diff --git a/.github/linters/.checkov.yaml b/.github/linters/.checkov.yaml
new file mode 100644
index 0000000..e899e64
--- /dev/null
+++ b/.github/linters/.checkov.yaml
@@ -0,0 +1,6 @@
+# https://github.com/bridgecrewio/checkov?tab=readme-ov-file#configuration-using-a-config-file
+skip-check:
+  - CKV_K8S_11 # you don't want to set CPU limits by default...
+  - CKV_K8S_15 # Image Pull Policy should definitely not be Always
+  - CKV_K8S_21 # for tests, the namespace will always be "default"
+  - CKV_K8S_43 # digest should not be set by default in chart
diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml
index 12427a0..b4ad13d 100644
--- a/.github/workflows/lint-test.yaml
+++ b/.github/workflows/lint-test.yaml
@@ -94,7 +94,7 @@ jobs:
           VALIDATE_ALL_CODEBASE: false
           VALIDATE_BASH: true
           VALIDATE_BASH_EXEC: true
-          # VALIDATE_CHECKOV: true - always scans everything and all charts have too much errors
+          VALIDATE_CHECKOV: true
           VALIDATE_EDITORCONFIG: true
           VALIDATE_ENV: true
           VALIDATE_GITHUB_ACTIONS: true