Expanding our DevSecOps integrations with Checkov for JetBrains

We are on a mission to make infrastructure security as accessible and non-intrusive as possible. For us, that means helping address infrastructure as code (IaC) security issues as early as possible with in-context, actionable feedback. The benefits are clear—we spend less time fixing misconfigurations and more time doing what we do best—building.

We began our mission with Checkov, a command-line interface (CLI) that you can use to find misconfigurations locally or in a CI/CD pipeline. In March, we upgraded that experience with a VS Code extension that provides IaC misconfiguration feedback per resource right in the integrated development environment (IDE).

Based on the resounding excitement in the community for that in-context security feedback, we’re moving down the Stack Overflow list of most popular IDEs to the next most popular: JetBrains. Now you can get automated security feedback as you create  IaC templates straight from IntelliJ, PyCharm, or other JetBrains IDEs.

IaC policy-as-code feedback and fix suggestions straight in your IDE

The Checkov plugin for JetBrains works by scanning Terraform and CloudFormation files, Kubernetes manifests, etc., and providing policy feedback as you type. For each scanned resource block, the plugin provides a list of misconfigurations along with fix suggestions. This helps get misconfigurations addressed fast and with a much shorter feedback cycle.

IntelliJ with Checkov Plugin

The plugin scans for the hundreds of out-of-the-box policies from Checkov as well as any custom policies you may have added to the Bridgecrew platform. Additionally, skip comments and platform suppressions are acknowledged in the plugin, so developers don’t receive notifications for irrelevant policies in the future.

Getting started with the Checkov JetBrains plugin

Before you start using the plugin, you’ll need to retrieve your Bridgecrew API key which requires a free Bridgecrew account. Head to your Bridgecrew Integrations, select API Tokens, and Add Token. Give your token a name such as `JetBrains` and save that API token for the next step.

Next, go to the plugins list in your JetBrains IDE. For example, in IntelliJ, go to Preferences in the navigation menu and select Plugins. Search for Checkov and Install.

JetBrains plugin library

Once the plugin is installed, add your Bridgecrew API token from the previous step.

JetBrains Checkov settings

That’s it! Now, when you open up or save an IaC file, Checkov will automatically scan all resources within the file for misconfigurations. If any are identified, they will show up in the Checkov dialog box. By opening the resource, you’ll be able to view the misconfiguration details, see the full guidelines documentation, or apply a fix automatically.

Creating secure cloud infrastructure just got easier

Everything we do is in the name of reducing friction between security and engineering and making security more accessible for developers. Our JetBrains plugins are just our latest integration that brings security to developers in an easy-to-use way.

Try out this and other features with our free 14-day trial, and contribute enhancements to the plugin in GitHub.