🗂️ Navigation
📁 Kubernetes & Containers
📋 Kubernetes Policy
🔧 Checkov

Checkov

Prevent cloud misconfigurations during build time.

Visit Website →

Overview

Checkov is an open-source static analysis tool for infrastructure as code. It scans cloud infrastructure provisioned by Terraform, CloudFormation, Kubernetes, ARM Templates, and other IaC frameworks to find misconfigurations before they are deployed. Checkov is maintained by Bridgecrew, which is part of Palo Alto Networks.

✨ Key Features

  • Scans for misconfigurations in IaC
  • Support for Terraform, CloudFormation, Kubernetes, and more
  • Over 750 built-in policies
  • Custom policy creation
  • Graph-based scanning for context-aware analysis
  • CI/CD integration

🎯 Key Differentiators

  • Broad support for different IaC frameworks
  • Graph-based scanning for deeper analysis
  • Large and active community

Unique Value: Scans a wide variety of IaC formats against a comprehensive set of policies to find and fix misconfigurations early in the development cycle.

🎯 Use Cases (4)

Scanning IaC for security misconfigurations Enforcing compliance and security policies in CI/CD Preventing cloud security issues before deployment Securing Kubernetes manifests and Helm charts

✅ Best For

  • Automated IaC scanning in developer workflows and CI pipelines

💡 Check With Vendor

Verify these considerations match your specific requirements:

  • Runtime policy enforcement or threat detection

🏆 Alternatives

Terrascan tfsec Kics

Offers broader IaC language support and a larger policy library compared to more narrowly focused tools like KubeLinter.

💻 Platforms

CLI API

✅ Offline Mode Available

🔌 Integrations

Jenkins GitLab CI/CD GitHub Actions Azure DevOps Terraform Cloud

💰 Pricing

Contact for pricing
Free Tier Available

Free tier: Fully open source and free.

Visit Checkov Website →

🔄 Similar Tools in Kubernetes Policy

Kyverno

A policy engine designed specifically for Kubernetes that uses simple YAML configurations to define ...

Contact

Open Policy Agent (OPA) / Gatekeeper

A general-purpose policy engine that can be used across the stack. Gatekeeper is its specialized Kub...

Contact

Styra Declarative Authorization Service (DAS)

An enterprise-grade control plane for Open Policy Agent (OPA) that provides a management and visibil...

Contact

Snyk

A developer-first security platform that helps you find and fix vulnerabilities in your code, open s...

$25.00/mo

Aqua Security

A comprehensive security platform for Kubernetes, offering runtime protection, vulnerability scannin...

Contact

Polaris

An open-source tool that runs a variety of checks to ensure that Kubernetes pods and controllers are...

Contact