What is Checkov?
Checkov is a popular open source tool that scans cloud infrastructure configurations to find misconfigurations before they're deployed.
| Security Stage | Infrastructure-as-code security scanning |
| Type | Open Source |
| Languages |
Docker, CloudFormation, Kubernetes, Helm, Terraform, ARM Templates, Serverless, AWS CDK. |
| Site | https://www.checkov.io/ |
Pre-requisite
| 1 | You'll need a Git address to scan |
How do I set it up?
Adding Checkov to your set of security tests is simple.
- Click on the application you wish to add the tool for, and edit the version (stage) configuration.
- Ensure that the version's 'Git Address' is set to the Git URL of the repo being tested (either through the Uleska UI, or via the CLI/API). This will include the branch and auth details needed.
- Click Save.
- Create a new Toolkit (or edit an existing one) by following the Creating a Toolkit guide and selecting 'Checkov' as a tool.
- Click Save.
Now any time you click 'Test Now' and select your Toolkit that includes Checkov, or make a request over the Uleska API or CLI including that Toolkit, the Checkov tool will be included in the test run and any results added to your vulnerabilities list.
Notes
None