Note: Infrastructure Scanning with Checkov
Checkov (https://www.checkov.io/) is a tool for scanning IaC resources defined in Terraform, Cloudformation, ARM. etc. It generates a report listing vulnerabilities and possible misconfigurations from a security standpoint.
The output from a Checkov run shows the vulneribility and a link to remediations. This is similar to other tools available in Azure, AWS and GCP. However, checkov scans the code not the actual resources. This is useful in test/validation stage before code is pushed to production. If you want to scan the actual resources, use one of the tools provided by the cloud provider.
To run the scan, pass the directory to your IaC code to checkov.
checkov -d tf/gcp
The scan shows the failures and links to explanations and remediations.
TODO: Integration with Bridgecrew visualization via API key.