iac-checkovlisted

# Infrastructure as Code Security with Checkov ## Overview Checkov is a static code analysis tool that scans Infrastructure as Code (IaC) files for security misconfigurations and compliance violations before deployment. With 750+ built-in policies, Checkov helps prevent cloud security issues by detecting problems in Terraform, CloudFormation, Kubernetes, Dockerfiles, Helm charts, and ARM templates. Checkov performs graph-based scanning to understand resource relationships and detect complex misconfigurations that span multiple resources, making it more powerful than simple pattern matching. ## Quick Start ### Install Checkov ```bash # Via pip pip install checkov # Via Homebrew (macOS) brew install checkov # Via Docker docker pull bridgecrew/checkov ``` ### Scan Terraform Directory ```bash # Scan all Terraform files in directory checkov -d ./terraform # Scan specific file checkov -f ./terraform/main.tf # Scan with specific framework checkov -d ./infrastructure --framework terraform ``` ### Scan Kubernetes Manifests ```bash # Scan Kubernetes YAML files checkov -d ./k8s --framework kubernetes # Scan Helm chart checkov -d ./helm-chart --framework helm ``` ### Scan CloudFormation Template ```bash # Scan CloudFormation template checkov -f ./cloudformation/template.yaml --framework cloudformation ``` ## Core Workflow ### Step 1: Understand Scan Scope Identify IaC files and frameworks to scan: ```bash # Supported frameworks checkov --list-frameworks # Output: #