Closed renovate[bot] closed 1 month ago
github-actions[bot]
commented
2 months ago 79 tests ±0 79 :white_check_mark: ±0 0s :stopwatch: ±0s 1 suites ±0 0 :zzz: ±0 1 files ±0 0 :x: ±0
Results for commit e4b6598a. ± Comparison against base commit 9c5b94c8.
:recycle: This comment has been updated with latest results.
github-actions[bot]
commented
2 months ago 20 tests ±0 20 :white_check_mark: ±0 6s :stopwatch: ±0s 1 suites ±0 0 :zzz: ±0 1 files ±0 0 :x: ±0
Results for commit e4b6598a. ± Comparison against base commit 9c5b94c8.
:recycle: This comment has been updated with latest results.
renovate[bot]
commented
1 month ago Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.
You can manually request rebase by checking the rebase/retry box above.
⚠️ Warning: custom changes will be lost.
This PR contains the following updates:
==2.5.20->==3.2.254Release Notes
bridgecrewio/checkov (checkov)
### [`v3.2.248`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.247...3.2.248) ### [`v3.2.247`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.246...3.2.247) ### [`v3.2.246`](https://redirect.github.com/bridgecrewio/checkov/blob/HEAD/CHANGELOG.md#32246---2024-09-05) ##### Feature - **sast:** add log level when running sast in windows - [#6704](https://redirect.github.com/bridgecrewio/checkov/pull/6704) ### [`v3.2.245`](https://redirect.github.com/bridgecrewio/checkov/blob/HEAD/CHANGELOG.md#32245---2024-09-04) ##### Feature - **kubernetes:** Add policy for git-sync code injection - [#6694](https://redirect.github.com/bridgecrewio/checkov/pull/6694) - **terraform_plan:** add support for provider in tf_plan framework - [#6690](https://redirect.github.com/bridgecrewio/checkov/pull/6690) ### [`v3.2.244`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.243...3.2.244) ### [`v3.2.243`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.242...3.2.243) ### [`v3.2.242`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.242) #### Feature - **general:** add support for windows 10 for aiohttp - [#6696](https://redirect.github.com/bridgecrewio/checkov/pull/6696) ### [`v3.2.241`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.241) #### Feature - **sast:** remove the env var for Go - [#6697](https://redirect.github.com/bridgecrewio/checkov/pull/6697) #### Bug Fix - **secrets:** add edge case for policy that looks like uuid - [#6698](https://redirect.github.com/bridgecrewio/checkov/pull/6698) ### [`v3.2.240`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.239...3.2.240) ### [`v3.2.239`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.239) #### Feature - **general:** Add multiple checks to match runtime checks - [#6680](https://redirect.github.com/bridgecrewio/checkov/pull/6680) ### [`v3.2.238`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.238) #### Feature - **terraform:** add support for TF cloudsplaining evaluated_keys - [#6677](https://redirect.github.com/bridgecrewio/checkov/pull/6677) #### Bug Fix - **secrets:** change logs form info to debug - [#6685](https://redirect.github.com/bridgecrewio/checkov/pull/6685) ### [`v3.2.237`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.236...3.2.237) ### [`v3.2.236`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.236) - no noteworthy changes ### [`v3.2.235`](https://redirect.github.com/bridgecrewio/checkov/blob/HEAD/CHANGELOG.md#32235---2024-08-21) ##### Feature - **cloudformation:** SAM Globals support with CloudFormation - [#6657](https://redirect.github.com/bridgecrewio/checkov/pull/6657) ### [`v3.2.234`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.234) #### Feature - **sast:** Adding support for sast in windows - [#6638](https://redirect.github.com/bridgecrewio/checkov/pull/6638) #### Bug Fix - **secrets:** revert duplications suppressions for secrets - [#6674](https://redirect.github.com/bridgecrewio/checkov/pull/6674) ### [`v3.2.233`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.232...3.2.233) ### [`v3.2.232`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.232) #### Bug Fix - **general:** add try except to loads file - [#6668](https://redirect.github.com/bridgecrewio/checkov/pull/6668) - **secrets:** duplications suppressions for secrets - [#6665](https://redirect.github.com/bridgecrewio/checkov/pull/6665) ### [`v3.2.231`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.230...3.2.231) ### [`v3.2.230`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.230) #### Feature - **general:** Support multiple frameworks in custom policy - [#6666](https://redirect.github.com/bridgecrewio/checkov/pull/6666) #### Bug Fix - **general:** revert support multiple frameworks in one custom policy - [#6664](https://redirect.github.com/bridgecrewio/checkov/pull/6664) ### [`v3.2.229`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.228...3.2.229) ### [`v3.2.228`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.228) #### Feature - **terraform:** Add build policy to match run policy for API Method without Auth or API - [#6637](https://redirect.github.com/bridgecrewio/checkov/pull/6637) #### Bug Fix - **secrets:** remove dups logic - [#6655](https://redirect.github.com/bridgecrewio/checkov/pull/6655) - **secrets:** Revert remove dups - [#6656](https://redirect.github.com/bridgecrewio/checkov/pull/6656) - **terraform:** Don't pass existed resources in non_exists resource checks - [#6653](https://redirect.github.com/bridgecrewio/checkov/pull/6653) ### [`v3.2.227`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.226...3.2.227) ### [`v3.2.226`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.225...3.2.226) ### [`v3.2.225`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.224...3.2.225) ### [`v3.2.224`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.223...3.2.224) ### [`v3.2.223`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.223) #### Bug Fix - **secrets:** remove duplications in secrets - [#6648](https://redirect.github.com/bridgecrewio/checkov/pull/6648) - **secrets:** revert fixing duplications - [#6652](https://redirect.github.com/bridgecrewio/checkov/pull/6652) ### [`v3.2.222`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.221...3.2.222) ### [`v3.2.221`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.221) #### Bug Fix - **terraform:** evaluate resource with double underscore - [#6642](https://redirect.github.com/bridgecrewio/checkov/pull/6642) ### [`v3.2.220`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.219...3.2.220) ### [`v3.2.219`](https://redirect.github.com/bridgecrewio/checkov/blob/HEAD/CHANGELOG.md#32219---2024-08-05) ##### Feature - **general:** support multiple frameworks in one custom policy - [#6587](https://redirect.github.com/bridgecrewio/checkov/pull/6587) - **terraform:** Add run policy for RDS encryption in transit - [#6631](https://redirect.github.com/bridgecrewio/checkov/pull/6631) ##### Documentation - **general:** Add OpenTofu - [#6627](https://redirect.github.com/bridgecrewio/checkov/pull/6627) ### [`v3.2.218`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.217...3.2.218) ### [`v3.2.217`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.217) - no noteworthy changes ### [`v3.2.216`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.216) #### Feature - **sast:** Verify that all sast policies are parsed correctly - [#6621](https://redirect.github.com/bridgecrewio/checkov/pull/6621) #### Bug Fix - **secrets:** fix secrets duplication - [#6619](https://redirect.github.com/bridgecrewio/checkov/pull/6619) - **secrets:** fix secrets duplication - Revert - [#6623](https://redirect.github.com/bridgecrewio/checkov/pull/6623) ### [`v3.2.215`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.214...3.2.215) ### [`v3.2.214`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.213...3.2.214) ### [`v3.2.213`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.213) #### Feature - **arm:** ARM AppServiceInstanceMinimum - CKV_AZURE\_212 - [#6502](https://redirect.github.com/bridgecrewio/checkov/pull/6502) - **terraform:** - TF and CFN - Add a policy for ensuring AWS Bedrock Agent is encrypted with a CMK - [#6603](https://redirect.github.com/bridgecrewio/checkov/pull/6603) #### Bug Fix - **ansible:** Fix CKV2\_ANSIBLE\_2 - [#6610](https://redirect.github.com/bridgecrewio/checkov/pull/6610) - **arm:** Support upper and lower disabled for CKV_AZURE\_189 - [#6609](https://redirect.github.com/bridgecrewio/checkov/pull/6609) - **dockerfile:** Fix edge case with apt in domain - [#6611](https://redirect.github.com/bridgecrewio/checkov/pull/6611) - **terraform_plan:** Fix parsing other types of provisioners - [#6606](https://redirect.github.com/bridgecrewio/checkov/pull/6606) - **terraform:** add condition for CKV_AWS\_353 - [#6607](https://redirect.github.com/bridgecrewio/checkov/pull/6607) - **terraform:** catch unknowns with WAF configs - [#6612](https://redirect.github.com/bridgecrewio/checkov/pull/6612) - **terraform:** Handle default for CKV_GCP\_76 - [#6608](https://redirect.github.com/bridgecrewio/checkov/pull/6608) ### [`v3.2.212`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.211...3.2.212) ### [`v3.2.211`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.210...3.2.211) ### [`v3.2.210`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.209...3.2.210) ### [`v3.2.209`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.209) #### Feature - **cloudformation:** Enrich cloudsplaining eval keys - [#6602](https://redirect.github.com/bridgecrewio/checkov/pull/6602) #### Documentation - **general:** add --repo-id to relevant examples with API key - [#6605](https://redirect.github.com/bridgecrewio/checkov/pull/6605) ### [`v3.2.208`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.208) #### Feature - **general:** filter resource by provider for all resources types - [#6598](https://redirect.github.com/bridgecrewio/checkov/pull/6598) - **secrets:** add CKV_SECRET\_192 to GENERIC_PRIVATE_KEY_CHECK_IDS - [#6600](https://redirect.github.com/bridgecrewio/checkov/pull/6600) - **terraform:** Update ckv-aws-8 policy - support unknown statement - [#6596](https://redirect.github.com/bridgecrewio/checkov/pull/6596) #### Bug Fix - **terraform:** Fix resource type for CKV_AZURE\_242 - [#6599](https://redirect.github.com/bridgecrewio/checkov/pull/6599) #### Platform - **general:** handle multiple values for the same metadata filter - [#6604](https://redirect.github.com/bridgecrewio/checkov/pull/6604) ### [`v3.2.207`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.206...3.2.207) ### [`v3.2.206`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.205...3.2.206) ### [`v3.2.205`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.204...3.2.205) ### [`v3.2.204`](https://redirect.github.com/bridgecrewio/checkov/blob/HEAD/CHANGELOG.md#32204---2024-07-24) ##### Feature - **arm:** add CKV_AZURE\_191 to ensure that Managed identity provider is enabled for Azure Event Grid Topic - [#6496](https://redirect.github.com/bridgecrewio/checkov/pull/6496) ##### Bug Fix - **sast:** BCE-36172 fix cdk policies - [#6588](https://redirect.github.com/bridgecrewio/checkov/pull/6588) ### [`v3.2.203`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.202...3.2.203) ### [`v3.2.202`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.201...3.2.202) ### [`v3.2.201`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.201) #### Feature - **terraform:** add 14 rules for tencentcloud provider - [#6448](https://redirect.github.com/bridgecrewio/checkov/pull/6448) #### Bug Fix - **secrets:** fix secrets prerun bug - [#6594](https://redirect.github.com/bridgecrewio/checkov/pull/6594) - **terraform:** Exclude String in CKV_AWS\_337 - [#6592](https://redirect.github.com/bridgecrewio/checkov/pull/6592) ### [`v3.2.200`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.199...3.2.200) ### [`v3.2.199`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.199) #### Feature - **arm:** add CKV_AZURE\_87 to ensure that Azure Defender is set to On for Key Vault - [#6418](https://redirect.github.com/bridgecrewio/checkov/pull/6418) - **arm:** ARM VnetSingleDNSServer - [#6379](https://redirect.github.com/bridgecrewio/checkov/pull/6379) - **secrets:** Adding the option to prerun before multiline pattern executing - [#6586](https://redirect.github.com/bridgecrewio/checkov/pull/6586) - **secrets:** If the prrun regex found but we already scanned file we already scann… - [#6591](https://redirect.github.com/bridgecrewio/checkov/pull/6591) ### [`v3.2.198`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.197...3.2.198) ### [`v3.2.197`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.196...3.2.197) ### [`v3.2.196`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.196) #### Feature - **general:** Add metadata exception filter to GHA - [#6583](https://redirect.github.com/bridgecrewio/checkov/pull/6583) - **general:** Refactor all resource type handling in Checkov - [#6572](https://redirect.github.com/bridgecrewio/checkov/pull/6572) ### [`v3.2.195`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.194...3.2.195) ### [`v3.2.194`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.194) #### Feature - **arm:** AKSEncryptionAtHostEnable - [#6575](https://redirect.github.com/bridgecrewio/checkov/pull/6575) - **arm:** AKSEphemeralOSDisks - [#6578](https://redirect.github.com/bridgecrewio/checkov/pull/6578) - **arm:** CKV_AZURE\_92 to Ensure that Virtual Machines use managed disks - [#6455](https://redirect.github.com/bridgecrewio/checkov/pull/6455) - **arm:** FrontDoorWAFACLCVE202144228 - Mitigates the Log4j2 