LinuxCommandLibrary

checkov

Checkov is a static code analysis tool for Infrastructure as Code (IaC).

TLDR

Scan a directory containing IaC (Terraform, Cloudformation, ARM, Ansible, Bicep, Dockerfile, etc)

$ checkov --directory [path/to/directory]
copy


Scan an IaC file, omitting code blocks in the output
$ checkov --compact --file [path/to/file]
copy


List all checks for all IaC types
$ checkov --list
copy

Copied to clipboard