Skip to main content

IaC built-in scanner step reference

You can use this step to add a built-in Checkov scan to detect vulnerabilities in your Infrastructure as Code files. Built-in steps enable you to add scans quickly and with minimal configuration. These steps use scanners that are free to STO users and are ready to run as soon as you add them to your pipeline.

notes

  • Currently only Checkov scans are available for this step.

  • You may specify the Additional CLI flags before you can add the step, you can also re-configure these flags after you add the scanner.

  • All other settings such as Log Level and Fail on Severity are set to their defaults.