Update dependency checkov to v3 #22

renovate · 2024-06-17T12:32:18Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
checkov	`==2.0.1076` -> `==3.2.320`

Release Notes

bridgecrewio/checkov (checkov)

Feature

terraform: support resource_type attribute - #6872

Bug Fix

arm: Fix arm report resource naming - #6876
terraform: Fix two checks and logs - #6874

`v3.2.316`

Compare Source

`v3.2.315`

Compare Source

`v3.2.314`

Compare Source

Feature

general: add logs for suppression - #6873

Bug Fix

arm: Fix arm resource naming on integration with Prisma - #6870

`v3.2.313`

Compare Source

`v3.2.312`

Compare Source

Bug Fix

arm: Fix arm graph breadcrumbs - #6869

`v3.2.311`

Compare Source

Bug Fix

cloudformation: Fixed issue where Ref was not rendered correctly if the parameter name was identical to the default value - #6856
secrets: fix find line - #6864
secrets: masking test format - #6859
secrets: multiline matches show the secret and not the first line - #6854

`v3.2.310`

Compare Source

`v3.2.309`

Compare Source

`v3.2.308`

Compare Source

`v3.2.307`

Compare Source

Bug Fix

arm: Change ARM graph creation log lvl to debug - #6857

`v3.2.306`

Compare Source

`v3.2.305`

Compare Source

Feature

sca: support java full dependency tree scan - #6834
terraform: Add check - ensure AWS CodeGuru resource contains CMK - #6851

Bug Fix

general: Used jsonpath to update vertex attributes - #6852
terraform: Update EKS supported versions - #6826
terraform: Update CKV_AZURE_171 to check automatic_upgrade_channel - #6756

`v3.2.304`

Compare Source

`v3.2.303`

Compare Source

`v3.2.302`

Compare Source

`v3.2.301`

Compare Source

Bug Fix

secrets: skip empty match - #6849

`v3.2.300`

Compare Source

Feature

azure: add new policies for Azure Synapse arm - #6553
helm: Made helm + kustomize use the Kubernetes graph registry - #6847
secrets: Adding check_id to EnrichedSecret class - #6842
secrets: Masking secrets files - #6848

Bug Fix

secrets: add prerun support for singleline - #6846
terraform: Update CKV_AZURE_167 to correct check on retention policy - #6758

`v3.2.299`

Compare Source

`v3.2.298`

Compare Source

`v3.2.297`

Compare Source

`v3.2.296`

Compare Source

Feature

cloudformation: Support Fn::Sub in cases of using a pseudo parameter - #6835
terraform: support resource_type attribute - revert - #6843

Bug Fix

terraform: CKV_GCP_32 (GoogleComputeBlockProjectSSH) Add other common enabling values - #6663

`v3.2.295`

Compare Source

`v3.2.294`

Compare Source

`v3.2.293`

Compare Source

Feature

terraform: support resource_type attribute - #6830

Bug Fix

general: fixed mypy issue - #6838

`v3.2.292`

Compare Source

`v3.2.291`

Compare Source

Feature

general: remove specific botocore version - #6796

Bug Fix

arm: fix ARM graph block types - #6824
dockerfile: Handle heredoc - #6828
sast: filter unsupported policies - #6833

`v3.2.290`

Compare Source

`v3.2.289`

Compare Source

`v3.2.288`

Compare Source

`v3.2.287`

Compare Source

Bug Fix

graph: fix internal checks loading when adding custom policies in cli - #6819

`v3.2.286`

Compare Source

Feature

secrets: Add npm detector - #6821

Bug Fix

secrets: fix empty diff scan - #6822

`v3.2.285`

Compare Source

`v3.2.284`

Compare Source

`v3.2.283`

Compare Source

`v3.2.282`

Compare Source

Bug Fix

arm: finish variable rendering and use definitions context - #6814

`v3.2.281`

Compare Source

Documentation

general: Update Python versions and add env vars to the docs - #6812

`v3.2.280`

Compare Source

Bug Fix

arm: add middleware function for platform integration for Arm definitions - #6811
secrets: Update CKV_SECRET_4 to duplication list GENERIC_PRIVATE_KEY - #6810
terraform: Add opensearch to CKV2_AWS_5 - #6807

`v3.2.279`

Compare Source

`v3.2.278`

Compare Source

Bug Fix

arm: Align arm definitions function arguments - #6808

`v3.2.277`

Compare Source

Bug Fix

secrets: add detector for IbmCosHmac - #6790

`v3.2.276`

Compare Source

Bug Fix

terraform: Fix possible exception when for_each data has boolean values - #6733

`v3.2.275`

Compare Source

Feature

arm: Add arm definition context - #6801

Bug Fix

cloudformation: change parse log level - #6794
general: pipenv==2024.0.3 - #6803
secrets: omit all secrets value in line - #6802
terraform: Security group attached to aws_mskconnect_connector is not recognized - #6780

`v3.2.274`

Compare Source

`v3.2.273`

Compare Source

`v3.2.272`

Compare Source

`v3.2.271`

Compare Source

Feature

sca: add enableDotnetCpm env var to sca scan request - #6786

`v3.2.270`

Compare Source

Feature

arm: add variable and parameters edges and rendering - #6787
arm: arm custom policy support - #6769

`v3.2.269`

Compare Source

Bug Fix

terraform: Fix crash when version isn't a float - #6783

`v3.2.268`

Compare Source

Feature

terraform_plan: Support after_unknown evaluation of complex attributes - #6784

`v3.2.267`

Compare Source

no noteworthy changes

`v3.2.266`

Compare Source

Feature

arm: unsupported module soft fail - #6775

`v3.2.265`

Compare Source

`v3.2.264`

Compare Source

`v3.2.263`

Compare Source

`v3.2.262`

Compare Source

Feature

terraform: 2 new checks - #6764
terraform: Add s3 data transport check - #6763

Bug Fix

helm: Remove helm target dir after scanning - #6767
kubernetes: Handle non-sting params in command - #6768

`v3.2.261`

Compare Source

`v3.2.260`

Compare Source

`v3.2.259`

Compare Source

`v3.2.258`

Compare Source

Bug Fix

terraform: Set timeout for parsing Terraform files with hcl2. - #6759

`v3.2.257`

Compare Source

Bug Fix

ansible: handle empty tasks - #6751

`v3.2.256`

Compare Source

Feature

terraform: New checks - #6720

Bug Fix

general: Fix operator docs - #6735
sca: add Pipfile and Pipfile.lock to supported package files list - #6746
terraform: extend CKV2_AWS_5 to include DMS Serverless (#6628) - #6630
terraform: Remove dataproc.admin from multiple checks - #6725
terraform: Security group attached to an Elastic DocumentDB cluster is not recognized by check CKV2_AWS_5 - #6687

Documentation

general: update README.md - #6719

`v3.2.255`

Compare Source

`v3.2.254`

Compare Source

Bug Fix

terraform: Added ssl_mode attribute support to CKV_GCP_6 - #6703

`v3.2.253`

Compare Source

Feature

general: allow tool name field to be customised using cli arguments - #6692
secrets: Change log level - #6716
terraform: Add check for local user in storage - #6715

Bug Fix

terraform: Update CKV_AZURE_228 for automatic calculation - #6714

`v3.2.252`

Compare Source

`v3.2.251`

Compare Source

Feature

general: add severity metadata to custom policy - #6579

`v3.2.250`

Compare Source

Bug Fix

secrets: fix suppressions and duplications - #6710

`v3.2.249`

Compare Source

Feature

general: revert packages read permissions - #6706
terraform_plan: remove secret - #6705

Bug Fix

secrets: fix suppression and duplication - #6701
secrets: Revert suppression and duplication - #6708
terraform: Fix foreach multi attributes in field - #6707

`v3.2.248`

Compare Source

`v3.2.247`

Compare Source

`v3.2.246`

Compare Source

Feature

sast: add log level when running sast in windows - #6704

`v3.2.245`

Compare Source

Feature

kubernetes: Add policy for git-sync code injection - #6694
terraform_plan: add support for provider in tf_plan framework - #6690

`v3.2.244`

Compare Source

`v3.2.243`

Compare Source

`v3.2.242`

Compare Source

Feature

general: add support for windows 10 for aiohttp - #6696

`v3.2.241`

Compare Source

Feature

sast: remove the env var for Go - #6697

Bug Fix

secrets: add edge case for policy that looks like uuid - #6698

`v3.2.240`

Compare Source

`v3.2.239`

Compare Source

Feature

general: Add multiple checks to match runtime checks - #6680

`v3.2.238`

Compare Source

Feature

terraform: add support for TF cloudsplaining evaluated_keys - #6677

Bug Fix

secrets: change logs form info to debug - #6685

`v3.2.237`

Compare Source

`v3.2.236`

Compare Source

no noteworthy changes

`v3.2.235`

Compare Source

Feature

cloudformation: SAM Globals support with CloudFormation - #6657

`v3.2.234`

Compare Source

Feature

sast: Adding support for sast in windows - #6638

Bug Fix

secrets: revert duplications suppressions for secrets - #6674

`v3.2.233`

Compare Source

`v3.2.232`

Compare Source

Bug Fix

general: add try except to loads file - #6668
secrets: duplications suppressions for secrets - #6665

`v3.2.231`

Compare Source

`v3.2.230`

Compare Source

Feature

general: Support multiple frameworks in custom policy - #6666

Bug Fix

general: revert support multiple frameworks in one custom policy - #6664

`v3.2.229`

Compare Source

`v3.2.228`

Compare Source

Feature

terraform: Add build policy to match run policy for API Method without Auth or API - #6637

Bug Fix

secrets: remove dups logic - #6655
secrets: Revert remove dups - #6656
terraform: Don't pass existed resources in non_exists resource checks - #6653

`v3.2.227`

Compare Source

`v3.2.226`

Compare Source

`v3.2.225`

Compare Source

`v3.2.224`

Compare Source

`v3.2.223`

Compare Source

Bug Fix

secrets: remove duplications in secrets - #6648
secrets: revert fixing duplications - #6652

`v3.2.222`

Compare Source

`v3.2.221`

Compare Source

Bug Fix

terraform: evaluate resource with double underscore - #6642

`v3.2.220`

Compare Source

`v3.2.219`

Compare Source

Feature

general: support multiple frameworks in one custom policy - #6587
terraform: Add run policy for RDS encryption in transit - #6631

Documentation

general: Add OpenTofu - #6627

`v3.2.218`

Compare Source

`v3.2.217`

Compare Source

no noteworthy changes

`v3.2.216`

Compare Source

Feature

sast: Verify that all sast policies are parsed correctly - #6621

Bug Fix

secrets: fix secrets duplication - #6619
secrets: fix secrets duplication - Revert - #6623

`v3.2.215`

Compare Source

`v3.2.214`

Compare Source

`v3.2.213`

Compare Source

Feature

arm: ARM AppServiceInstanceMinimum - CKV_AZURE_212 - #6502
terraform: - TF and CFN - Add a policy for ensuring AWS Bedrock Agent is encrypted with a CMK - #6603

Bug Fix

ansible: Fix CKV2_ANSIBLE_2 - #6610
arm: Support upper and lower disabled for CKV_AZURE_189 - #6609
dockerfile: Fix edge case with apt in domain - #6611
terraform_plan: Fix parsing other types of provisioners - #6606
terraform: add condition for CKV_AWS_353 - #6607
terraform: catch unknowns with WAF configs - #6612
terraform: Handle default for CKV_GCP_76 - #6608

