Checkov 2.0 GA
April 12, 2021
Alto Networks introduced the second
generation of Checkov, the
market-leading static analysis tool
for infrastructure as code (IaC).
The open-source project was created
by Bridgecrew, which was acquired by
Palo Alto Networks in March 2021.
Checkov has exploded in popularity
since its initial launch in 2019,
helping developers identify
misconfigurations in IaC frameworks
such as Terraform, CloudFormation,
Kubernetes, Azure Resource Manager
(ARM) and Serverless Framework. With
Checkov 2.0, developers can now scan
for cloud misconfigurations in
environments with complex
dependencies across resources and
Built using NetworkX, the popular Python package for analysis of complex networks.
Dockerfile misconfiguration scanning secures container build tasks in continuous integration (CI) workflows.
Graph-based mapping enables scanning of complex inventory and configuration errors that require parsing and storing data with their full contextualized relationships intact.
Checkov 2.0 includes over 200 new policies and a Dockerfile scanner that help ensure container images are built securely, without misconfigurations. According to Unit 42's most recent Cloud Threat Report, 51% of Docker containers use insecure defaults. Checkov 2.0 identifies these concerns directly within the developer's integrated development environment (IDE) via the recently released VS Code extension, making it easy to quickly patch and build more secure applications in Kubernetes and other containerized environments.