VS Code Plugin

Run Checkov in your IDE

You can get feedback directly in your integrated development environment (IDE) using Bridgecrew’s Checkov Visual Studio Code extension. The tool highlights misconfigurations inline and in development environments—like spell check for IaC misconfigurations.

First, you need to install the extension. In VS Code, go to Extensions and search for Checkov. Click Install.

Install plugin

Next, go to the Checkov Extension Settings and paste the API Token from the Bridgecrew platform that we saved earlier.

Add API key

Scan your S3 bucket template using the extension. Go to File -> Add Folder to Workspace and navigate to the cloned TerraGoat directory. Add /terraform/aws to your VS Code workspace and open s3.tf.

See the scan results

Checkov will immediately start scanning and will highlight any identified misconfigurations, with red underline. Move your cursor over the first code block resource "aws_s3_bucket" "data". Checkov has identified multiple misconfigurations, including “Ensure all data stored in the S3 bucket have versioning enabled Checkov CKV_AWS_21."

List the policies and fixes

You can learn more about the policy by selecting “View Problem” or select “Quick Fix” to do exactly that. By selecting “Apply fix for - Ensure all data stored in the S3 bucket have versioning enabled” you automatically patched your codebase for a common misconfiguration.

Remediation lines added automatically

Now you can commit that code to your repository with the patch and improved posture.

Now that we know what Bridgecrew is scanning for and what the results look like, let’s automate it!