Checkov

Checkov is a static code analysis tool for scanning Infrastructure as Code (IaC) files for misconfigurations.

Files

Checkov will run on files with the following files and extensions:

• .tf
• .yml
• .yaml
• .json
• .template
• .bicep
• .hcl
• bower.json
• build.gradle
• build.gradle.kts
• go.sum
• gradle.properties
• METADATA
• npm-shrinkwrap.json
• package.json
• package-lock.json
• pom.xml
• requirements.txt
• Dockerfile
• .dockerfile
• Dockerfile.*
• .csproj
• yarn.lock
• Gemfile
• Gemfile.lock
• go.mod
• paket.dependencies
• paket.lock
• packages.config
• composer.json
• composer.lock

Configuration

CodeRabbit will include on the following severity levels based on the profile selected:

Chill

• HIGH
• CRITICAL

Assertive

• MEDIUM
• HIGH
• CRITICAL

Links

• Checkov All Resource Scans