Checkov

Pro Plan Feature

This feature is available exclusively as part of the Pro plan and is not included in the Lite plan. Please refer to our pricing page for more information about our plans and features.

Checkov is a static code analysis tool for scanning Infrastructure as Code (IaC) files for misconfigurations.

Files

Checkov will run on files with the following files and extensions:

• .tf
• .yml
• .yaml
• .json
• .template
• .bicep
• .hcl
• bower.json
• build.gradle
• build.gradle.kts
• go.sum
• gradle.properties
• METADATA
• npm-shrinkwrap.json
• package.json
• package-lock.json
• pom.xml
• requirements.txt
• Dockerfile
• .dockerfile
• Dockerfile.*
• .csproj
• yarn.lock
• Gemfile
• Gemfile.lock
• go.mod
• paket.dependencies
• paket.lock
• packages.config
• composer.json
• composer.lock

Configuration

CodeRabbit will include on the following severity levels based on the profile selected:

Chill

• HIGH
• CRITICAL

Assertive

• MEDIUM
• HIGH
• CRITICAL

Links

• Checkov All Resource Scans