Checkov Interview Guide
🟢 Easy (Basics)
1. Checkov?
Policy‑as‑code scanner for IaC.
2. Run?
checkov -d . with JSON/SARIF.
3. Policies?
Python/Rego; many built‑in frameworks.
4. Suppress?
Inline skip with reason or central file.
5. Graph analysis?
Cross‑resource context checks.
🟡 Medium (Hands‑on)
1. CI?
Fail on high; upload SARIF; pre‑commit.
2. Custom packs?
Share org policies; version them.
3. Coverage?
Measure policy coverage across resources.
4. Benchmark mapping?
CIS/NIST/etc frameworks selection.
5. Noise control?
Baselines, expiry on suppressions.
đź”´ Hard (Advanced)
1. At scale?
Central governance; dashboards; golden modules.
2. Shift‑left?
IDE + PR checks; educate devs.
🧪 Scenario Questions & Answers
1. False positives.
Refine policies; add context; open upstream issues.
2. Executives want trend.
Export to SIEM/BI; monthly reports.
3. Quick adoption.
Advisory mode → enforce after grace period.
Generated for quick interview revision — basics, hands-on, advanced, and scenarios.