`v3.2.212`

Compare Source

`v3.2.211`

Compare Source

`v3.2.210`

Compare Source

`v3.2.209`

Compare Source

Feature

cloudformation: Enrich cloudsplaining eval keys - #6602

Documentation

general: add --repo-id to relevant examples with API key - #6605

`v3.2.208`

Compare Source

Feature

general: filter resource by provider for all resources types - #6598
secrets: add CKV_SECRET_192 to GENERIC_PRIVATE_KEY_CHECK_IDS - #6600
terraform: Update ckv-aws-8 policy - support unknown statement - #6596

Bug Fix

terraform: Fix resource type for CKV_AZURE_242 - #6599

Platform

general: handle multiple values for the same metadata filter - #6604

`v3.2.207`

Compare Source

`v3.2.206`

Compare Source

`v3.2.205`

Compare Source

`v3.2.204`

Compare Source

Feature

arm: add CKV_AZURE_191 to ensure that Managed identity provider is enabled for Azure Event Grid Topic - #6496

Bug Fix

sast: BCE-36172 fix cdk policies - #6588

`v3.2.203`

Compare Source

`v3.2.202`

Compare Source

`v3.2.201`

Compare Source

Feature

terraform: add 14 rules for tencentcloud provider - #6448

Bug Fix

secrets: fix secrets prerun bug - #6594
terraform: Exclude String in CKV_AWS_337 - #6592

`v3.2.200`

Compare Source

`v3.2.199`

Compare Source

Feature

arm: add CKV_AZURE_87 to ensure that Azure Defender is set to On for Key Vault - #6418
arm: ARM VnetSingleDNSServer - #6379
secrets: Adding the option to prerun before multiline pattern executing - #6586
secrets: If the prrun regex found but we already scanned file we already scann… - #6591

`v3.2.198`

Compare Source

`v3.2.197`

Compare Source

`v3.2.196`

Compare Source

Feature

general: Add metadata exception filter to GHA - #6583
general: Refactor all resource type handling in Checkov - #6572

`v3.2.195`

Compare Source

`v3.2.194`

Compare Source

Feature

arm: AKSEncryptionAtHostEnable - #6575
arm: AKSEphemeralOSDisks - #6578
arm: CKV_AZURE_92 to Ensure that Virtual Machines use managed disks - #6455
arm: FrontDoorWAFACLCVE202144228 - Mitigates the Log4j2 vulnerability CVE-2021-44228. - #6419

Bug Fix

general: fix the right numbers in TestSkipJsonRegexPattern - #6580
terraform: Fix title of CKV_AZURE_238 - #6570

`v3.2.193`

Compare Source

Bug Fix

terraform: fix failures of no caller on definition context - #6573
terraform: TFPlan + TF fixes for google_project_iam_policy + google_iam_policy - #6577

`v3.2.192`

Compare Source

`v3.2.191`

Compare Source

Bug Fix

general: fix sca unit tests for python 3.12 - #6574

`v3.2.190`

Compare Source

no noteworthy changes

`v3.2.189`

Compare Source

Feature

arm: add CKV_AZURE_169 to ensure that AKS use the Paid Sku for its SLA - #6545
arm: add CKV_AZURE_177 to ensure that Windows VM enables automatic updates - #6484
cloudformation: Update audit_logs valid values - #6566

`v3.2.188`

Compare Source

`v3.2.187`

Compare Source

`v3.2.186`

Compare Source

Feature

azure: add new policies for Azure Synapse (tf and arm) - #6554
bicep: support bicep custom policy - #6561

Bug Fix

arm: CKV_AZURE_56 just for authsettingsV2 name - #6557
secrets: filter secrets that have vault: in them - #6565

`v3.2.185`

Compare Source

`v3.2.184`

Compare Source

`v3.2.183`

Compare Source

Feature

terraform_plan: support tf_plan after_unknown enrichment - #6517

Bug Fix

secrets: small fix for filtering - #6562

Platform

general: pass repo ID to runconfig - #6560

`v3.2.182`

Compare Source

`v3.2.181`

Compare Source

`v3.2.180`

Compare Source

`v3.2.179`

Compare Source

Feature

arm: add CKV_AZURE_206 to ensure that Storage Accounts use replication - #6524
arm: BCE-33785 Support Azure Synapse Analytics policies - #6513

