Checkov finds hundreds of misconfigurations in your Terraform, Kubernetes, and CloudFormation code — but its output is a wall of terminal text. Resource names like aws_s3_bucket.data_lake and check IDs like CKV_AWS_18 don't tell you much when you're looking at 60 resources across 12 files. InfraSketch's security overlay fixes this. Run checkov -o json , paste the output, and every failing resource gets a red border directly on your architecture diagram. Hover for the failing check IDs. See at a glance which part of your infrastructure is the riskiest. TL;DR: Generate your diagram in InfraSketch → click 🛡 Security → paste checkov -d . -o json output → failing resources highlighted instantly. Free, no login, nothing leaves your browser. Why "checkov diagram" matters When Checkov reports that CKV_AWS_18 failed on aws_s3_bucket.access_logs , your next question is always: "Where does this bucket sit in my architecture? What connects to it? Is it public-facing or internal?" The terminal output can't answer that.…