– Checkov has been downloaded about 1.2 million periods since the challenge introduced in December 2019, and now adds around 200 new policies, building it the most in depth open up-source IaC scanner accessible.
– Checkov 2.0’s new graph-primarily based framework allows dependency-mindful infrastructure as code (IaC) scanning in advanced dispersed environments.
SANTA CLARA, Calif., April 8, 2021 /PRNewswire/ — Palo Alto Networks (NYSE: PANW), today announced the next era of Checkov, the industry-foremost static evaluation resource for infrastructure as code (IaC). The open-resource task was created by Bridgecrew, which was acquired by Palo Alto Communitys in March 2021. Checkov has exploded in reputation due to the fact its original start in 2019, encouraging builders discover misconfigurations in IaC frameworks this kind of as Terraform, CloudFormation, Kubernetes, Azure Resource Supervisor (ARM) and Serverless Framework. With Checkov 2., developers can now scan for cloud misconfigurations in environments with elaborate dependencies across resources and modules.
“This release is the most substantial update to Checkov since it launched in 2019,” mentioned Matt Johnson, Bridgecrew developer advocate lead at Palo Alto Networks. “Dependency consciousness usually means developers have even additional context before in the enhancement lifecycle, assisting providers close to the entire world improved protected their cloud infrastructure.”
In accordance to a recent survey manufactured by Protected Code Warrior, 70% of organizations understand the significance of protected coding tactics, indicating an marketplace-huge change from response to avoidance and an embrace of DevSecOps. In contrast to other static code analysis instruments that rely on interim advertisement hoc modeling, Checkov is now developed on a graph-based model that gives an totally new way of modeling configuration risk in cloud indigenous program composition. That context recognition ensures more appropriate and reputable scan benefits, producing it much easier for builders to prioritize and realize the affect of recognized misconfigurations.
“Insurance policies that acquire into account interdependencies within just IaC are crucial to understanding the impression of misconfigurations,” mentioned Rob Eden, a Checkov contributor. “It’s not ample to know that a stability team has ports open to the earth we want to know if that misconfiguration is in output or just a exam environment in get to prioritize it properly. It truly is great to have an open-resource instrument supplying that level of context.”
Over 200 new insurance policies making it the most robust open up-source IaC scanner.
Designed employing NetworkX, the well known Python bundle for evaluation of sophisticated networks.
Dockerfile misconfiguration scanning secures container construct duties in constant integration (CI) workflows.
Graph-based mapping allows scanning of advanced inventory and configuration faults that demand parsing and storing information with their entire contextualized interactions intact.
Checkov 2. includes about 200 new procedures and a Dockerfile scanner that help make sure container illustrations or photos are designed securely, with no misconfigurations. According to Unit 42’s most recent Cloud Danger Report, 51% of Docker containers use insecure defaults. Checkov 2. identifies these problems immediately within just the developer’s built-in improvement surroundings (IDE) by means of the not long ago produced VS Code extension, making it effortless to quickly patch and create extra secure apps in Kubernetes and other containerized environments.
Checkov is an open-source static analysis and coverage-as-code engine for Terraform, CloudFormation, Kubernetes, Azure Source Supervisor, and Serverless Framework. With about 1.2 million downloads, Checkov matches into any developer workflow to present a basic and versatile device for scanning IaC and implementing codified, edition-controlled insurance policies. Checkov is prepared in Python and will come pre-constructed with hundreds of insurance policies that deal with protection and compliance finest methods across AWS, Azure, Google Cloud, and Kubernetes. For much more facts, go to www.checkov.io.
About Palo Alto Networks
Palo Alto Networks, the international cybersecurity leader, is shaping the cloud-centric foreseeable future with technological know-how that is reworking the way individuals and corporations function. Our mission is to be the cybersecurity companion of selection, protecting our electronic way of lifetime. We enable handle the world’s finest protection challenges with continual innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By providing an built-in system and empowering a growing ecosystem of companions, we are at the forefront of preserving tens of countless numbers of businesses across clouds, networks, and cellular products. Our vision is a earth exactly where each and every working day is safer and additional safe than the a single just before. For a lot more details, stop by www.paloaltonetworks.com.
Palo Alto Networks and the Palo Alto Networks brand are logos of Palo Alto Networks, Inc. in the United States and in jurisdictions in the course of the environment. All other logos, trade names, or provider marks made use of or described herein belong to their respective owners.
See authentic information to down load multimedia:http://www.prnewswire.com/news-releases/checkov-2–launches-as-the-initial-open-source-cloud-infrastructure-scanner-with-dependency-recognition-301265028.html
Source Palo Alto Networks, Inc.