Powerful document editing and collaboration in your app or environment. Ultimate security, API and 30+ ready connectors, SaaS or on-premises Learn more →
Checkov Alternatives
Similar projects and alternatives to checkov
-
-
terrascan
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
-
ONLYOFFICE
ONLYOFFICE Docs — document collaboration in your environment. Powerful document editing and collaboration in your app or environment. Ultimate security, API and 30+ ready connectors, SaaS or on-premises
-
trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
-
terratest
Terratest is a Go library that makes it easier to write automated tests for your infrastructure code.
-
OPA (Open Policy Agent)
An open source, general-purpose policy engine.
-
tfsec
Security scanner for your Terraform code [Moved to: https://github.com/aquasecurity/tfsec] (by tfsec)
-
-
InfluxDB
Access the most powerful time series database as a service. Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression.
-
-
kics
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
-
terraform-docs
Generate documentation from Terraform modules in various output formats
-
pre-commit-terraform
pre-commit git hooks to take care of Terraform configurations 🇺🇦
-
terraform-security-scan
Run a security scan on your terraform with the very nice https://github.com/aquasecurity/tfsec
-
Pulumi
Pulumi - Infrastructure as Code in any programming language. Build infrastructure intuitively on any cloud using familiar languages 🚀
-
terragrunt
Terragrunt is a thin wrapper for Terraform that provides extra tools for working with multiple Terraform modules.
-
-
-
kube-bench
Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
-
-
-
-
Sonar
Write Clean Python Code. Always.. Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.
checkov reviews and mentions
-
Terraform Security Best Practices
We use https://www.checkov.io/ for this, it's very simple to get started with and works really well as PR quality gate
-
How long have you guys actually had the title “platform engineer”? What other titles did you have before that, if any?
Once there is a CI pipeline for delivering infra changes you can add static code analysis tools (checkov) and even start testing changes (terratest)
-
What are the best static analysis security testing tools for Terraform and infrastructure as code?
I just had a brief chat with one of the developers of Checkov and it sounds nice (and open source). I haven't had a chance to play with it, but if you want to it's at https://www.checkov.io/
-
Looking for a tool to enforce policies on terraform files names/content
You might be referring to checkov ? https://github.com/bridgecrewio/checkov
-
Continuous Delivery for the rest of us
Specifically, a pipeline should be run every time a pull request is opened, and it should check the code for errors and security bugs; you can use tools such as Checkov or similar.
- Breve guia de sobrevivência com Terraform
-
Securing the software supply chain in the cloud
Chekov – Scan for open-source and Infrastructure-as-Code vulnerabilities
-
SBOM with Checkov
Well, yes, Checkov is a quality scanner, but from some time already it is more than that! Let's see on the frameworks which can be scanned by Checkov:
-
Is OPA Gatekeeper the best solution for writing policies for k8s clusters?
We’ve been using https://www.checkov.io/ for terraform and will be using this for yaml and helm. Lots of policies out of the box.
-
A note from our sponsor - ONLYOFFICE
www.onlyoffice.com | 1 Jun 2023
Stats
bridgecrewio/checkov is an open source project licensed under Apache License 2.0 which is an OSI approved license.
The primary programming language of checkov is Python.