 15, 2020

DevSecOps Static Code Analysis Tool - Checkov

Checkov:

              It help to scans cloud infrastructure provisioned using Terraform, Cloudformation or kubernetes and detects security and compliance misconfigurations.




Simple and open-source


Checkov is written in Python and provides a simple method to write and manage codified, version-controlled policies.

Features

  • 100+ built-in policies cover security and compliance best practices for AWS, Azure & Google Cloud.
  • Scans Terraform and AWS CloudFormation configurations.
  • Scans for AWS credentials in EC2 Userdata, Lambda environment variables and Terrafrom providers
  • Policies support evaluation of variables to their optional default value.
  • Supports in-line suppression of accepted risks or false-positives to reduce recurring scan failures. Also supports global skip from using CLI.
  • Output currently available as CLI, JSON or JUnit XML.



                                         Image Source : https://www.checkov.io/