vulnerability CVE-2021-44228. - [#6419](https://redirect.github.com/bridgecrewio/checkov/pull/6419) #### Bug Fix - **general:** fix the right numbers in TestSkipJsonRegexPattern - [#6580](https://redirect.github.com/bridgecrewio/checkov/pull/6580) - **terraform:** Fix title of CKV_AZURE\_238 - [#6570](https://redirect.github.com/bridgecrewio/checkov/pull/6570) ### [`v3.2.193`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.193) #### Bug Fix - **terraform:** fix failures of no caller on definition context - [#6573](https://redirect.github.com/bridgecrewio/checkov/pull/6573) - **terraform:** TFPlan + TF fixes for google_project_iam_policy + google_iam_policy - [#6577](https://redirect.github.com/bridgecrewio/checkov/pull/6577) ### [`v3.2.192`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.191...3.2.192) ### [`v3.2.191`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.191) #### Bug Fix - **general:** fix sca unit tests for python 3.12 - [#6574](https://redirect.github.com/bridgecrewio/checkov/pull/6574) ### [`v3.2.190`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.190) - no noteworthy changes ### [`v3.2.189`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.189) #### Feature - **arm:** add CKV_AZURE\_169 to ensure that AKS use the Paid Sku for its SLA - [#6545](https://redirect.github.com/bridgecrewio/checkov/pull/6545) - **arm:** add CKV_AZURE\_177 to ensure that Windows VM enables automatic updates - [#6484](https://redirect.github.com/bridgecrewio/checkov/pull/6484) - **cloudformation:** Update audit_logs valid values - [#6566](https://redirect.github.com/bridgecrewio/checkov/pull/6566) ### [`v3.2.188`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.187...3.2.188) ### [`v3.2.187`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.186...3.2.187) ### [`v3.2.186`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.186) ##### Feature - **azure:** add new policies for Azure Synapse (tf and arm) - [#6554](https://redirect.github.com/bridgecrewio/checkov/pull/6554) - **bicep:** support bicep custom policy - [#6561](https://redirect.github.com/bridgecrewio/checkov/pull/6561) ##### Bug Fix - **arm:** CKV_AZURE\_56 just for authsettingsV2 name - [#6557](https://redirect.github.com/bridgecrewio/checkov/pull/6557) - **secrets:** filter secrets that have vault: in them - [#6565](https://redirect.github.com/bridgecrewio/checkov/pull/6565) ### [`v3.2.185`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.184...3.2.185) ### [`v3.2.184`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.183...3.2.184) ### [`v3.2.183`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.183) ##### Feature - **terraform_plan:** support tf_plan after_unknown enrichment - [#6517](https://redirect.github.com/bridgecrewio/checkov/pull/6517) ##### Bug Fix - **secrets:** small fix for filtering - [#6562](https://redirect.github.com/bridgecrewio/checkov/pull/6562) ##### Platform - **general:** pass repo ID to runconfig - [#6560](https://redirect.github.com/bridgecrewio/checkov/pull/6560) ### [`v3.2.182`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.181...3.2.182) ### [`v3.2.181`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.180...3.2.181) ### [`v3.2.180`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.179...3.2.180) ### [`v3.2.179`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.179) ##### Feature - **arm:** add CKV_AZURE\_206 to ensure that Storage Accounts use replication - [#6524](https://redirect.github.com/bridgecrewio/checkov/pull/6524) - **arm:** BCE-33785 Support Azure Synapse Analytics policies - [#6513](https://redirect.github.com/bridgecrewio/checkov/pull/6513) ### [`v3.2.178`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.177...3.2.178) ### [`v3.2.177`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.177) ##### Bug Fix - **sast:** fix cdk policies - [#6552](https://redirect.github.com/bridgecrewio/checkov/pull/6552) ### [`v3.2.176`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.175...3.2.176) ### [`v3.2.175`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.175) #### Feature - **arm:** AzureSearchSQLQueryUpdates - [#6543](https://redirect.github.com/bridgecrewio/checkov/pull/6543) ### [`v3.2.174`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.174) #### Feature - **arm:** add CKV_AZURE\_172 to ensure autorotation of Secrets Store CSI Driver secrets for AKS clusters - [#6533](https://redirect.github.com/bridgecrewio/checkov/pull/6533) - **arm:** add CKV_AZURE\_173 to ensure that API management uses at least TLS 1.2 - [#6478](https://redirect.github.com/bridgecrewio/checkov/pull/6478) - **arm:** AppServicePlanZoneRedundant - [#6472](https://redirect.github.com/bridgecrewio/checkov/pull/6472) - **arm:** AzureSearchSLAIndex - [#6530](https://redirect.github.com/bridgecrewio/checkov/pull/6530) - **arm:** SQLDatabaseZoneRedundant - [#6515](https://redirect.github.com/bridgecrewio/checkov/pull/6515) - **azure:** add new policies for Azure Synapse - [#6520](https://redirect.github.com/bridgecrewio/checkov/pull/6520) - **general:** update detect secrets package - [#6535](https://redirect.github.com/bridgecrewio/checkov/pull/6535) ### [`v3.2.173`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.172...3.2.173) ### [`v3.2.172`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.171...3.2.172) ### [`v3.2.171`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.171) #### Feature - **arm:** add CKV_AZURE\_171 to ensure that AKS cluster upgrade channel is chosen - [#6532](https://redirect.github.com/bridgecrewio/checkov/pull/6532) - **arm:** add CKV_AZURE\_175 to ensure that Web PubSub uses a SKU with an SLA - [#6523](https://redirect.github.com/bridgecrewio/checkov/pull/6523) - **arm:** add CKV_AZURE\_178 to ensure that linux VM enables SSH with keys for secure communication - [#6486](https://redirect.github.com/bridgecrewio/checkov/pull/6486) - **arm:** add CKV_AZURE\_85 to ensure that Azure Defender is set to On for Kubernetes - [#6279](https://redirect.github.com/bridgecrewio/checkov/pull/6279) - **arm:** CKV_AZURE\_99 to Ensure Cosmos DB accounts have restricted access - [#6498](https://redirect.github.com/bridgecrewio/checkov/pull/6498) - **arm:** DataFactoryNoPublicNetworkAccess - [#6479](https://redirect.github.com/bridgecrewio/checkov/pull/6479) - **arm:** DataLakeStoreEncryption - [#6516](https://redirect.github.com/bridgecrewio/checkov/pull/6516) - **arm:** EventHubNamespaceMinTLS12 - [#6485](https://redirect.github.com/bridgecrewio/checkov/pull/6485) #### Bug Fix - **openapi:** \[CKV_OPENAPI\_3] Prevent false-positive when checking for http+!basic - [#6406](https://redirect.github.com/bridgecrewio/checkov/pull/6406) - **terraform_json:** support locals block in CDKTF output - [#6452](https://redirect.github.com/bridgecrewio/checkov/pull/6452) - **terraform:** Deprecate CKV2\_AWS\_67 - [#6529](https://redirect.github.com/bridgecrewio/checkov/pull/6529) ### [`v3.2.170`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.169...3.2.170) ### [`v3.2.169`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.168...3.2.169) ### [`v3.2.168`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.167...3.2.168) ### [`v3.2.167`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.166...3.2.167) ### [`v3.2.166`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.164...3.2.166) ### [`v3.2.165`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.164...3.2.165) ### [`v3.2.164`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.164) #### Documentation - **general:** Add Python note - [#6521](https://redirect.github.com/bridgecrewio/checkov/pull/6521) ### [`v3.2.163`](https://redirect.github.com/bridgecrewio/checkov/blob/HEAD/CHANGELOG.md#32163---2024-07-01) ##### Feature - **arm:** add CKV_AZURE\_174 to ensure that API management public access is disabled - [#6480](https://redirect.github.com/bridgecrewio/checkov/pull/6480) - **arm:** AppServicePHPVersion - [#6436](https://redirect.github.com/bridgecrewio/checkov/pull/6436) - **arm:** AppServicePublicAccessDisabled - [#6467](https://redirect.github.com/bridgecrewio/checkov/pull/6467) - **arm:** KeyVaultEnablesPurgeProtection - [#6465](https://redirect.github.com/bridgecrewio/checkov/pull/6465) - **arm:** PubsubSpecifyIdentity - [#6483](https://redirect.github.com/bridgecrewio/checkov/pull/6483) ### [`v3.2.162`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.161...3.2.162) ### [`v3.2.161`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.160...3.2.161) ### [`v3.2.160`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.159...3.2.160) ### [`v3.2.159`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.159) #### Bug Fix - **arm:** fix CKV_AZURE\_78: `siteConfig` object should be under `properties` - [#6477](https://redirect.github.com/bridgecrewio/checkov/pull/6477) - **general:** Mypy issues - [#6510](https://redirect.github.com/bridgecrewio/checkov/pull/6510) - **terraform:** ignore comment out modules - [#6507](https://redirect.github.com/bridgecrewio/checkov/pull/6507) ### [`v3.2.158`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.157...3.2.158) ### [`v3.2.157`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.156...3.2.157) ### [`v3.2.156`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.156) #### Feature - **arm:** add CKV_AZURE\_129 Ensure that MariaDB server enables geo-redundant backups - [#6427](https://redirect.github.com/bridgecrewio/checkov/pull/6427) - **arm:** add CKV_AZURE\_137 Ensure ACR admin account is disabled - [#6430](https://redirect.github.com/bridgecrewio/checkov/pull/6430) - **arm:** add CKV_AZURE\_139 Ensure ACR set to disable public networking - [#6428](https://redirect.github.com/bridgecrewio/checkov/pull/6428) - **arm:** add CKV_AZURE\_166 Ensure container image quarantine, scan, and mark images verified - [#6431](https://redirect.github.com/bridgecrewio/checkov/pull/6431) - **arm:** add CKV_AZURE\_168 to ensure that Azure Kubernetes Cluster (AKS) nodes should use a minimum number of 50 pods - [#6385](https://redirect.github.com/bridgecrewio/checkov/pull/6385) - **arm:** add CKV_AZURE\_45 to ensure that no sensitive credentials are exposed in VM custom_data - [#6422](https://redirect.github.com/bridgecrewio/checkov/pull/6422) - **arm:** add CKV_AZURE\_70 to ensure that Function apps is only accessible over HTTPS - [#6457](https://redirect.github.com/bridgecrewio/checkov/pull/6457) - **arm:** ARM AppServiceSlotDebugDisabled - CKV_AZURE\_155 - [#6453](https://redirect.github.com/bridgecrewio/checkov/pull/6453) - **arm:** ARM AppServiceSlotHTTPSOnly - [#6454](https://redirect.github.com/bridgecrewio/checkov/pull/6454) - **arm:** ARM VnetLocalDNS - [#6424](https://redirect.github.com/bridgecrewio/checkov/pull/6424) - **arm:** PostgressSQLGeoBackupEnabled - [#6456](https://redirect.github.com/bridgecrewio/checkov/pull/6456) - **arm:** StorageAccountName - [#6426](https://redirect.github.com/bridgecrewio/checkov/pull/6426) - **secrets:** dont filter secrets - [#6508](https://redirect.github.com/bridgecrewio/checkov/pull/6508) #### Bug Fix - **azure:** fix description of CKV_AZURE\_236 - [#6503](https://redirect.github.com/bridgecrewio/checkov/pull/6503) - **kubernetes:** Fix CKV_K8S\_31 for CronJobs - [#6506](https://redirect.github.com/bridgecrewio/checkov/pull/6506) - **sca:** fix parsing json with comments - [#6509](https://redirect.github.com/bridgecrewio/checkov/pull/6509) - **terraform:** CKV_AWS\_339 add Kubernetes 1.30 to AWS EKS version checks - [#6353](https://redirect.github.com/bridgecrewio/checkov/pull/6353) - **terraform:** remove print from CKV_AWS\_364 - [#6504](https://redirect.github.com/bridgecrewio/checkov/pull/6504) ### [`v3.2.155`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.154...3.2.155) ### [`v3.2.154`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.153...3.2.154) ### [`v3.2.153`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.152...3.2.153) ### [`v3.2.152`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.150...3.2.152) ### [`v3.2.151`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.150...3.2.151) ### [`v3.2.150`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.149...3.2.150) ### [`v3.2.149`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.148...3.2.149) ### [`v3.2.148`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.147...3.2.148) ### [`v3.2.147`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.145...3.2.147) ### [`v3.2.146`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.145...3.2.146) ### [`v3.2.145`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.145) ##### Documentation - **general:** Note for feature requests - [#6497](https://redirect.github.com/bridgecrewio/checkov/pull/6497) ### [`v3.2.144`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.144) ##### Bug Fix - **kubernetes:** ensure seccompProfile is set to RuntimeDefault for all containers in deployments and similar resources - [#6459](https://redirect.github.com/bridgecrewio/checkov/pull/6459) - **terraform:** Add more conditions for CKV_AWS\_70 - [#6464](https://redirect.github.com/bridgecrewio/checkov/pull/6464) ### [`v3.2.143`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.142...3.2.143) ### [`v3.2.142`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.141...3.2.142) ### [`v3.2.141`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.141) #### Bug Fix - **secrets:** dedup secrets history values - [#6462](https://redirect.github.com/bridgecrewio/checkov/pull/6462) ### [`v3.2.140`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.140) #### Feature - **azure:** fix ckv_azure\_189 according to docs - [#6413](https://redirect.github.com/bridgecrewio/checkov/pull/6413) #### Bug Fix - **sca:** Support parsing json with comments - [#6466](https://redirect.github.com/bridgecrewio/checkov/pull/6466) #### Documentation - **general:** fix pre-commit link - [#6433](https://redirect.github.com/bridgecrewio/checkov/pull/6433) ### [`v3.2.139`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.138...3.2.139) ### [`v3.2.138`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.138) #### Feature - **graph:** support creation of resource type allow/deny lists - [#6451](https://redirect.github.com/bridgecrewio/checkov/pull/6451) #### Bug Fix - **terraform:** Fix name of CKV2\_AWS\_67 to be more clear - [#6434](https://redirect.github.com/bridgecrewio/checkov/pull/6434) - **terraform:** Fix when apt is in rm statement - [#6437](https://redirect.github.com/bridgecrewio/checkov/pull/6437) - **terraform:** Update CKV_AWS\_224 title - [#6435](https://redirect.github.com/bridgecrewio/checkov/pull/6435) ### [`v3.2.137`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.136...3.2.137) ### [`v3.2.136`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.136) #### Bug Fix - **arm:** Correct AzureMLWorkspacePrivateEndpoint rule check logic - [#6432](https://redirect.github.com/bridgecrewio/checkov/pull/6432) - **general:** removed references Putin references - [#6445](https://redirect.github.com/bridgecrewio/checkov/pull/6445) ### [`v3.2.135`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.134...3.2.135) ### [`v3.2.134`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.133...3.2.134) ### [`v3.2.133`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.133) #### Feature - **general:** add AI_AND_ML to CheckCategories - [#6423](https://redirect.github.com/bridgecrewio/checkov/pull/6423) #### Bug Fix - **sast:** Update CKV IDs for CDK policies - [#6415](https://redirect.github.com/bridgecrewio/checkov/pull/6415) ### [`v3.2.132`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.131...3.2.132) ### [`v3.2.131`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.130...3.2.131) ### [`v3.2.130`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.130) #### Feature - **arm:** add CKV_AZURE\_135 to ensure Application Gateway WAF prevents message lookup in Log4j2. - [#6364](https://redirect.github.com/bridgecrewio/checkov/pull/6364) - **arm:** add CKV_AZURE\_140 to ensure that Local Authentication is disabled on CosmosDB - [#6329](https://redirect.github.com/bridgecrewio/checkov/pull/6329) - **arm:** add CKV_AZURE\_163 Enable vulnerability scanning for container images - [#6339](https://redirect.github.com/bridgecrewio/checkov/pull/6339) - **arm:** add MariaDbPublicAccessDisabled convert policy to arm - [#6246](https://redirect.github.com/bridgecrewio/checkov/pull/6246) - **arm:** AKSLocalAdminDisabled - [#6334](https://redirect.github.com/bridgecrewio/checkov/pull/6334) - **arm:** AppServiceFTPSState - [#6363](https://redirect.github.com/bridgecrewio/checkov/pull/6363) - **arm:** AzureServiceFabricClusterProtectionLevel - [#6366](https://redirect.github.com/bridgecrewio/checkov/pull/6366) - **arm:** ensure ACR disables anonymous pulling of images (CKV_AZURE\_138) - [#6373](https://redirect.github.com/bridgecrewio/checkov/pull/6373) - **arm:** KeyVaultDisablesPublicNetworkAccess - [#6342](https://redirect.github.com/bridgecrewio/checkov/pull/6342) - **arm:** PostgreSQLServerPublicAccessDisabled - [#6330](https://redirect.github.com/bridgecrewio/checkov/pull/6330) - **terraform:** extract image referencers for AWS SageMaker - [#6408](https://redirect.github.com/bridgecrewio/checkov/pull/6408) #### Bug Fix - **ansible:** add dict check in create_tasks_vertices - [#6417](https://redirect.github.com/bridgecrewio/checkov/pull/6417) ### [`v3.2.129`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.128...3.2.129) ### [`v3.2.128`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.128) #### Feature - **azure:** drop support for dotnet v7.0 - [#6383](https://redirect.github.com/bridgecrewio/checkov/pull/6383) - **general:** Image Referencer should not run for CI workflow files - [#6386](https://redirect.github.com/bridgecrewio/checkov/pull/6386) - **secrets:** Add \_prioritise_secrets by 3 levels of severity - [#6390](https://redirect.github.com/bridgecrewio/checkov/pull/6390) - **terraform:** add 5 policies - [#6401](https://redirect.github.com/bridgecrewio/checkov/pull/6401) - **terraform:** add 6 policies - [#6396](https://redirect.github.com/bridgecrewio/checkov/pull/6396) - **terraform:** add fix for ckv_aws\_300 - [#6404](https://redirect.github.com/bridgecrewio/checkov/pull/6404) - **terraform:** add fix for not contains solver - [#6389](https://redirect.github.com/bridgecrewio/checkov/pull/6389) #### Bug Fix - **ansible:** filter conf if its int or float - [#6409](https://redirect.github.com/bridgecrewio/checkov/pull/6409) - **general:** add try except gihub_action read file - [#6411](https://redirect.github.com/bridgecrewio/checkov/pull/6411) - **general:** bitbucket integration test failure - [#6407](https://redirect.github.com/bridgecrewio/checkov/pull/6407) - **general:** CKV2\_AZURE\_50 generates false positive azurerm_storage_account violations - [#6391](https://redirect.github.com/bridgecrewio/checkov/pull/6391) - **sast:** add log for sast on windows - [#6397](https://redirect.github.com/bridgecrewio/checkov/pull/6397) ### [`v3.2.127`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.126...3.2.127) ### [`v3.2.126`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.125...3.2.126) ### [`v3.2.125`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.125) #### Feature - **arm:** Add check for AzureML workspace not configured with private endpoint - [#6387](https://redirect.github.com/bridgecrewio/checkov/pull/6387) ### [`v3.2.124`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.124) #### Feature - **azure:** Add policy to ensure proper AzureML Workspace network access - [#6362](https://redirect.github.com/bridgecrewio/checkov/pull/6362) - **azure:** Ensure Azure Storage Account storing Machine Learning workspace high business impact data is not publicly accessible - [#6368](https://redirect.github.com/bridgecrewio/checkov/pull/6368) ### [`v3.2.123`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.122...3.2.123) ### [`v3.2.122`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.122) #### Feature - **arm:** AppServicePythonVersion - 82 check the 'python version' is the latest, if used to run the web app - [#6282](https://redirect.github.com/bridgecrewio/checkov/pull/6282) ### [`v3.2.120`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.119...3.2.120) ### [`v3.2.116`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.115...3.2.116) ### [`v3.2.115`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.114...3.2.115) ### [`v3.2.114`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.113...3.2.114) ### [`v3.2.113`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.112...3.2.113) ### [`v3.2.112`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.112) #### Feature - **terraform:** Add provider address to resources - [#6266](https://redirect.github.com/bridgecrewio/checkov/pull/6266) - **terraform:** Support for count & for_each in data blocks - [#6359](https://redirect.github.com/bridgecrewio/checkov/pull/6359) #### Bug Fix - **terraform:** Fix an issue for loading tfvars + issue in the dynamic rendering - [#6360](https://redirect.github.com/bridgecrewio/checkov/pull/6360) ### [`v3.2.111`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.110...3.2.111) ### [`v3.2.110`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.109...3.2.110) ### [`v3.2.109`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.108...3.2.109) ### [`v3.2.108`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.108) #### Bug Fix - **sast:** don't scan hidden files - [#6349](https://redirect.github.com/bridgecrewio/checkov/pull/6349) ### [`v3.2.107`](https://redirect.github.com/bridgecrewio/checkov/blob/HEAD/CHANGELOG.md#32107---2024-05-24) ##### Bug Fix - **terraform:** Handle registry modules with a version in CKF_TF\_2 - [#6354](https://redirect.github.com/bridgecrewio/checkov/pull/6354) ### [`v3.2.106`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.106) #### Feature - **arm:** Ensure Databricks Workspace data plane to control plane co… - [#6319](https://redirect.github.com/bridgecrewio/checkov/pull/6319) - **general:** TF and ARM - Ensure that Databricks Workspaces enable… - [#6313](https://redirect.github.com/bridgecrewio/checkov/pull/6313) - **secrets:** Bump detect-secrets - [#6346](https://redirect.github.com/bridgecrewio/checkov/pull/6346) ### [`v3.2.105`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.105) #### Feature - **arm:** add AppServiceJavaVersion - [#6258](https://redirect.github.com/bridgecrewio/checkov/pull/6258) - **arm:** add CKV_AZURE\_145 to check that the function app uses the latest version of TLS encryption - [#6323](https://redirect.github.com/bridgecrewio/checkov/pull/6323) - **arm:** add CKV_AZURE\_218 to ensure that Application Gateway defines secure protocols for in transit communicationApp gw defines secure protocols - [#6320](https://redirect.github.com/bridgecrewio/checkov/pull/6320) - **arm:** add CKV_AZURE\_54 to ensure Enforce a minimal Tls version for the server - [#6270](https://redirect.github.com/bridgecrewio/checkov/pull/6270) - **arm:** add CKV_AZURE\_71 to Ensure that Managed identity provider is enabled for web apps - [#6272](https://redirect.github.com/bridgecrewio/checkov/pull/6272) - **arm:** add CKV_AZURE\_72 to ensure that remote debugging is not enabled for app services - [#6281](https://redirect.github.com/bridgecrewio/checkov/pull/6281) - **arm:** AzureDefenderOStorage - [#6269](https://redirect.github.com/bridgecrewio/checkov/pull/6269) - **arm:** MySQLPublicAccessDisabled-Azure MySQL: Restrict Public Access - [#6263](https://redirect.github.com/bridgecrewio/checkov/pull/6263) - **arm:** StorageSyncPublicAccessDisabled - [#6331](https://redirect.github.com/bridgecrewio/checkov/pull/6331) - **secrets:** eliminate false positives in entropy keyword combinator detector - [#6327](https://redirect.github.com/bridgecrewio/checkov/pull/6327) #### Bug Fix - **ansible:** fix ansible resource id in local graph - [#6344](https://redirect.github.com/bridgecrewio/checkov/pull/6344) - **secrets:** fix entropy type - [#6347](https://redirect.github.com/bridgecrewio/checkov/pull/6347) ### [`v3.2.104`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.103...3.2.104) ### [`v3.2.103`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.102...3.2.103) ### [`v3.2.102`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.101...3.2.102) ### [`v3.2.101`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.100...3.2.101) ### [`v3.2.100`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.100) #### Feature - **sast:** TS-legacy-checks - [#6311](https://redirect.github.com/bridgecrewio/checkov/pull/6311) - **secrets:** entropy limit as env variable - [#6332](https://redirect.github.com/bridgecrewio/checkov/pull/6332) ### [`v3.2.99`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.98...3.2.99) ### [`v3.2.98`](https://redirect.github.com/bridgecrewio/checkov/blob/HEAD/CHANGELOG.md#3298---2024-05-20) ##### Bug Fix - **terraform:** Remove invalid CIDRs in CKV2\_AWS\_44 - [#6301](https://redirect.github.com/bridgecrewio/checkov/pull/6301) ### [`v3.2.97`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.97) #### Feature - **arm:** add CKV_AZURE\_73 to ensure that Automation account variables are encrypted - [#6271](https://redirect.github.com/bridgecrewio/checkov/pull/6271) - **arm:** add CKV_AZURE\_76 to ensure that Azure Batch account uses key vault to encrypt data - [#6280](https://redirect.github.com/bridgecrewio/checkov/pull/6280) - **arm:** add FunctionAppDisallowCORS - password correctness check - [#6248](https://redirect.github.com/bridgecrewio/checkov/pull/6248) - **arm:** ARM FunctionAppHttpVersionLatest policy - [#6244](https://redirect.github.com/bridgecrewio/checkov/pull/6244) - **arm:** CKV_AZURE\_74 to Ensure that Azure Data Explorer (Kusto) uses disk encryption - [#6273](https://redirect.github.com/bridgecrewio/checkov/pull/6273) - **arm:** MSSQLServerMinTLSVersion - [#6245](https://redirect.github.com/bridgecrewio/checkov/pull/6245) ### [`v3.2.96`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.95...3.2.96) ### [`v3.2.95`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.95) #### Bug Fix - **terraform:** handle module source tag ref when it is not the first parameter - [#6314](https://redirect.github.com/bridgecrewio/checkov/pull/6314) ### [`v3.2.94`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.94) #### Bug Fix - **sast:** fix random test sast js - [#6315](https://redirect.github.com/bridgecrewio/checkov/pull/6315) #### Platform - **general:** Double-Encode URI for RelayState Parameter - [#6302](https://redirect.github.com/bridgecrewio/checkov/pull/6302) ### [`v3.2.93`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.92...3.2.93) ### [`v3.2.92`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.92) #### Feature - **sast:** CDK TypeScript policies - [#6161](https://redirect.github.com/bridgecrewio/checkov/pull/6161) - **terraform:** add check for tf module versioned tag - [#6213](https://redirect.github.com/bridgecrewio/checkov/pull/6213) #### Bug