Skip to main content
Checkov is a static code analysis tool for scanning Infrastructure as Code (IaC) files for misconfigurations.

โ€‹
Files

Checkov will run on files with the following files and extensions:
  • .tf
  • .yml
  • .yaml
  • .json
  • .template
  • .bicep
  • .hcl
  • bower.json
  • build.gradle
  • build.gradle.kts
  • go.sum
  • gradle.properties
  • METADATA
  • npm-shrinkwrap.json
  • package.json
  • package-lock.json
  • pom.xml
  • requirements.txt
  • Dockerfile
  • .dockerfile
  • Dockerfile.*
  • .csproj
  • yarn.lock
  • Gemfile
  • Gemfile.lock
  • go.mod
  • paket.dependencies
  • paket.lock
  • packages.config
  • composer.json
  • composer.lock

โ€‹
Configuration

CodeRabbit will include on the following severity levels based on the profile selected:

โ€‹
Chill

  • HIGH
  • CRITICAL

โ€‹
Assertive

  • MEDIUM
  • HIGH
  • CRITICAL

โ€‹
When we skip Checkov

CodeRabbit will skip running Checkov when:
  • Checkov is already running in GitHub workflows.