Skip to content

Checkov

Vulnerability Scanning

Static code analysis and software composition analysis tool for infrastructure-as-code and container images

Track releases GitHub Website
Python Latest 3.2.532 · 1d ago Security brief →

Features

  • Over 1000 built-in policies covering security/compliance for major clouds
  • Scans Terraform, CloudFormation, Kubernetes, Dockerfiles, Serverless frameworks and CI workflow files
  • Detects AWS credentials and secrets using regex/entropy detection

Security Response History

2 CVEs
CVE Severity Disclosed Patched (this tool) vs Ecosystem Median
CVE-2020-11023 KEV medium
CVSS 6.9
 2025-01-23 2026-01-25 1y / median 1y 1mo
CVE-2023-44487 KEV medium
CVSS 7.5
 2023-10-10 2026-01-25 2y 4mo / median 2y 3mo

Recent releases

View all 25 releases →
Config change
3.2.532 New feature
Auth Crypto / TLS

Signature verification

Open
Review required
3.2.531 New feature
Auth

GitHub OIDC trust check

Open
Review required
3.2.530 Bug fix
Auth Breaking upgrade

Disable var resolution

Open
No immediate action
3.2.529 Bug fix

Rotation check includes 90‑day boundary

Open
3.2.528 Bug fix

Fixed secrets scanner to report all multiline regex matches per file instead of only the first.

Full changelog

Bug Fix

  • secrets: report all multiline regex matches per file, not just first occurrence - FIX - #7540
View release on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

About

Stars
8,759
Forks
1,342
Languages
Python HCL TypeScript
View on GitHub Homepage Documentation

Install & Platforms

Install via
pip docker
Platforms
linux macos windows

Community & Support

Slack

Similar tools

gebalamariusz/cloud-audit
Trivy
grype
Deepfence ThreatMapper
msaad00/agent-bom

Beta — feedback welcome: [email protected]