Skip to content
Toolradar
Checkov logo

Checkov

UnclaimedEditor reviewed

Infrastructure as code security

Infrastructure as CodeVulnerability ScanningCompliance
Visit Website

TL;DR - Checkov

  • Free open-source infrastructure-as-code security scanner by Bridgecrew (Prisma Cloud)
  • 1000+ built-in policies for Terraform, CloudFormation, Kubernetes, and Dockerfile
  • Graph-based scanning for CIS, NIST, HIPAA, GDPR compliance with CI/CD integration
Pricing: Free forever
Best for: Individuals & startups

Pros & Cons

Pros

  • IaC security scanning
  • Many frameworks
  • Open source
  • Policy as code
  • CI/CD integration

Cons

  • False positives
  • Learning curve
  • Output verbose
  • Custom policies complex
  • Documentation gaps

Key Features

IaC scanningPolicy as codeMulti-frameworkCI/CD integrationCustom policiesOpen source

Pricing Plans

Open Source

Free

  • 750+ built-in policies
  • CIS, PCI, HIPAA compliance
  • Custom policies (Python/YAML)
  • CLI and VS Code extension
  • CI/CD integration
  • Free forever

Prisma Cloud

Contact sales

  • All open source features
  • Runtime scanning
  • Pull request annotations
  • Repository badges
  • Compliance reports
  • Enterprise support
Calculate your costView full pricing

What is Checkov?

Editorial review
Checkov is an open-source static analysis tool for infrastructure as code. Scan Terraform, CloudFormation, Kubernetes, and Dockerfiles for security and compliance issues. 1,000+ built-in policies cover common misconfigurations. Custom policies extend coverage to your organization's requirements. Integrates with CI/CD pipelines to prevent insecure infrastructure. Shift security left by catching issues before they reach production.
how we evaluateSourcecheckov.io

Reviews

Be the first to review Checkov

Your take helps the next buyer. Verified LinkedIn reviewers get a badge.

Write a review

Best Checkov Alternatives

Top alternatives based on features, pricing, and user needs.

tfsec logo
tfsecFree

Security scanner for your Terraform code.

ScoutSuite logo
ScoutSuiteFree

Open-source multi-cloud security auditing tool for posture assessment.

See all Infrastructure as Code tools →

Explore More

Best Infrastructure as Code ToolsBest Vulnerability Scanning ToolsBest Compliance ToolsBest Free Infrastructure as CodeBest Free Vulnerability ScanningBest Free Compliance

Checkov FAQ

What is Checkov?

Checkov scans infrastructure as code (Terraform, CloudFormation, Kubernetes, etc.) for security misconfigurations before deployment.

Is Checkov free?

Yes, Checkov is completely free and open-source under the Apache 2.0 license, developed by Bridgecrew/Palo Alto.

What IaC does Checkov support?

Checkov supports Terraform, CloudFormation, Kubernetes, Helm, ARM templates, Serverless Framework, and more.

Source: checkov.io