Add Checkov to Prisma Cloud Code Security

Integrating Prisma Cloud with Checkov makes it possible for Prisma Cloud Code Security to scan your infrastructure as code files (Terraform and CloudFormation), display Incidents on the Console and, optionally, cause a build to fail. For more details, see Checkov As a prerequisite, you must be sure you can access the Prisma Cloud IP addresses and hostname for Code Security. If the Prisma Cloud IP addresses are blocked, add them to an allow list and enable access to the Prisma Cloud IP addresses and hosts.
  1. Select
    Settings > Repositories > Add repository > Checkov
  2. Install Checkov by choosing Python (pip) or Python3 (pip3) and copy the corresponding command to your command line, then select
    Checkov requires Python version 3.8 - 3.10.
  3. Enter details of
    , and
    Repository ID
    to scan, and select
    You can optionally choose to add the Branch details. If a target branch is not specified, the Code Security scans the master branch.
    You can use the wizard to generate a command to run in your CLI tool for Checkov’s most common use-case.
  4. Copy the provided command to your command line and trigger Checkov, then select
    Your configured Checkov repositories will appear on the
    page. On your next Checkov scan, the scan results will include the new configured repositories. Access
    Code Security
    to view the scanned results.

General Patterns for Using Checkov

When using Checkov in a pipeline or locally, here are some useful commands to get started:
For more CLI commands, refer to the CLI reference.
The following example shows you how configure Chekhov to scan the root directory, synchronize results with the tenant in the App2 stack, give it the repository ID org/repo and use the Enforcement rule settings from the platform for thresholds:
export PRISMA_API_URL= export BC_API_KEY=prismaaccesskey::prismasecretkey checkov -d . --repo-id org/repo --use-enforcement-rules
For Windows, use:
set PRISMA_API_URL= set BC_API_KEY=prismaaccesskey::prismasecretkey checkov -d . --repo-id org/repo --use-enforcement-rules

Recommended For You