Fix - **secrets:** secret_filter_block_list filter by file name and suffixes - [#6285](https://redirect.github.com/bridgecrewio/checkov/pull/6285) - **secrets:** secret_filter_block_list filter by file name and suffixes 2 - [#6306](https://redirect.github.com/bridgecrewio/checkov/pull/6306) #### Platform - **general:** Fix policy.name to use the spaces as specified on CLI. - [#6296](https://redirect.github.com/bridgecrewio/checkov/pull/6296) ### [`v3.2.91`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.91) #### Feature - **secrets:** bump bc-detect-secrets to 1.5.10 - [#6297](https://redirect.github.com/bridgecrewio/checkov/pull/6297) ### [`v3.2.90`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.90) #### Feature - **general:** Add deep-analysis to GHA - [#6288](https://redirect.github.com/bridgecrewio/checkov/pull/6288) - **terraform:** Add more hype policies - [#6239](https://redirect.github.com/bridgecrewio/checkov/pull/6239) #### Bug Fix - **ansible:** fix ansible definitions raw type - [#6292](https://redirect.github.com/bridgecrewio/checkov/pull/6292) #### Platform - **ansible:** add set definitions raw to ansible runner - [#6286](https://redirect.github.com/bridgecrewio/checkov/pull/6286) - **general:** Handle SAST suppressions (suppressions V2) - [#6109](https://redirect.github.com/bridgecrewio/checkov/pull/6109) #### Documentation - **general:** add RENDER_EDGES_DUPLICATE_ITER_COUNT to docs - [#6291](https://redirect.github.com/bridgecrewio/checkov/pull/6291) - **general:** Update README links for PyPi - [#6231](https://redirect.github.com/bridgecrewio/checkov/pull/6231) ### [`v3.2.89`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.88...3.2.89) ### [`v3.2.88`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.87...3.2.88) ### [`v3.2.87`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.86...3.2.87) ### [`v3.2.86`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.85...3.2.86) ### [`v3.2.85`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.85) #### Platform - **ansible:** add missing arg to ansible runner - [#6276](https://redirect.github.com/bridgecrewio/checkov/pull/6276) ### [`v3.2.84`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.84) #### Feature - **sast:** Enable cdk ts integraion test - [#6158](https://redirect.github.com/bridgecrewio/checkov/pull/6158) #### Bug Fix - **secrets:** add files for secret to skip - [#6275](https://redirect.github.com/bridgecrewio/checkov/pull/6275) - **terraform:** Update CKV_AWS\_31 for RBAC - [#6224](https://redirect.github.com/bridgecrewio/checkov/pull/6224) ### [`v3.2.83`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.82...3.2.83) ### [`v3.2.82`](https://redirect.github.com/bridgecrewio/checkov/blob/HEAD/CHANGELOG.md#3282---2024-05-06) ##### Feature - **github:** add summary message in github_failed_only output - [#6131](https://redirect.github.com/bridgecrewio/checkov/pull/6131) - **sast:** add ts checks to python pack - [#6261](https://redirect.github.com/bridgecrewio/checkov/pull/6261) - **sast:** run all cdk integration test - [#6256](https://redirect.github.com/bridgecrewio/checkov/pull/6256) ##### Bug Fix - **general:** fix changed serif path - [#6251](https://redirect.github.com/bridgecrewio/checkov/pull/6251) ### [`v3.2.81`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.80...3.2.81) ### [`v3.2.80`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.79...3.2.80) ### [`v3.2.79`](https://redirect.github.com/bridgecrewio/checkov/blob/HEAD/CHANGELOG.md#3279---2024-05-02) ##### Feature - **sast:** Add 10 TS CDK - [#6194](https://redirect.github.com/bridgecrewio/checkov/pull/6194) - **sast:** add typescript - DONT MERGE - [#6193](https://redirect.github.com/bridgecrewio/checkov/pull/6193) - **sast:** Filter js files generate by ts - [#6220](https://redirect.github.com/bridgecrewio/checkov/pull/6220) - **secrets:** bump bc-detect-secrets 1.5.9 - [#6205](https://redirect.github.com/bridgecrewio/checkov/pull/6205) - **terraform:** Add GCP policy - [#6177](https://redirect.github.com/bridgecrewio/checkov/pull/6177) - **terraform:** Add resource attributes to jsonify - [#6203](https://redirect.github.com/bridgecrewio/checkov/pull/6203) - **terraform:** Ensure dedicated data endpoints are enabled - [#6188](https://redirect.github.com/bridgecrewio/checkov/pull/6188) - **terraform:** support provider in tf_plan graph - [#6195](https://redirect.github.com/bridgecrewio/checkov/pull/6195) - **terraform:** Update CloudArmorWAFACLCVE202144228.py - [#6217](https://redirect.github.com/bridgecrewio/checkov/pull/6217) ##### Bug Fix - **general:** add print to random test - [#6229](https://redirect.github.com/bridgecrewio/checkov/pull/6229) - **general:** fix integration test in build - [#6227](https://redirect.github.com/bridgecrewio/checkov/pull/6227) - **general:** fix integration tests - [#6207](https://redirect.github.com/bridgecrewio/checkov/pull/6207) - **kubernetes:** Update checkov-job.yaml - [#5985](https://redirect.github.com/bridgecrewio/checkov/pull/5985) - **sca:** remove old test for the depracated workflow github-action - [#6232](https://redirect.github.com/bridgecrewio/checkov/pull/6232) - **terraform_plan:** Edges not created because of indexing in resource\["address"] when resources in modules use count - [#6145](https://redirect.github.com/bridgecrewio/checkov/pull/6145) - **terraform:** CKV_AWS\_23 rule description fixed for clarity - [#5993](https://redirect.github.com/bridgecrewio/checkov/pull/5993) - **terraform:** Fix CKV_AWS\_358 to handle plan files - [#6202](https://redirect.github.com/bridgecrewio/checkov/pull/6202) ##### Platform - **ansible:** add create_definitions function for ansible framework - [#6225](https://redirect.github.com/bridgecrewio/checkov/pull/6225) ##### Documentation - **general:** Fix docs html brackets - [#6051](https://redirect.github.com/bridgecrewio/checkov/pull/6051) - **general:** Remove Python 3.7 - [#6200](https://redirect.github.com/bridgecrewio/checkov/pull/6200) ### [`v3.2.78`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.77...3.2.78) ### [`v3.2.77`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.76...3.2.77) ### [`v3.2.76`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.75...3.2.76) ### [`v3.2.75`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.74...3.2.75) ### [`v3.2.74`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.74) #### Feature - **general:** Update range includes to handle lists of ranges and lists of values - [#6192](https://redirect.github.com/bridgecrewio/checkov/pull/6192) ### [`v3.2.73`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.73) #### Feature - **sast:** TypeScript cdk policies p7 - [#6186](https://redirect.github.com/bridgecrewio/checkov/pull/6186) ### [`v3.2.72`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.72) #### Feature - **bicep:** Add bicep version of policy - [#6191](https://redirect.github.com/bridgecrewio/checkov/pull/6191) ### [`v3.2.71`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.71) #### Feature - **sca:** support licenses custom policies enforcement rules - [#6173](https://redirect.github.com/bridgecrewio/checkov/pull/6173) ### [`v3.2.70`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.70) #### Feature - **sast:** Add 5 cdk for TS - [#6179](https://redirect.github.com/bridgecrewio/checkov/pull/6179) #### Bug Fix - **sast:** fix skipped_checks paths before upload to the platform - [#6183](https://redirect.github.com/bridgecrewio/checkov/pull/6183) ### [`v3.2.69`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.68...3.2.69) ### [`v3.2.68`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.68) #### Feature - **sast:** adding extended code block - [#6178](https://redirect.github.com/bridgecrewio/checkov/pull/6178) - **sca:** using the new api license/get-licenses-violations instead of packages/get-licenses-violations (which is deprecated) - [#6174](https://redirect.github.com/bridgecrewio/checkov/pull/6174) #### Bug Fix - **sca:** Revert "feat(sca): using the new api license/get-licenses-violations … - [#6176](https://redirect.github.com/bridgecrewio/checkov/pull/6176) ### [`v3.2.67`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.66...3.2.67) ### [`v3.2.66`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.65...3.2.66) ### [`v3.2.65`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.65) #### Bug Fix - **sast:** save suppress_comment for sast inline suppressions - [#6171](https://redirect.github.com/bridgecrewio/checkov/pull/6171) - **secrets:** Azure Storage Key detector updates in bc-detect-secrets 1.5.7 - [#6168](https://redirect.github.com/bridgecrewio/checkov/pull/6168) ### [`v3.2.64`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.63...3.2.64) ### [`v3.2.63`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.63) #### Feature - **sast:** CDK TS policies p2 - [#6165](https://redirect.github.com/bridgecrewio/checkov/pull/6165) ### [`v3.2.62`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.61...3.2.62) ### [`v3.2.61`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.60...3.2.61) ### [`v3.2.60`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.60) #### Feature - **sast:** Add TS CDK policies 1 - [#6151](https://redirect.github.com/bridgecrewio/checkov/pull/6151) - **sast:** CDK TS policies p3 - [#6157](https://redirect.github.com/bridgecrewio/checkov/pull/6157) #### Bug Fix - **terraform:** Fix conditional expression evaluation logic with compare - [#6160](https://redirect.github.com/bridgecrewio/checkov/pull/6160) - **terraform:** Fixed flaky test for CKV_AWS\_356 - [#6162](https://redirect.github.com/bridgecrewio/checkov/pull/6162) ### [`v3.2.59`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.58...3.2.59) ### [`v3.2.58`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.57...3.2.58) ### [`v3.2.57`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.56...3.2.57) ### [`v3.2.56`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.55...3.2.56) ### [`v3.2.55`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.55) #### Feature - **sast:** Adding typescript cdk part 6 paz - [#6149](https://redirect.github.com/bridgecrewio/checkov/pull/6149) #### Bug Fix - **sca:** enabling suppression in the cli-output for IR-files and dockerfiles - [#6148](https://redirect.github.com/bridgecrewio/checkov/pull/6148) ### [`v3.2.54`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.53...3.2.54) ### [`v3.2.53`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.53) #### Feature - **terraform:** support s3 bucket name for references in graph - [#6134](https://redirect.github.com/bridgecrewio/checkov/pull/6134) ### [`v3.2.52`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.52) #### Feature - **general:** Update the releases' zip file names to be generic - [#6141](https://redirect.github.com/bridgecrewio/checkov/pull/6141) ### [`v3.2.51`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.51) #### Feature - **general:** add policy metadata filter exception flag - [#6132](https://redirect.github.com/bridgecrewio/checkov/pull/6132) ### [`v3.2.50`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.50) #### Bug Fix - **general:** remove limitation of resource and provider in tf.json file - [#6133](https://redirect.github.com/bridgecrewio/checkov/pull/6133) ### [`v3.2.49`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.49) #### Bug Fix - **general:** pin the version of schema to <=0.7.5 - [#6125](https://redirect.github.com/bridgecrewio/checkov/pull/6125) ### [`v3.2.48`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.47...3.2.48) ### [`v3.2.47`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.47) #### Feature - **secrets:** bump manually bc-detect-secrets - [#6120](https://redirect.github.com/bridgecrewio/checkov/pull/6120) - **terraform:** add fix for when tf_def is a string - [#6121](https://redirect.github.com/bridgecrewio/checkov/pull/6121) ### [`v3.2.46`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.45...3.2.46) ### [`v3.2.45`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.45) #### Feature - **terraform:** fix for_each resource handling - [#6119](https://redirect.github.com/bridgecrewio/checkov/pull/6119) ### [`v3.2.44`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.44) #### Bug Fix - **sca:** Fix suppression integration crashing if licenseTypes is missing - [#6117](https://redirect.github.com/bridgecrewio/checkov/pull/6117) ### [`v3.2.43`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.43) #### Bug Fix - **terraform:** Fixed bug in evaluate_conditional_expression and added zipmap support - [#6106](https://redirect.github.com/bridgecrewio/checkov/pull/6106) ### [`v3.2.42`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.42) #### Feature - **sast:** support sast skipped checks - [#6095](https://redirect.github.com/bridgecrewio/checkov/pull/6095) #### Bug Fix - **secrets:** ignore secret check in test file - [#6105](https://redirect.github.com/bridgecrewio/checkov/pull/6105) #### Platform - **general:** handle API errors with more detail - [#6107](https://redirect.github.com/bridgecrewio/checkov/pull/6107) ### [`v3.2.41`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.40...3.2.41) ### [`v3.2.40`](https://redirect.github.com/bridgecrewio/checkov/compare/3.2.39...3.2.40) ### [`v3.2.39`](https://redirect.github.com/bridgecrewio/checkov/releases/tag/3.2.39) #### Feature - **secrets:** fix entropConfiguration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.