Checkov Integrations

Google Cloud is a cloud-based service that allows you to create anything from simple websites to complex applications for businesses of all sizes. New customers get $300 in free credits to run, test, and deploy workloads. All customers can use 25+ products for free, up to monthly usage limits. Use Google's core infrastructure, data analytics & machine learning. Secure and fully featured for all enterprises. Tap into big data to find answers faster and build better products. Grow from prototype to production to planet-scale, without having to think about capacity, reliability or performance. From virtual machines with proven price/performance advantages to a fully managed app development platform. Scalable, resilient, high performance object storage and databases for your applications. State-of-the-art software-defined networking products on Google’s private fiber network. Fully managed data warehousing, batch and stream processing, data exploration, Hadoop/Spark, and messaging.

Kubernetes (K8s) is an open-source system for automating deployment, scaling, and management of containerized applications. It groups containers that make up an application into logical units for easy management and discovery. Kubernetes builds upon 15 years of experience of running production workloads at Google, combined with best-of-breed ideas and practices from the community. Designed on the same principles that allows Google to run billions of containers a week, Kubernetes can scale without increasing your ops team. Whether testing locally or running a global enterprise, Kubernetes flexibility grows with you to deliver your applications consistently and easily no matter how complex your need is. Kubernetes is open source giving you the freedom to take advantage of on-premises, hybrid, or public cloud infrastructure, letting you effortlessly move workloads to where it matters to you.

GitHub is the world’s most secure, most scalable, and most loved developer platform. Join millions of developers and businesses building the software that powers the world. Build with the world’s most innovative communities, backed by our best tools, support, and services. If you manage multiple contributors , there’s a free option: GitHub Team for Open Source. We also run GitHub Sponsors, where we help fund your work. The Pack is back. We’ve partnered up to give students and teachers free access to the best developer tools—for the school year and beyond. Work for a government-recognized nonprofit, association, or 501(c)(3)? Get a discounted Organization account on us.

GitLab is a complete DevOps platform. With GitLab, you get a complete CI/CD toolchain out-of-the-box. One interface. One conversation. One permission model. GitLab is a complete DevOps platform, delivered as a single application, fundamentally changing the way Development, Security, and Ops teams collaborate. GitLab helps teams accelerate software delivery from weeks to minutes, reduce development costs, and reduce the risk of application vulnerabilities while increasing developer productivity. Source code management enables coordination, sharing and collaboration across the entire software development team. Track and merge branches, audit changes and enable concurrent work, to accelerate software delivery. Review code, discuss changes, share knowledge, and identify defects in code among distributed teams via asynchronous review and commenting. Automate, track and report code reviews.

Amazon Web Services (AWS) is the world’s most comprehensive cloud platform, trusted by millions of customers across industries. From startups to global enterprises and government agencies, AWS provides on-demand solutions for compute, storage, networking, AI, analytics, and more. The platform empowers organizations to innovate faster, reduce costs, and scale globally with unmatched flexibility and reliability. With services like Amazon EC2 for compute, Amazon S3 for storage, SageMaker for AI/ML, and CloudFront for content delivery, AWS covers nearly every business and technical need. Its global infrastructure spans 120 availability zones across 38 regions, ensuring resilience, compliance, and security. Backed by the largest community of customers, partners, and developers, AWS continues to lead the cloud industry in innovation and operational expertise.

Microsoft's Azure is a cloud computing platform that allows for rapid and secure application development, testing and management. Azure. Invent with purpose. Turn ideas into solutions with more than 100 services to build, deploy, and manage applications—in the cloud, on-premises, and at the edge—using the tools and frameworks of your choice. Continuous innovation from Microsoft supports your development today, and your product visions for tomorrow. With a commitment to open source, and support for all languages and frameworks, build how you want, and deploy where you want to. On-premises, in the cloud, and at the edge—we’ll meet you where you are. Integrate and manage your environments with services designed for hybrid cloud. Get security from the ground up, backed by a team of experts, and proactive compliance trusted by enterprises, governments, and startups. The cloud you can trust, with the numbers to prove it.

Bitbucket is more than just Git code management. Bitbucket gives teams one place to plan projects, collaborate on code, test, and deploy. Free for small teams under 5 and priced to scale with Standard ($3/user/mo) or Premium ($6/user/mo) plans. Keep your projects organized by creating Bitbucket branches right from Jira issues or Trello cards. Build, test and deploy with integrated CI/CD. Benefit from configuration as code and fast feedback loops. Approve code review more efficiently with pull requests. Create a merge checklist with designated approvers and hold discussions right in the source code with inline comments. Bitbucket Pipelines with Deployments lets you build, test and deploy with integrated CI/CD. Benefit from configuration as code and fast feedback loops. Know your code is secure in the Cloud with IP whitelisting and required 2-step verification. Restrict access to certain users, and control their actions with branch permissions and merge checks for quality code.

