Automic VaultAutomic Vault

brew

Installer checkov avec Homebrew, Nix

Consultez les chemins d'installation, exécutables, métadonnées et notes de sécurité de checkov pour les workflows d'agents IA.

sécurité des agents

Réponse sur la sécurité des agents

checkov scans infrastructure code and may read sensitive templates and policy context.

Accès aux identifiants

Reads IaC files, environment variables, and optional platform tokens.

Modification distante

Usually read-only, but integrations can report to remote services.

Risque de publication ou d'artéfact

Can produce security reports that may include resource names and paths.

Contrôle recommandé

Gate token-backed uploads and scans over secret-bearing files.

Conseils d'utilisation par les agents

Allow local scans; require approval before uploading findings or scanning sensitive directories.

installation

Commandes d'installation supplémentaires

macOS

Homebrewvérifié · 100%
brew install checkov

local Homebrew formula metadata

Linux

Nixvérifié · 92%
nix profile install nixpkgs#checkov

nixpkgs package indexes · pkgs/by-name/ch/checkov/package.nix · Source: api.github.com

aperçu

Résumé du paquet

Prevent cloud misconfigurations during build-time for IaC tools

Commandes et alias

  • checkov
  • checkov.cmd

historique

Historique du projet et usages

Checkov is an infrastructure-as-code static analysis tool created by Bridgecrew and maintained under Prisma Cloud. It became a major security package because it brought policy-as-code checks for Terraform, Kubernetes, CloudFormation, Dockerfiles, CI workflows, and related formats into a single installable CLI.

Historique du projet

The bridgecrewio/checkov repository was created in November 2019. The official README describes Checkov as a static code analysis tool for IaC and software composition analysis, maintained by Prisma Cloud and able to detect cloud misconfigurations and vulnerabilities during build time.

Checkov expanded from Terraform-oriented misconfiguration scanning into a broader scanner for Terraform plans, CloudFormation, AWS SAM, Kubernetes, Helm, Kustomize, Dockerfiles, Serverless, Bicep, ARM templates, OpenAPI, OpenTofu, CI pipelines, container images, and open source packages.

Historique d'adoption

Checkov was first uploaded to PyPI in December 2019 and was still publishing frequent 3.x releases in June 2026. The official README documents installation through pip, Homebrew, Docker, and upgrades through pip or brew.

Docker Hub metadata for bridgecrew/checkov showed more than 22 million pulls by June 2026, and the GitHub repository metadata showed thousands of stars, indicating adoption well beyond niche use. In 2021, Palo Alto Networks announced completion of its Bridgecrew acquisition, after which the README and docs positioned Checkov as part of Prisma Cloud Application Security.

Modes d'utilisation

Typical CLI usage scans a directory, file, or Terraform plan JSON and emits findings with policy IDs, file paths, pass/fail status, and remediation links. Output formats include CLI, CycloneDX, JSON, JUnit XML, CSV, SARIF, and GitHub markdown.

Teams commonly run Checkov locally, in CI, or in pull request workflows to block insecure infrastructure definitions before deployment. With a Prisma Cloud API key, the CLI can also use severity thresholds and platform-backed policy metadata.

Pourquoi les passionnés de paquets s'y intéressent

Checkov is package-nerd significant because it is a high-churn Python security CLI with multiple distribution channels, a large policy corpus, Docker images, Homebrew packaging, PyPI releases, and enterprise integration pressure. It shows how cloud-security tooling moved from SaaS dashboards into developer workstation and CI packages.

Its packaging story also reflects IaC's growth: a single command-line package became a front door for scanning Terraform, Kubernetes, Docker, CI configuration, secrets, and SCA inputs.

Chronologie

  • 2019: bridgecrewio/checkov repository created and first PyPI release uploaded.
  • 2021: Palo Alto Networks completed its acquisition of Bridgecrew.
  • 2026: Checkov 3.3.x releases published and Docker image updated.

Related projects

  • Prisma Cloud Application Security is the commercial platform integration documented by Checkov.
  • Terraform, OpenTofu, Kubernetes, CloudFormation, Helm, Docker, CycloneDX, and SARIF are major adjacent ecosystems and formats supported by Checkov.

posture de sécurité

Niveau de risque : orange

infrastructure mutation or orchestration signal.

Classificateur de risque

risque orange · confiance moyen · infrastructure

Pourquoi

  • infrastructure mutation or orchestration signal

Signaux

  • text:cloud

Comportement d'installation

  • Aucun hook post-install Homebrew n’est enregistré dans les métadonnées de formule.
  • Les métadonnées de bottle Homebrew sont disponibles pour 6 plateformes.
  • S’installe avec 7 dépendances d’exécution.
  • Les métadonnées de compilation listent 3 dépendances de compilation.

Revue recommandée

Avant une utilisation sans surveillance par un agent, vérifiez si l'outil lit des identifiants en clair, écrit un état distant, publie des artefacts ou lance des plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Credential files

Credential-bearing paths to review before unattended agent runs.

Unix
~/.bridgecrew/credentials

exécutables

Exécutables installés

CommandeTypeExpositionNote
checkovcliexécutable global
checkov.cmdcliexécutable global

fraîcheur

Version et fraîcheur

Ces signaux séparent l'âge de génération de la page, l'activité du gestionnaire de paquets et la comparaison avec les versions amont. Un retard de version n'est signalé que lorsqu'une URL de preuve et des versions comparables sont présentes.

page générée2026-07-10
version du gestionnaire3.3.0
gestionnaire mis à jour2026-06-11
données localesOK
amontnot checked
dernière version détectéenon détecté

https://www.checkov.io/

métadonnées d'installation

Métadonnées du paquet

Clé du paquetbrew:checkov
Version3.3.0
Gestionnaire de paquetsHomebrew
Page du gestionnaire de paquetshttps://formulae.brew.sh/formula/checkov
Page d'accueilhttps://www.checkov.io/
Dépôthttps://github.com/bridgecrewio/checkov
Docs amonthttps://www.checkov.io/
LicenceApache-2.0
Archive sourcehttps://files.pythonhosted.org/packages/9c/0a/03002542731935763af6bb5eb7473cc1e99818c818608d5fd54240c590e2/checkov-3.3.0.tar.gz
Dernière mise à jour2026-06-11T07:52:35Z
Pulseupdated
Dépendancescertifi, cffi, libyaml, numpy, pydantic, python@3.14, rpds-py
Dépendances de compilationcmake, maturin, rust
Bibliothèques fournies par macOSlibffi
Bouteilledisponible (sur arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
post-install Homebrewnon défini
Serviceaucun déclaré

faits du registre

Détails de la base source

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namecheckov
Version Scheme0
Revision0
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • stable

correspondances dans les bases sources

Autres enregistrements de gestionnaires de paquets

Les correspondances proviennent d’index externes de gestionnaires de paquets et restent séparées des liens de paquets Automic Vault locaux.

Nix95%

checkov

nix profile install nixpkgs#checkov
  • normalized package name match
  • Correspondance par : Checkov
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/ch/checkov/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

piste source

Généré depuis les données du dépôt

Cette page est servie par av-web depuis l'artéfact SQLite privé des paquets généré par scripts/generate-pkg-sqlite.py.

Sources utilisées

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated agent safety answer
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment