Checkov is a static code analysis tool for infrastructure-as-code that scans cloud infrastructure provisioned using Terraform, Terraform plan, Cloudformation, Kubernetes, Dockerfile, Serverless, or ARM Templates.
It detects security and compliance misconfigurations using graph-based scanning.
The open-source project also powers Bridgecrew, which is platform for codifying and streamlining cloud security throughout the development life cycle.
Checkov features over 1000 built-in policies that cover security and compliance best practices for AWS, Azure and Google Cloud. It supports context aware policies based on in-memory graph-based scanning.
The solution supports the Python format for attribute policies and YAML format for both attribute and composite policies, and detects AWS credentials in EC2 Userdata, Lambda environment variables and Terraform providers.
Checkov can be configured using a YAML configuration file.
Additional details on the project are available here.