Checkov Rules
Static analysis for infrastructure as code. Scan Terraform, CloudFormation, Kubernetes, and Dockerfiles for misconfigurations.
3 rules
Baseline Management Policy
Intermediate
Define standards for Checkov baseline usage — when baselines are required, how to manage baseline files, and the process for reducing baseline findings over time.
globs: **/.checkov.baseline, **/.checkov*
baseline, incremental-adoption, technical-debt, remediation-plan
View Rule
Scan All IaC Frameworks
Beginner
Require Checkov scanning for ALL infrastructure-as-code in the repository — Terraform, Kubernetes, Dockerfiles, CloudFormation, and Helm charts must all pass security checks.
globs: **/*.tf, **/Dockerfile*, **/k8s/**, **/*.yaml, **/helm/**
iac-coverage, multi-framework, security-scanning, comprehensive
View Rule
Check Skip and Suppression Standards
Intermediate
Define standards for skipping Checkov checks — inline suppressions must include justification comments, skip lists must be reviewed, and no blanket suppressions are allowed.
globs: **/*.tf, **/.checkov*, **/.github/workflows/**
check-suppression, inline-skip, policy-exceptions, documentation
View Rule