Hello everyone, I am searching for a self-hosted or open-source IaC/code scanning platform (not tools such as Checkov and Trivy but more like bridgecrew.io or aquasecurity). If you have any recommendations or are currently using one, please let me know.

We use snyk

Hey @Andre Marcelo-Tanner, thanks for helping out. Let me know if you remember sth that's open source or self hosted.

Checkov is the OSS version from bridgecrew

I have been informally trialling both checkov & tfsec - both are similar, and equally useful to me so far