Checkov vs. Bridgecrew

Rooted in open source, extended by our platform

Created by Bridgecrew, Checkov is an open source policy-as-code tool that scans for security issues in infrastructure as code (IaC) templates, container images, and pipeline configuration. The Bridgecrew platform extends Checkov with native integrations and code fixes loved by developers and reporting dashboards and compliance benchmarking trusted by security teams.

Open source

Scan code locally or as part of your pipeline with Checkov

  • Scans infrastructure as code (IaC) templates, VCS and CI configuration files, and more
  • Includes hundreds of out-of-the-box policies from frameworks (CIS, PCI, HIPAA, and more) and community-sourced checks
  • Integrates with VS Code, Jenkins, GitHub, and GitLab
  • Open source and fully extensible by adding custom checks, skip lists, and integrations with other tools


Get full-stack, full-lifecycle security coverage with Bridgecrew

  • Extends coverage from code to cloud and from infrastructure to application layers
  • Integrates natively with VCS to provide relevant and actionable feedback for changes as they’re being introduced
  • Provides automated fixes via pull requests in code and lambdas in runtime
  • Includes audit history of configurations over time and compliance benchmarking

Feature comparison

See the differences between Checkov and Bridgecrew

Usage Checkov Bridgecrew
IaC scanning
Graph-based queries
Cloud runtime scanning -
Workload scanning -
Secrets scanning
Image scanning -
VCS and CI/CD configuration scanning
Policy violations
Custom policies Requires customization
Notifications Requires customization
Incident insights -
Pull request fixes -
Runtime remediations -
Dashboards -
Supply Chain Graph visualization -
Compliance reporting -
Tagging management -
CI/CD integrations Limited
Cloud provider integrations -
Notifications Requires customization
Support level Community Enterprise

Get started with code security

Sign up for a free 14-day Bridgecrew trial or get a Prisma Cloud Code Security demo.