Overview

Integrating Bridgecrew with Checkov makes it possible for Bridgecrew to scan your infrastructure as code files (Terraform and CloudFormation), display Incidents on the Console and, optionally, cause a build to fail.
Link from Checkov

How to Integrate

  1. From the Integrations Catalog, under CI/CD, select Checkov.
  1. Enter a name for your token and add a description (Optional), then select Create. Tokens are specific per user and enforce the role and permission assigned to that user within the organization.
  1. Save the API Token, then select Next. (The Token will not be available later.)
  1. Install Checkov by choosing Python or Python3 and copy corresponding command to your command line, then select Next.
  1. Fill in details of Directory, Repository ID, and Branch you want to be scanned, then select Next.
    Alternatively, if you do not set a specific target, the master branch will be scanned
    You can use this wizard to generate a command to run in your CLI tool for Checkov's most common use-case.
  1. Copy provided command to your command line to trigger Checkov, then select Done.
    Note: after the next Checkov scan, the scanned repository will appear in the Integrations grid; for further details, see here.

Did this page help you?