Checkov vs. Bridgecrew
Rooted in open source, extended by our platform
Created by Bridgecrew, Checkov is an open source policy-as-code tool that scans for security issues in infrastructure as code (IaC) templates, container images, and pipeline configuration. The Bridgecrew platform extends Checkov with native integrations and code fixes loved by developers and reporting dashboards and compliance benchmarking trusted by security teams.
Scan code locally or as part of your pipeline with Checkov
- Scans infrastructure as code (IaC) templates, VCS and CI configuration files, and more
- Includes hundreds of out-of-the-box policies from frameworks (CIS, PCI, HIPAA, and more) and community-sourced checks
- Integrates with VS Code, Jenkins, GitHub, and GitLab
- Open source and fully extensible by adding custom checks, skip lists, and integrations with other tools
Get full-stack, full-lifecycle security coverage with Bridgecrew
- Extends coverage from code to cloud and from infrastructure to application layers
- Integrates natively with VCS to provide relevant and actionable feedback for changes as they’re being introduced
- Provides automated fixes via pull requests in code and lambdas in runtime
- Includes audit history of configurations over time and compliance benchmarking
See the differences between Checkov and Bridgecrew
|Cloud runtime scanning||-|
|VCS and CI/CD configuration scanning|
|Custom policies||Requires customization|
|Pull request fixes||-|
|Supply Chain Graph visualization||-|
|Cloud provider integrations||-|
Get started with code security
Sign up for a free 14-day Bridgecrew trial or get a Prisma Cloud Code Security demo.
Stay up to date with all things Checkov
Announcing Checkov 2.1 →
Get our latest Checkov update roundup including scanning support for container images, VCS config, Bicep and Kustomize templates, and more.
Checkov VCS Policies →
To help secure the delivery pipelines that make up software supply chains, Checkov scans GitHub, GitLab, and Bitbucket configuration.
Prioritize, skip, and fail with policy severities →
Learn how to configure Checkov to prioritize misconfigurations, skip checks, and fail jobs based on severity.
Cloudsplaining and Checkov →
Learn how to use Cloudsplaining and Checkov to identify AWS IAM least privilege violations in both build-time and runtime.
Checkov 2.0 →
Checkov 2.0 introduced a graph-based framework and new graph-based policies, making it the first open source tool to provide dependency-aware IaC scanning.