Wednesday, April 16, 2025

What is Checkov? | How to install Checkov on Linux Ubuntu to scan Terraform Code for finding security issues?

Checkov is an open source, static code analysis tool designed to scan Infrastructure as Code (IaC) files and identify potential security and compliance misconfigurations. 

Supported IaC types:

Checkov scans following IaC file types:

  • Terraform (for AWS, GCP, Azure and OCI)
  • CloudFormation (including AWS SAM)
  • Azure Resource Manager (ARM)
  • Serverless framework
  • Helm charts
  • Kubernetes
  • Docker

Here's a breakdown of Checkov tutorials

Getting Started and Basic Usage:

  • Installation: Checkov can be installed using pip, brew, or Docker. For example, using pip:
          sudo apt install python3-pip -y
              sudo pip3 install checkov
    • Basic Scanning: To scan a single file or a directory, use the -f (file) or -d (directory) flags:
      checkov -f main.tf
      checkov -d /path/to/your/iac/code
    • Output: Checkov provides a detailed output of passed and failed checks, including the check ID, description, the resource and file location, and a link to more information about the policy
    • Specifying Frameworks: You can specify the IaC framework to scan using the --framework flag:
             checkov -d /path/to/kubernetes/manifests --framework kubernetes
             checkov -f eks-deploy-k8s.yaml
    • Output Formats: Checkov supports various output formats using the --output flag, such as cli (default), jsonjunitxml, and sarif. For e.g, for JSON output format, use below command:
              checkov -d . --output json


    No comments:

    Post a Comment

    Master DevSecOps and Multi Cloud Computing Course by Coach AK | DevSecOps and Cloud Computing Online Classes

       🚀DevSecOps Bootcamp - Master Security in DevOps | Aug 2025 Are you ready to  supercharge your career  in  DevSecOps ? Whether you're...