Checkov

Checkov is an open-source static code analysis tool designed to scan infrastructure as code (IaC) files, container images, open-source packages, and CI/CD pipeline configurations for security misconfigurations, vulnerabilities, and compliance violations across platforms including Terraform, CloudFormation, Kubernetes, Helm, ARM Templates, Dockerfile, and Serverless frameworks. The tool leverages over 750 built-in policies aligned with industry standards such as CIS Benchmarks, PCI-DSS, HIPAA, and AWS Foundational Security Best Practices, while supporting custom policy creation and graph-based scanning to analyze resource relationships and dependencies for comprehensive security assessment.