Match the project to your task before installing it.
Software Development & Delivery · Public
checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Best fitUsers who want source-backed project understanding before installing it.
Check whether this project matches your task before installing it.
What it can doPortable AI capability assetReview the portable capability path.
Before continuingVerify in a sandboxDo not treat a preview pack as a proven local install.
GitHub snapshot8.8k stars1.4k forks · 441 contributors
Doramagic.ai Last verification date: 2026-06-21 Verification method: source evidence, semantic profile, public page gate, and static build acceptance.
Publication status · 2026-06-21
What is checkov?
- Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
- Best fit: Users who want source-backed project understanding before installing it.
- Not for: Not for users who want to skip sandbox verification or cannot accept configuration, permission, or maintenance overhead.
- Capability added to an AI workflow: Portable AI capability asset
- First safe verification step: Verify the smallest path in an isolated environment and keep a rollback path.
- Verification state: source, Quick Start, and sandbox install checks are recorded as passed.
- Top risk: May increase setup, validation, or first-run risk for the user.
- Evidence base: https://github.com/bridgecrewio/checkov, https://github.com/bridgecrewio/checkov#readme, Human Manual, Pitfall Log
01
Quick decision
Use this section to decide whether the project is worth a deeper read.Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
8.8k stars · 1.4k forks
02
What it can do
Translate the upstream project into concrete capabilities the user can judge before installing.Overview and Core Architecture
Related topics: Supported IaC, Pipeline, and SCA Frameworks, Configuration, Custom Policies, and Output Formats
Source: https://github.com/bridgecrewio/checkov / Human Manual
Supported IaC, Pipeline, and SCA Frameworks
Related topics: Overview and Core Architecture, Configuration, Custom Policies, and Output Formats
Source: https://github.com/bridgecrewio/checkov / Human Manual
Configuration, Custom Policies, and Output Formats
Related topics: Overview and Core Architecture, Supported IaC, Pipeline, and SCA Frameworks
Source: https://github.com/bridgecrewio/checkov / Human Manual
Known Issues, False Positives, and Community Workarounds
Related topics: Supported IaC, Pipeline, and SCA Frameworks, Configuration, Custom Policies, and Output Formats
Source: https://github.com/bridgecrewio/checkov / Human Manual
Doramagic Pitfall Log
Source-linked risks stay visible on the manual page so the preview does not read like a recommendation.
Source: Doramagic discovery, validation, and Project Pack records
Sources: https://github.com/bridgecrewio/checkov, Human Manual, Project Pack evidence, and downstream validation signals.
03
Community Discussion Evidence
Project-level external discussion stays visible on the detail page, not only inside the manual.Community Discussion Evidence
12 source-linked itemsReview these external discussions before using checkov with real data or production workflows. They are review inputs, not standalone proof that the project is production-ready.
-
01
update Python module packaging
github / github_issue
-
02
Security: Multiple CVEs in Dependencies (urllib3, asteval, ply) - Checko
github / github_issue
-
03
GCS Bucket Logging Checks with Undetermined Value
github / github_issue
-
04
CKV_GCP_123 triggers even if remove_default_node_pool is set
github / github_issue
-
05
CKV_AWS_86 only validates v1 logging, not v2
github / github_issue
-
06
feat(general): Add warnings when API-dependent parameters are used witho
github / github_issue
-
07
Bicep: Missing parser support for `extension` keyword
github / github_issue
-
08
Expose variables from terraform plan
github / github_issue
-
09
Bicep / ARM support expectations are misleading for real-world Azure usa
github / github_issue
-
10
Discrepancy Between Homebrew vs pip Installations: CKV2 Checks Not Runni
github / github_issue
-
11
Kubernetes manifests with ${VAR} placeholders are silently skipped
github / github_issue
-
12
CKV_GCP_93 false positive when using multi-key configuration
github / github_issue
04
How to start
Only source-backed commands are shown here. Verify them in an isolated environment first.Try the prompt first
Test the workflow without installing the upstream project.
previewRead the Human Manual
Understand inputs, outputs, limits, and failure modes.
manualTake context to your AI host
Use the compiled assets in your preferred AI environment.
contextRun sandbox verification
Confirm install commands and rollback before using a primary environment.
verifypip install checkovOfficial start command · https://github.com/bridgecrewio/checkov#readme · verified: yes
05
Human Manual
The English page must expose the real manual, not a short placeholder.8+ sections · Human Manual
checkov Manual
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Open the full manual- https://github.com/bridgecrewio/checkov Project Manual
- Table of Contents
- Overview and Core Architecture
- Related Pages
- Purpose and Scope
- High-Level Architecture
- Terraform Module Loading Subsystem
- RegistryLoader
Overview and Core Architecture
Related topics: Supported IaC, Pipeline, and SCA Frameworks, Configuration, Custom Policies, and Output Formats
Source: https://github.com/bridgecrewio/checkov / Human Manual
Supported IaC, Pipeline, and SCA Frameworks
Related topics: Overview and Core Architecture, Configuration, Custom Policies, and Output Formats
Source: https://github.com/bridgecrewio/checkov / Human Manual
Configuration, Custom Policies, and Output Formats
Related topics: Overview and Core Architecture, Supported IaC, Pipeline, and SCA Frameworks
Source: https://github.com/bridgecrewio/checkov / Human Manual
Known Issues, False Positives, and Community Workarounds
Related topics: Supported IaC, Pipeline, and SCA Frameworks, Configuration, Custom Policies, and Output Formats
Source: https://github.com/bridgecrewio/checkov / Human Manual
Doramagic Pitfall Log
Source-linked risks stay visible on the manual page so the preview does not read like a recommendation.
Source: Doramagic discovery, validation, and Project Pack records
06
AI Context Pack and portable assets
After deciding to continue, take the project context into your own AI host.Complete pack plus user-owned assets
These files are planning and verification assets for Claude Code, Codex, Gemini, Cursor, ChatGPT, and other AI hosts.
07
Preflight checks
Treat this page as a planning asset, not proof that your local environment is ready.- The manual is generated from source-linked project files and Doramagic validation signals.
- Community evidence warnings stay visible instead of being converted into marketing claims.
- This English page is indexable because the locale quality gate passed and explicit English index approval is enabled.
- Use the upstream repository as the final authority for installation commands, license, and version-specific behavior.
08
Pitfall Log and verification risks
Doramagic surfaces high-risk items before users treat a candidate capability as verified.Installation risk requires verification
May increase setup, validation, or first-run risk for the user.
Installation risk requires verification
May increase setup, validation, or first-run risk for the user.
Installation risk requires verification
May increase setup, validation, or first-run risk for the user.
Configuration risk requires verification
May increase setup, validation, or first-run risk for the user.
Security or permission risk requires verification
Developers may expose sensitive permissions or credentials: Security: Multiple CVEs in Dependencies (urllib3, asteval, ply) - Checkov 3.2.517
Security or permission risk requires verification
May increase setup, validation, or first-run risk for the user.
Security or permission risk requires verification
May increase setup, validation, or first-run risk for the user.
Security or permission risk requires verification
May increase setup, validation, or first-run risk for the user.