Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
☆8,867Jul 12, 2026Updated this week
Alternatives and similar repositories for checkov
Users that are interested in checkov are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Tfsec is now part of Trivy☆7,022Mar 25, 2026Updated 3 months ago
- Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.☆5,212Nov 20, 2025Updated 7 months ago
- A Pluggable Terraform Linter☆5,768Updated this week
- Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more☆36,919Updated this week
- Cloud cost intelligence for engineers, AI coding agents, and CI/CD 💰📉 Shift FinOps Left!☆12,401Jul 3, 2026Updated last week
- Open source password manager - Proton Pass • AdSecurely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
- Terratest is a Go library that makes it easier to write automated tests for your infrastructure code.☆7,934Updated this week
- Generate documentation from Terraform modules in various output formats☆4,798Updated this week
- Detect, track and alert on infrastructure drift☆2,652Jun 17, 2026Updated 3 weeks ago
- Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud envir…☆14,132Updated this week
- Terraform Pull Request Automation☆9,186Updated this week
- Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark☆8,104Updated this week
- Terragrunt is a flexible orchestration tool that allows Infrastructure as Code written in OpenTofu/Terraform to scale.☆9,711Updated this week
- Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastruct…☆2,669Jul 7, 2026Updated last week
- CLI tool to generate terraform files from existing infrastructure (reverse Terraform). Infrastructure to Code☆14,558Mar 16, 2026Updated 3 months ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how…☆1,303Jul 13, 2025Updated last year
- pre-commit git hooks to take care of Terraform configurations 🇺🇦☆3,744Updated this week
- Cloud Native Runtime Security☆9,150Updated this week
- a lightweight, security focused, BDD test framework against terraform.☆1,459May 8, 2026Updated 2 months ago
- Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resour…☆6,026Updated this week
- Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security…☆11,532Updated this week
- Write tests against structured configuration data using the Open Policy Agent Rego query language☆3,221Updated this week
- Least privilege AWS IAM Terraformer☆824Mar 18, 2025Updated last year
- Hunt for security weaknesses in Kubernetes clusters☆5,070Mar 19, 2024Updated 2 years ago
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized repo…☆2,236Updated this week
- Vulnerability Static Analysis for Containers☆11,024Updated this week
- Multi-Cloud Security Auditing Tool☆7,749Sep 23, 2025Updated 9 months ago
- KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adh…☆3,482Updated this week
- The Cloud Native Control Plane☆11,856Updated this week
- Interactive Terraform visualization. State and configuration explorer.☆3,308Jul 30, 2025Updated 11 months ago
- Cost monitoring for Kubernetes workloads and cloud costs☆6,635Updated this week
- Simple and flexible tool for managing secrets☆22,484Updated this week
- A vulnerability scanner for container images and filesystems☆12,559Updated this week
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Unified Policy as Code☆7,922Updated this week
- CLI tool and library for generating a Software Bill of Materials from container images and filesystems☆9,234Updated this week
- 🐊 Policy Controller for Kubernetes☆4,241Updated this week
- CloudMapper helps you analyze your Amazon Web Services (AWS) environments.☆6,292Jul 15, 2024Updated last year
- List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.☆9,481Jul 7, 2026Updated last week
- Regula checks infrastructure as code templates (Terraform, CloudFormation, k8s manifests) for AWS, Azure, Google Cloud, and Kubernetes se…☆965Sep 3, 2024Updated last year
- Validation of best practices in your Kubernetes clusters☆3,369Jul 6, 2026Updated last week