checkov

PyPI v3.3.6

3,990,701 weekly downloads · Apache-2.0 · 46 Dependencies

Recently publishedMany dependencies (20+)

Source data as of:

Summary

Infrastructure as code static analysis

Install pip install checkov

Registry values

Reproduced verbatim from the official registry, with the source named on each value.

Weekly downloads 3,990,701 Source: PyPI (Python Package Index)
Releases 3752 Last release: 2026-06-30 Source: PyPI (Python Package Index)
Dependencies 46 Source: PyPI (Python Package Index)

Description

Infrastructure as code static analysis

Registry-supplied description, cleaned to plain text. Source: PyPI (Python Package Index).

Package details

Package
checkov
Registry
PyPI
Version
3.3.6
Weekly downloads
3,990,701 (weekly)
License
Apache-2.0
Dependencies
46: bc-python-hcl2, bc-detect-secrets, bc-jsonpath-ng, pycep-parser, tabulate, colorama, termcolor, junit-xml, dpath, pyyaml, boto3, gitpython, jmespath, tqdm, packaging, cloudsplaining, networkx, dockerfile-parse, docker, configargparse, argcomplete, typing-extensions, importlib-metadata, cachetools, cyclonedx-python-lib, packageurl-python, click, aiohttp, aiodns, aiomultiprocess
Releases
3752
Last release
2026-06-30
First published
2019-12-09
Homepage
https://github.com/bridgecrewio/checkov
Repository
https://github.com/bridgecrewio/checkov

Why a field shows "—": A dash means the value is not published by the source registry for that package. Quanteta never fills in a guessed value — a missing field stays blank.

Derived indices (computation method published)

Quanteta-computed from the registry values below. This is a derived index, not a measured registry metric. See the formula on the Data & Sources page.

Q-Vitality Quanteta 46.2 / 100 Maintenance activity index (release cadence + download level).
Q-Trust Quanteta 8.1 / 100 Adoption / stability index (community size + download stability + age).
Q-Risk Quanteta 45.2 / 100 Dependency-surface index. Higher = more risk factors detected.

Data & Sources