Checkov
devsecops security-scanner
Security scanner for Infrastructure as Code
Pros and Cons
Ventajas
- + Wide IaC support (Terraform, K8s, CloudFormation)
- + 1000+ built-in policies
- + Open-source
- + Simple CI/CD integration
- + Custom policies in Python
Desventajas
- - Frequent false positives
- - Can be slow on large repos
- - Learning curve for custom policies
Casos de Uso
- IaC security scanning
- Compliance as Code
- Terraform security
- Kubernetes manifest validation