Comparing Checkov and the Bridgecrew platform

Checkov scans for misconfigurations in infrastructure as code (IaC) templates with hundreds of out-of-the-box policies. The Bridgecrew platform extends those capabilities with native VCS and CI/CD integrations, more fine-tuned controls, and automated security-as-code fixes.

Identify misconfigurations in IaC templates with Checkov

  • Scans Terraform, CloudFormation, Kubernetes, Helm, ARM, and Serverless framework templates
  • Powered by a graph-based backend framework that enables scanning across connected resources
  • Includes 800+ policies sourced from industry frameworks (e.g. CIS, PCI, HIPAA) and community-sourced checks
  • Open-source and fully extensible with custom checks, check skips, and integrations with build pipelines

Take Checkov to the next level with Bridgecrew

  • Extends protection to cover cloud security from IaC in build-time to resources and workloads runtime
  • Integrates natively with VCS and CI/CD providers to provide relevant and actionable feedback for changes as they’re being introduced.
  • Provides automated fixes via pull requests in build-time and lambdas in runtime
  • Includes audit history of configurations over time and downloadable compliance reports
Usage Checkov Bridgecrew
IaC scanning
Graph-based queries
Cloud runtime scanning -
Workload scanning -
Secrets scanning
Image scanning -
VCS and CI/CD configuration scanning
Policy violations
Custom policies Requires customization
Notifications Requires customization
Incident insights -
Pull request fixes -
Runtime remediations -
Dashboards -
Supply Chain Graph visualization -
Compliance reporting -
Tagging management -
CI/CD integrations Limited
Cloud provider integrations -
Notifications Requires customization
Support level Community Enterprise
Diagram comparing Checkov and Bridgecrew

Get started with Bridgecrew

Bridgecrew is free to get started