It help to scans cloud infrastructure provisioned using Terraform, Cloudformation or kubernetes and detects security and compliance misconfigurations.
Simple and open-source
Checkov is written in Python and provides a simple method to write and manage codified, version-controlled policies.
Features
- 100+ built-in policies cover security and compliance best practices for AWS, Azure & Google Cloud.
- Scans Terraform and AWS CloudFormation configurations.
- Scans for AWS credentials in EC2 Userdata, Lambda environment variables and Terrafrom providers
- Policies support evaluation of variables to their optional default value.
- Supports in-line suppression of accepted risks or false-positives to reduce recurring scan failures. Also supports global skip from using CLI.
- Output currently available as CLI, JSON or JUnit XML.
Download Link : https://github.com/bridgecrewio/checkov/
Documentation : https://www.checkov.io/documentation