認証情報アクセス
Reads IaC files, environment variables, and optional platform tokens.
brew
checkov のインストール経路、実行ファイル、メタデータ、AI エージェント向けセキュリティノートを確認します。
エージェント安全性
checkov scans infrastructure code and may read sensitive templates and policy context.
Reads IaC files, environment variables, and optional platform tokens.
Usually read-only, but integrations can report to remote services.
Can produce security reports that may include resource names and paths.
Gate token-backed uploads and scans over secret-bearing files.
Allow local scans; require approval before uploading findings or scanning sensitive directories.
インストール
brew install checkovlocal Homebrew formula metadata
nix profile install nixpkgs#checkovnixpkgs package indexes · pkgs/by-name/ch/checkov/package.nix · ソース: api.github.com
概要
Prevent cloud misconfigurations during build-time for IaC tools
履歴
Checkov is an infrastructure-as-code static analysis tool created by Bridgecrew and maintained under Prisma Cloud. It became a major security package because it brought policy-as-code checks for Terraform, Kubernetes, CloudFormation, Dockerfiles, CI workflows, and related formats into a single installable CLI.
The bridgecrewio/checkov repository was created in November 2019. The official README describes Checkov as a static code analysis tool for IaC and software composition analysis, maintained by Prisma Cloud and able to detect cloud misconfigurations and vulnerabilities during build time.
Checkov expanded from Terraform-oriented misconfiguration scanning into a broader scanner for Terraform plans, CloudFormation, AWS SAM, Kubernetes, Helm, Kustomize, Dockerfiles, Serverless, Bicep, ARM templates, OpenAPI, OpenTofu, CI pipelines, container images, and open source packages.
Checkov was first uploaded to PyPI in December 2019 and was still publishing frequent 3.x releases in June 2026. The official README documents installation through pip, Homebrew, Docker, and upgrades through pip or brew.
Docker Hub metadata for bridgecrew/checkov showed more than 22 million pulls by June 2026, and the GitHub repository metadata showed thousands of stars, indicating adoption well beyond niche use. In 2021, Palo Alto Networks announced completion of its Bridgecrew acquisition, after which the README and docs positioned Checkov as part of Prisma Cloud Application Security.
Typical CLI usage scans a directory, file, or Terraform plan JSON and emits findings with policy IDs, file paths, pass/fail status, and remediation links. Output formats include CLI, CycloneDX, JSON, JUnit XML, CSV, SARIF, and GitHub markdown.
Teams commonly run Checkov locally, in CI, or in pull request workflows to block insecure infrastructure definitions before deployment. With a Prisma Cloud API key, the CLI can also use severity thresholds and platform-backed policy metadata.
Checkov is package-nerd significant because it is a high-churn Python security CLI with multiple distribution channels, a large policy corpus, Docker images, Homebrew packaging, PyPI releases, and enterprise integration pressure. It shows how cloud-security tooling moved from SaaS dashboards into developer workstation and CI packages.
Its packaging story also reflects IaC's growth: a single command-line package became a front door for scanning Terraform, Kubernetes, Docker, CI configuration, secrets, and SCA inputs.
セキュリティ状態
infrastructure mutation or orchestration signal.
リスク orange · 信頼度 中 · infrastructure
エージェントに無人実行させる前に、このツールが平文の認証情報を読むか、リモート状態を書き込むか、成果物を公開するか、プラグインを起動するかを確認してください。
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Credential-bearing paths to review before unattended agent runs.
~/.bridgecrew/credentials実行可能ファイル
| コマンド | 種類 | 公開範囲 | メモ |
|---|---|---|---|
checkov | cli | グローバル実行可能ファイル | |
checkov.cmd | cli | グローバル実行可能ファイル |
鮮度
これらの信号は、ページ生成時期、パッケージマネージャの活動、上流リリース比較を分けて示します。バージョン遅れは、証拠 URL と比較可能なバージョンがある場合だけ警告されます。
インストールメタデータ
| パッケージキー | brew:checkov |
|---|---|
| バージョン | 3.3.0 |
| パッケージマネージャ | Homebrew |
| パッケージマネージャページ | https://formulae.brew.sh/formula/checkov |
| ホームページ | https://www.checkov.io/ |
| リポジトリ | https://github.com/bridgecrewio/checkov |
| 上流ドキュメント | https://www.checkov.io/ |
| ライセンス | Apache-2.0 |
| ソースアーカイブ | https://files.pythonhosted.org/packages/9c/0a/03002542731935763af6bb5eb7473cc1e99818c818608d5fd54240c590e2/checkov-3.3.0.tar.gz |
| 最終更新 | 2026-06-11T07:52:35Z |
| Pulse | updated |
| 依存関係 | certifi, cffi, libyaml, numpy, pydantic, python@3.14, rpds-py |
| ビルド依存関係 | cmake, maturin, rust |
| macOS 提供ライブラリ | libffi |
| Bottle | 利用可能 (対象 arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | 未定義 |
| サービス | 宣言なし |
レジストリ情報
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | checkov |
| Version Scheme | 0 |
| Revision | 0 |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
ソースデータベース一致
一致は外部パッケージマネージャインデックスから取得され、ローカルの Automic Vault パッケージリンクとは分けて表示されます。
checkov
nix profile install nixpkgs#checkovソース経路
このページは scripts/generate-pkg-sqlite.py が生成した非公開のパッケージ SQLite アーティファクトから av-web によって提供されます。
View the package source record on GitHub.