The leading open source automation server, Jenkins provides hundreds of plugins to support building, deploying and automating any project. As an extensible automation server, Jenkins can be used as a simple CI server or turned into the continuous delivery hub for any project. Jenkins is a self-contained Java-based program, ready to run out-of-the-box, with packages for Windows, Linux, macOS and other Unix-like operating systems. Jenkins can be easily set up and configured via its web interface, which includes on-the-fly error checks and built-in help. With hundreds of plugins in the Update Center, Jenkins integrates with practically every tool in the continuous integration and continuous delivery toolchain. Jenkins can be extended via its plugin architecture, providing nearly infinite possibilities for what Jenkins can do. Jenkins can easily distribute work across multiple machines, helping drive builds, tests and deployments across multiple platforms faster.

Microsoft Visual Studio is the industry-leading integrated development environment (IDE) for building modern applications across desktop, mobile, cloud, and web. It empowers developers to write, refactor, debug, test, and deploy software faster with intelligent assistance powered by GitHub Copilot and AI-driven workflows. With Agent Mode, developers can automate repetitive coding tasks, optimize performance, and receive contextual help directly in the IDE. The suite includes Visual Studio 2022, the comprehensive IDE for .NET and C++ development on Windows, and Visual Studio Code, the lightweight, cross-platform editor supporting JavaScript, Python, and dozens of other languages. Visual Studio integrates seamlessly with Azure, GitHub, and CI/CD pipelines, enabling teams to collaborate and ship code efficiently. Trusted by millions worldwide, Visual Studio provides the tools and intelligence developers need to build reliable, scalable, and secure applications from concept to release.

AWS CloudFormation is a infrastructure provisioning and management tool that provides you the ability to create resource templates that specifies a set of AWS resources to provision. The templates allow you to version control your infrastructure, and also easily replicate your infrastructure stack quickly and with repeatability. Define an Amazon Virtual Private Cloud (VPC) subnet or provisioning services like AWS OpsWorks or Amazon Elastic Container Service (ECS) with ease. Run anything from a single Amazon Elastic Compute Cloud (EC2) instance to a complex multi-region application. Automate, test, and deploy infrastructure templates with continuous integration and delivery (CI/CD) automation. AWS CloudFormation lets you model, provision, and manage AWS and third-party resources by treating infrastructure as code. Speed up cloud provisioning with infrastructure as code.

The core of extensible programming is defining functions. Python allows mandatory and optional arguments, keyword arguments, and even arbitrary argument lists. Whether you're new to programming or an experienced developer, it's easy to learn and use Python. Python can be easy to pick up whether you're a first-time programmer or you're experienced with other languages. The following pages are a useful first step to get on your way to writing programs with Python! The community hosts conferences and meetups to collaborate on code, and much more. Python's documentation will help you along the way, and the mailing lists will keep you in touch. The Python Package Index (PyPI) hosts thousands of third-party modules for Python. Both Python's standard library and the community-contributed modules allow for endless possibilities.

Helm helps you manage Kubernetes applications, Helm charts help you define, install, and upgrade even the most complex Kubernetes application. Charts are easy to create, version, share, and publish, so start using Helm and stop the copy-and-paste. Charts describe even the most complex apps, provide repeatable application installation, and serve as a single point of authority. Take the pain out of updates with in-place upgrades and custom hooks. Charts are easy to version, share, and host on public or private servers. Use helm rollback to roll back to an older version of a release with ease. Helm uses a packaging format called charts. A chart is a collection of files that describe a related set of Kubernetes resources. A single chart might be used to deploy something simple, like a memcached pod, or something complex, like a full web app stack with HTTP servers, databases, caches, and so on.

Declare AWS Lambda functions and their triggers through simple abstract syntax in YAML. AWS Lambda functions, triggers & code will be deployed and wired together in the cloud, automatically. Install thousands of Serverless Framework Plugins to build new serverless use-cases on AWS and integrate with other tools. Track usage, performance, errors on your serverless apps with instant, powerful metrics. See all of your serverless applications and their resources in one place, regardless of AWS account or region. Easily share secrets, outputs from your serverless applications and delegate AWS account access. You can deploy many familiar use-cases instantly with the Serverless Framework. From REST APIs on Node.js, Python, Go, Java, to GraphQL APIs, scheduled tasks, Express.js applications, and front-end applications.

Brainboard is an AI-driven platform designed for cloud architects, DevOps teams, and platform engineers to visually design, deploy, and manage multi-cloud infrastructures while automatically generating Infrastructure as Code. With support for major cloud providers and deep integration with Terraform/OpenTofu, users can drag-and-drop architecture diagrams that are instantly translated into ready-to-use Terraform code, enabling “design first, code when needed”. The platform also includes features such as CI/CD pipelines tailored for infrastructure, drift detection, versioning, and role-based access controls to ensure governance, consistency, and collaboration across teams. Brainboard supports the creation of reusable service-catalog templates, enabling internal teams to self-provision validated, compliant infrastructure without constant reliance on central DevOps.

Terraform is an open-source infrastructure as code software tool that provides a consistent CLI workflow to manage hundreds of cloud services. Terraform codifies cloud APIs into declarative configuration files. Write infrastructure as code using declarative configuration files. HashiCorp Configuration Language (HCL) allows for concise descriptions of resources using blocks, arguments, and expressions. Run terraform plan to check whether the execution plan for a configuration matches your expectations before provisioning or changing infrastructure. Apply changes to hundreds of cloud providers with terraform apply to reach the desired state of the configuration. Define infrastructure as code to manage the full lifecycle — create new resources, manage existing ones, and destroy those no longer needed.

YAML: YAML Ain't Markup Language. YAML is a human-friendly data serialization language for all programming languages.

The Kondukto platform’s flexible design allows you to create custom workflows for responding to risks quickly and efficiently. Take advantage of more than 25 built-in open-source tools ready to run SAST, DAST, SCA, and Container Image scans within minutes without a need for installation, maintenance, or updates. Protect your corporate memory from changes in employees, scanners, or DevOps tools. All security data, statistics, and activities in one place for you to own. Avoid vendor lock or loss of historical data when you need to change an AppSec tool. Verify fixes automatically to ensure better collaboration and less distraction. Boost efficiency by eliminating redundant conversations between AppSec and development teams.

Enso is transforming application security by empowering organizations to build, manage and scale their AppSec programs. Its Application Security Posture Management (ASPM) platform easily deploys into an organization’s environment to create an actionable, unified inventory of all application assets, their owners, security posture and associated risk. With Enso Security, AppSec teams gain the capacity to manage the tools, people and processes involved in application security, enabling them to build a simplified, agile and scalable application security program without interfering with development. Enso has been recognized with numerous awards including the 2022 Excellence Awards, Globee Awards, and Forbes Top 20 Cybersecurity Startups to Watch.

Archipelo is a developer security posture management platform that helps organizations safeguard their software development lifecycle (SDLC) by providing real-time insights into developer activities, AI code tool usage, and tool governance. It features Developer Detection Response (DevDR) for proactively identifying and mitigating security risks, Automated Tool Governance to prevent shadow IT, and an AI Code Usage & Risk Monitor to ensure secure coding practices. With seamless integration into CI/CD workflows, Archipelo captures developer actions and provides actionable insights to enhance security, mitigate risks, and ensure compliance throughout the software development process.

Gain granular visibility with engineering technologies, systems, and processes, all the way from code to deployment. Easily connect Cider to your ecosystem and seamlessly integrate security without interrupting engineering. Optimize your CI/CD security, based on a set of prioritized risks and recommendations tailored to your environment. Cider seamlessly integrates with all systems across your CI/CD and provides you with a comprehensive and accurate analysis of all technologies, frameworks, and integrations which exist in the environment. Cider maps all intelligent connections within your environment to create end-to-end visibility over the full CI/CD journey, all the way from SCM user to an artifact deployed to production. Assess the posture of your engineering systems and processes. Analyze your environment against realistic attack scenarios and identify the controls required to reduce your CI/CD attack surface.

OWASP CycloneDX is a lightweight Software Bill of Materials (SBOM) standard designed for use in application security contexts and supply chain component analysis. Strategic direction and maintenance of the specification is managed by the CycloneDX Core working group, with origins in the OWASP community. A complete and accurate inventory of all first-party and third-party components is essential for risk identification. BOMs should ideally contain all direct and transitive components and the dependency relationships between them. Adopting CycloneDX allows organizations to quickly meet these minimum requirements and mature into using more sophisticated use cases over time. CycloneDX is capable of achieving all SBOM requirements defined in the OWASP Software Component Verification Standard (SCVS).