Tools/bridgecrewio/checkov

checkov

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

8.8kemergingPythonApache License 2.0

The Lens

Checkov scans your infrastructure-as-code for security and compliance problems before you deploy it. Terraform, CloudFormation, Kubernetes manifests, Helm, ARM, and more get checked against thousands of built-in policies: open ports, missing encryption, over-broad IAM. It's open source and free, and it runs in seconds.

It's a Python tool you run locally or in CI, and it fails the build when a check trips. The policy library is huge out of the box, and you can write custom policies in Python or YAML. Because it catches misconfigurations at the code stage, you fix them in a pull request instead of discovering them live in production.

Checkov is free. Bridgecrew, now part of Palo Alto's Prisma Cloud, is the commercial platform built around it, adding a dashboard, drift detection, and org-wide policy management. Solo and small teams, the CLI in CI is the whole value. Larger orgs already on Prisma Cloud get Checkov folded into the paid platform.

The catch: thousands of policies means a real signal-to-noise problem on day one. A mature Terraform repo can light up with hundreds of findings, many of them things you've consciously accepted. Budget time to tune the ruleset and suppress what doesn't apply, or your team learns to ignore the whole thing.

Free vs Self-Hosted vs Paid

free self hosted paid cloud

Self-hosted (free): Checkov under Apache-2.0, a Python tool scanning Terraform, CloudFormation, Kubernetes, Helm, ARM, and more against thousands of built-in policies. Custom policies in Python or YAML. Runs locally or in CI.

Prisma Cloud (paid): Bridgecrew, now part of Palo Alto's Prisma Cloud, adds a dashboard, drift detection, and org-wide policy management.

The call: The CLI in CI is the whole value for most teams. The platform matters for orgs already standardized on Prisma Cloud.

Free and open source. Prisma Cloud (Palo Alto, formerly Bridgecrew) is the paid platform built around it.

Self-hosting ops:trivial

Get tools like this every Wednesday

One featured tool, three on the radar. No fluff.

Similar Tools

Score
63/100 · B
Adoption23/30
Maintenance10/25
Community5/20
License15/15
Analysis10/10

About

Owner
PANW AppSec (Organization)
Stars
8,840
Forks
1,359

Explore Further

More tools in the directory