2 min Security

Palo Alto introduces Checkov 2.0, scans IaCs on dependency issues

Palo Alto introduces Checkov 2.0, scans IaCs on dependency issues

Palo Alto Networks has announced version 2.0 of its Checkov software. The new version of the IaC scanner is now capable of detecting misconfigurations in systems with complex dependencies.

“This release is the most significant update to Checkov since it launched in 2019,” said Matt Johnson, Bridgecrew developer advocate lead at Palo Alto Networks, in a press release. “Dependency awareness means developers have even more context earlier in the development lifecycle, helping companies around the world better secure their cloud infrastructure.”

Checkov is an open source tool that allows developers to scan their IaC frameworks for configuration issues. The tool works on all kinds of IaC frameworks, such as Terraform, CloudFormation, Kubernetes, Azure Resource Manager and Serverless Framework. Version 2.0 adds dependency awareness. When the configuration contains many complex dependencies, Checkov 2.0 also knows how to deal with them.


Other improvements in version 2.0 of Checkov are 200 new policies and the ability to scan for problems in Dockerfiles. The software can also map inventory and configuration problems with graphs, which should make them easier to read. The system is built with NetworkX, a Python package for analysing networks.

Prioritize appropriately

“Policies that take into account interdependencies within IaC are critical to understanding the impact of misconfigurations,” said Rob Eden, a Checkov contributor. “It’s not enough to know that a security group has ports open to the world; we need to know if that misconfiguration is in production or just a test environment in order to prioritize it appropriately. It’s awesome to have an open-source tool providing that level of context.”

Acquisition by Palo Alto Networks

Checkov’s developer, Bridgecrew, has recently become the subject of a corporate takeover. Cybersecurity firm Palo Alto Networks offered over 130 million euros for the smaller competitor. By bringing together the products of the two companies, Palo Alto Networks wants to offer a platform for the security of the entire application lifecycle. Bridgecrew’s products will become part of Prisma Cloud.