Checkov vs. Bridgecrew
Rooted in open source, extended by our platform
Created by Bridgecrew, Checkov is an open source policy-as-code tool that scans for security issues in infrastructure as code (IaC) templates, container images, and pipeline configuration. The Bridgecrew platform extends Checkov with native integrations and code fixes loved by developers and reporting dashboards and compliance benchmarking trusted by security teams.
Open source
Scan code locally or as part of your pipeline with Checkov
- Scans infrastructure as code (IaC) templates, VCS and CI configuration files, and more
- Includes hundreds of out-of-the-box policies from frameworks (CIS, PCI, HIPAA, and more) and community-sourced checks
- Integrates with VS Code, Jenkins, GitHub, and GitLab
- Open source and fully extensible by adding custom checks, skip lists, and integrations with other tools
Platform
Get full-stack, full-lifecycle security coverage with Bridgecrew
- Extends coverage from code to cloud and from infrastructure to application layers
- Integrates natively with VCS to provide relevant and actionable feedback for changes as they’re being introduced
- Provides automated fixes via pull requests in code and lambdas in runtime
- Includes audit history of configurations over time and compliance benchmarking
Feature comparison
See the differences between Checkov and Bridgecrew
| Usage | Checkov | Bridgecrew |
|---|---|---|
| IaC scanning | ||
| Graph-based queries | ||
| Cloud runtime scanning | - | |
| Workload scanning | - | |
| Secrets scanning | ||
| Image scanning | - | |
| VCS and CI/CD configuration scanning |
| Features | ||
|---|---|---|
| Policy violations | ||
| Custom policies | Requires customization | |
| Notifications | Requires customization | |
| Incident insights | - | |
| Pull request fixes | - | |
| Runtime remediations | - | |
| Dashboards | - | |
| Supply Chain Graph visualization | - | |
| Compliance reporting | - | |
| Tagging management | - |
| Integrations | ||
|---|---|---|
| REST API | - | |
| CI/CD integrations | Limited | |
| Cloud provider integrations | - | |
| Notifications | Requires customization |
| Support | ||
|---|---|---|
| Support level | Community | Enterprise |
Get started with code security
Sign up for a free 14-day Bridgecrew trial or get a Prisma Cloud Code Security demo.
Updates
Stay up to date with all things Checkov
Announcing Checkov 2.1 →
Get our latest Checkov update roundup including scanning support for container images, VCS config, Bicep and Kustomize templates, and more.
Checkov VCS Policies →
To help secure the delivery pipelines that make up software supply chains, Checkov scans GitHub, GitLab, and Bitbucket configuration.
Prioritize, skip, and fail with policy severities →
Learn how to configure Checkov to prioritize misconfigurations, skip checks, and fail jobs based on severity.
Cloudsplaining and Checkov →
Learn how to use Cloudsplaining and Checkov to identify AWS IAM least privilege violations in both build-time and runtime.
Checkov 2.0 →
Checkov 2.0 introduced a graph-based framework and new graph-based policies, making it the first open source tool to provide dependency-aware IaC scanning.