Policy-as-code for everyone

Checkov scans cloud infrastructure configurations to find misconfigurations before they're deployed.

Checkov uses a common command line interface to manage and analyze infrastructure as code (IaC) scan results across platforms such as Terraform, CloudFormation, Kubernetes, Helm, ARM Templates and Serverless framework.

Get started
Introducing Checkov 2.0! Read about the biggest update to Checkov on our blog.

Supported clouds and frameworks

Verify changes to hundreds of supported resource types in all major cloud providers.

Checkov supports developers using Terraform, Terraform plan, CloudFormation, Kubernetes, ARM Templates, Serverless, Helm, and AWS CDK.

Learn More

Fully-featured policy-as-code

  • Attribute-based policies

    Scan cloud resources in build-time for misconfigured attributes with a simple Python policy-as-code framework.

  • Graph-based policies

    Analyze relationships between cloud resources using Checkov’s graph-based YAML policies.

  • Live Terminal Execution

    Execute, test, and modify runner parameters in the context of a subject repository CI/CD and version control integrations.

  • Extensible policy management interfaces

    Extend Checkov to define your own custom policies, providers, and suppressions terms.

  • Checkov CLI screenshot
  • Checkov CLI screenshot
  • Checkov CLI screenshot

Extensible integration interface

Prevent misconfigurations from being deployed by embedding it into existing developer workflows.

Checkov can be integrated with custom support for platforms, build processes, and release systems.

Learn More

Contributing to Checkov

Checkov is built and maintained thanks to a network of supporters worldwide.

Developer guide

Learn more

Contributing a new check

Learn more

Contributing a new provider

Learn more