Powerful document editing and collaboration in your app or environment. Ultimate security, API and 30+ ready connectors, SaaS or on-premises Learn more →
Checkov Alternatives
Similar projects and alternatives to checkov
-
-
terrascan
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
-
ONLYOFFICE
ONLYOFFICE Docs — document collaboration in your environment. Powerful document editing and collaboration in your app or environment. Ultimate security, API and 30+ ready connectors, SaaS or on-premises
-
trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
-
terratest
Terratest is a Go library that makes it easier to write automated tests for your infrastructure code.
-
OPA (Open Policy Agent)
An open source, general-purpose policy engine.
-
tfsec
Security scanner for your Terraform code [Moved to: https://github.com/aquasecurity/tfsec] (by tfsec)
-
-
InfluxDB
Access the most powerful time series database as a service. Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression.
-
-
kics
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
-
terraform-docs
Generate documentation from Terraform modules in various output formats
-
pre-commit-terraform
pre-commit git hooks to take care of Terraform configurations 🇺🇦
-
terraform-security-scan
Run a security scan on your terraform with the very nice https://github.com/aquasecurity/tfsec
-
Pulumi
Pulumi - Infrastructure as Code in any programming language. Build infrastructure intuitively on any cloud using familiar languages 🚀
-
terragrunt
Terragrunt is a thin wrapper for Terraform that provides extra tools for working with multiple Terraform modules.
-
-
-
kube-bench
Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
-
-
-
-
Sonar
Write Clean Python Code. Always.. Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.
NOTE:
The number of mentions on this list indicates mentions on common posts plus user suggested alternatives.
Hence, a higher number means a better checkov alternative or higher similarity.
checkov reviews and mentions
Posts with mentions or reviews of checkov.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-03-21.
-
Terraform Security Best Practices
We use https://www.checkov.io/ for this, it's very simple to get started with and works really well as PR quality gate
-
How long have you guys actually had the title “platform engineer”? What other titles did you have before that, if any?
Once there is a CI pipeline for delivering infra changes you can add static code analysis tools (checkov) and even start testing changes (terratest)
-
What are the best static analysis security testing tools for Terraform and infrastructure as code?
I just had a brief chat with one of the developers of Checkov and it sounds nice (and open source). I haven't had a chance to play with it, but if you want to it's at https://www.checkov.io/
-
Looking for a tool to enforce policies on terraform files names/content
You might be referring to checkov ? https://github.com/bridgecrewio/checkov
-
Continuous Delivery for the rest of us
Specifically, a pipeline should be run every time a pull request is opened, and it should check the code for errors and security bugs; you can use tools such as Checkov or similar.
- Breve guia de sobrevivência com Terraform
-
Securing the software supply chain in the cloud
Chekov – Scan for open-source and Infrastructure-as-Code vulnerabilities
-
SBOM with Checkov
Well, yes, Checkov is a quality scanner, but from some time already it is more than that! Let's see on the frameworks which can be scanned by Checkov:
-
Is OPA Gatekeeper the best solution for writing policies for k8s clusters?
We’ve been using https://www.checkov.io/ for terraform and will be using this for yaml and helm. Lots of policies out of the box.
-
A note from our sponsor - ONLYOFFICE
www.onlyoffice.com | 1 Jun 2023
Stats
Basic checkov repo stats
48
5,594
10.0
4 days ago
bridgecrewio/checkov is an open source project licensed under Apache License 2.0 which is an OSI approved license.
The primary programming language of checkov is Python.
Write Clean Python Code. Always.
Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.
www.sonarsource.com