Checkov Logo

Checkov

0
Free
Visit Website

Checkov is a static code analysis tool for infrastructure as code (IaC) and software composition analysis (SCA). It scans cloud infrastructure provisioned using various tools like Terraform, Cloudformation, Kubernetes, Dockerfile, and more to detect security and compliance misconfigurations. It also performs Software Composition Analysis (SCA) scanning for open source packages and images to identify Common Vulnerabilities and Exposures (CVEs). Checkov powers Prisma Cloud Application Security, a platform that streamlines cloud security throughout the development lifecycle by identifying, fixing, and preventing misconfigurations in cloud resources and infrastructure-as-code files.

FEATURES

ALTERNATIVES

An API security platform that combines discovery, compliance monitoring, and protection capabilities to defend against API attacks, automated threats, and data exposure.

A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

A deliberately vulnerable modern day app with lots of DOM related bugs

An agentless API security platform that discovers, tests, and secures APIs through source code analysis without requiring traffic monitoring.

Veracode is an intelligent software security platform that helps developers and security teams secure code, find and fix flaws, and automate remediation.

SearchCode is an extensive code search engine that indexes 75 billion lines of code from millions of projects to help developers find coding examples and libraries.

A fake Django admin login screen to detect and notify admins of attempted unauthorized access

App-Ray offers comprehensive security analysis and compliance solutions for mobile applications.