Checkov

This is part 4 of the Secure Terraform series. You can read the series of articles here: Secure Terraform - Part 1 - tfsec Secure Terraform - Part 2 - tfsec customization Secure Terraform - Part 3 - terrascan Secure Terraform - Part 4 - checkov Secure Terraform - Part 5 - terraform state Introduction # In this fourth installment of our Secure Terraform series, we’ll discuss Checkov, a powerful open-source static code analysis tool supported by Bridgecrew. Checkov supports Terraform, Kubernetes, Dockerfiles, AWS CloudFormation, and other Infrastructure as Code (IaC) frameworks. It focuses on security best practices, policy compliance, and industry standards. You can find Checkov’s documentation and samples at https://www.checkov.io/.