If your infrastructure has been deployed and maintained as code, chances are that you might be using Terraform or CloudFormation.In those cases most probably the enforcement of policies is after thought or takes backseat.

Checkov is the tool with most common policies and checks, available as code to run and scan on the most Infrastructure as code files and return us misconfiguration or missing best practices.

The steps from Checkov Quick Start are straight forward and I see no point in repeating them here again.

In additon there is a scope for expanding the functionality of the basic tool by defining your own personal/enterprise rules as custom policies.

If you insist on better visualisation or centralised location to track the IAC scan results, they have provided a basic web visualization

Go ahead and give a try to see how compliant is your current Infrastructure as Code.

Few screenshots from my run on the cloud formation scripts from hereare below

Running checkov

Sample Result from the run