Bridgecrew and Checkov will now ingest and scan version control system (VCS) configuration for misconfigurations. The Bridgecrew platform will automatically scan connected GitLab (GitHub and BitBucket coming soon) repositories and organizations and all VCS configuration within CI. To scan VCS configuration using Checkov, you’ll need to include an API key and specify the framework. For example:
export GITHUB_TOKEN="ghp_abc" checkov -d . --framework github_configuration
Further documentation is included in the checks such as that for GitHub.