Checkov

Unclaimed

Infrastructure as code security

Infrastructure as Code Vulnerability Scanning Compliance

Visit Website

FreeVisit Website

TL;DR - Checkov

Free open-source infrastructure-as-code security scanner by Bridgecrew (Prisma Cloud)
1000+ built-in policies for Terraform, CloudFormation, Kubernetes, and Dockerfile
Graph-based scanning for CIS, NIST, HIPAA, GDPR compliance with CI/CD integration

Pricing: Free forever

Best for: Individuals & startups

Pros & Cons

Pros

IaC security scanning
Many frameworks
Open source
Policy as code
CI/CD integration

Cons

False positives
Learning curve
Output verbose
Custom policies complex
Documentation gaps

Key Features

IaC scanningPolicy as codeMulti-frameworkCI/CD integrationCustom policiesOpen source

Pricing Plans

Open Source

Free

750+ built-in policies
CIS, PCI, HIPAA compliance
Custom policies (Python/YAML)
CLI and VS Code extension
CI/CD integration
Free forever

Prisma Cloud

Contact sales

All open source features
Runtime scanning
Pull request annotations
Repository badges
Compliance reports
Enterprise support

View full pricing

About Checkov

By Toolradar Team·Updated Feb 24, 2026

Checkov is an open-source static analysis tool for infrastructure as code. Scan Terraform, CloudFormation, Kubernetes, and Dockerfiles for security and compliance issues. 1,000+ built-in policies cover common misconfigurations. Custom policies extend coverage to your organization's requirements. Integrates with CI/CD pipelines to prevent insecure infrastructure. Shift security left by catching issues before they reach production.

How we evaluate tools →Source: checkov.io