iac-checkov

Solid

Infrastructure as Code (IaC) security scanning using Checkov with 750+ built-in policies for Terraform, CloudFormation, Kubernetes, Dockerfile, and ARM templates. Use when: (1) Scanning IaC files for security misconfigurations and compliance violations, (2) Validating cloud infrastructure against CIS, PCI-DSS, HIPAA, and SOC2 benchmarks, (3) Detecting secrets and hardcoded credentials in IaC, (4) Implementing policy-as-code in CI/CD pipelines, (5) Generating compliance reports with remediation guidance for cloud security posture management.

DevOps & Infrastructure 335 stars 29 forks Updated today

Install

View on GitHub

Quality Score: 85/100

Stars 20%
84
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
80
License 10%
0
Description 5%
100

Skill Content

# Infrastructure as Code Security with Checkov ## Overview Checkov is a static code analysis tool that scans Infrastructure as Code (IaC) files for security misconfigurations and compliance violations before deployment. With 750+ built-in policies, Checkov helps prevent cloud security issues by detecting problems in Terraform, CloudFormation, Kubernetes, Dockerfiles, Helm charts, and ARM templates. Checkov performs graph-based scanning to understand resource relationships and detect complex misconfigurations that span multiple resources, making it more powerful than simple pattern matching. ## Quick Start ### Install Checkov ```bash # Via pip pip install checkov # Via Homebrew (macOS) brew install checkov # Via Docker docker pull bridgecrew/checkov ``` ### Scan Terraform Directory ```bash # Scan all Terraform files in directory checkov -d ./terraform # Scan specific file checkov -f ./terraform/main.tf # Scan with specific framework checkov -d ./infrastructure --framework terraform ``` ### Scan Kubernetes Manifests ```bash # Scan Kubernetes YAML files checkov -d ./k8s --framework kubernetes # Scan Helm chart checkov -d ./helm-chart --framework helm ``` ### Scan CloudFormation Template ```bash # Scan CloudFormation template checkov -f ./cloudformation/template.yaml --framework cloudformation ``` ## Core Workflow ### Step 1: Understand Scan Scope Identify IaC files and frameworks to scan: ```bash # Supported frameworks checkov --list-frameworks # Output: # ...

Details

Author
aiskillstore
Repository
aiskillstore/marketplace
Created
5 months ago
Last Updated
today
Language
Python
License
None

Integrates with

Docker · Infrastructure Kubernetes · Infrastructure Terraform · Infrastructure

Similar Skills

Semantically similar based on skill content — not just same category

DevOps & Infrastructure Featured

implementing-infrastructure-as-code-security-scanning

This skill covers implementing automated security scanning for Infrastructure as Code (IaC) templates using tools like Checkov, tfsec, and KICS. It addresses detecting misconfigurations in Terraform, CloudFormation, Kubernetes manifests, and Helm charts before deployment, establishing policy-based governance, and integrating IaC scanning into CI/CD pipelines to prevent insecure cloud resource provisioning.

13,115 Updated today
mukul975
DevOps & Infrastructure Featured

auditing-terraform-infrastructure-for-security

Auditing Terraform infrastructure-as-code for security misconfigurations using Checkov, tfsec, Terrascan, and OPA/Rego policies to detect overly permissive IAM policies, public resource exposure, missing encryption, and insecure defaults before cloud deployment.

13,115 Updated today
mukul975
DevOps & Infrastructure Solid

iac-security-scanner

Infrastructure as Code security scanning and policy enforcement for Terraform, CloudFormation, Kubernetes, and Pulumi

1,160 Updated today
a5c-ai
DevOps & Infrastructure Listed

iac-security

IaC misconfig scanning and cloud-aware review for Terraform, CloudFormation, Ansible and Pulumi. Covers tool orchestration (checkov/tfsec/kics/cfn-nag), policy-as-code (OPA/Conftest), CIS benchmark mapping, IAM over-permission detection, drift monitoring.

4 Updated 1 weeks ago
roodlicht
DevOps & Infrastructure Listed

iac-container-security

Audit infrastructure-as-code and container security including Terraform/OpenTofu/Pulumi configurations, Dockerfile hardening, Kubernetes manifests, base image hygiene, container scanning, secrets in IaC, IAM policies, network exposure, and runtime security context. Multi-cloud (AWS, GCP, Azure). Use this skill whenever the user asks about Terraform security, tfsec, Checkov, Trivy, Dockerfile hardening, distroless images, k8s securityContext, network policies, IAM least privilege, IaC secret scanning, or 'audit my infrastructure'. Trigger on phrases like 'scan my Dockerfile', 'review my Terraform', 'audit my k8s manifests', 'harden my containers', 'IaC security', 'base image hygiene', 'container CVEs', 'trivy scan'. Use this even when only one IaC layer is mentioned.

1 Updated 1 weeks ago
hlsitechio