`v3.2.178`

Compare Source

`v3.2.177`

Compare Source

Bug Fix

sast: fix cdk policies - #6552

`v3.2.176`

Compare Source

`v3.2.175`

Compare Source

Feature

arm: AzureSearchSQLQueryUpdates - #6543

`v3.2.174`

Compare Source

Feature

arm: add CKV_AZURE_172 to ensure autorotation of Secrets Store CSI Driver secrets for AKS clusters - #6533
arm: add CKV_AZURE_173 to ensure that API management uses at least TLS 1.2 - #6478
arm: AppServicePlanZoneRedundant - #6472
arm: AzureSearchSLAIndex - #6530
arm: SQLDatabaseZoneRedundant - #6515
azure: add new policies for Azure Synapse - #6520
general: update detect secrets package - #6535

`v3.2.173`

Compare Source

`v3.2.172`

Compare Source

`v3.2.171`

Compare Source

Feature

arm: add CKV_AZURE_171 to ensure that AKS cluster upgrade channel is chosen - #6532
arm: add CKV_AZURE_175 to ensure that Web PubSub uses a SKU with an SLA - #6523
arm: add CKV_AZURE_178 to ensure that linux VM enables SSH with keys for secure communication - #6486
arm: add CKV_AZURE_85 to ensure that Azure Defender is set to On for Kubernetes - #6279
arm: CKV_AZURE_99 to Ensure Cosmos DB accounts have restricted access - #6498
arm: DataFactoryNoPublicNetworkAccess - #6479
arm: DataLakeStoreEncryption - #6516
arm: EventHubNamespaceMinTLS12 - #6485

Bug Fix

openapi: [CKV_OPENAPI_3] Prevent false-positive when checking for http+!basic - #6406
terraform_json: support locals block in CDKTF output - #6452
terraform: Deprecate CKV2_AWS_67 - #6529

`v3.2.170`

Compare Source

`v3.2.169`

Compare Source

`v3.2.168`

Compare Source

`v3.2.167`

Compare Source

`v3.2.166`

Compare Source

`v3.2.165`

Compare Source

`v3.2.164`

Compare Source

Documentation

general: Add Python note - #6521

`v3.2.163`

Compare Source

Feature

arm: add CKV_AZURE_174 to ensure that API management public access is disabled - #6480
arm: AppServicePHPVersion - #6436
arm: AppServicePublicAccessDisabled - #6467
arm: KeyVaultEnablesPurgeProtection - #6465
arm: PubsubSpecifyIdentity - #6483

`v3.2.162`

Compare Source

`v3.2.161`

Compare Source

`v3.2.160`

Compare Source

`v3.2.159`

Compare Source

Bug Fix

arm: fix CKV_AZURE_78: siteConfig object should be under properties - #6477
general: Mypy issues - #6510
terraform: ignore comment out modules - #6507

`v3.2.158`

Compare Source

`v3.2.157`

Compare Source

`v3.2.156`

Compare Source

Feature

arm: add CKV_AZURE_129 Ensure that MariaDB server enables geo-redundant backups - #6427
arm: add CKV_AZURE_137 Ensure ACR admin account is disabled - #6430
arm: add CKV_AZURE_139 Ensure ACR set to disable public networking - #6428
arm: add CKV_AZURE_166 Ensure container image quarantine, scan, and mark images verified - #6431
arm: add CKV_AZURE_168 to ensure that Az

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate bot force-pushed the renovate/checkov-3.x branch 4 times, most recently from 5ea9214 to 2b25a61 Compare June 23, 2024 22:41

renovate bot force-pushed the renovate/checkov-3.x branch 9 times, most recently from b85bae5 to ef3a72f Compare July 1, 2024 14:28

renovate bot force-pushed the renovate/checkov-3.x branch 10 times, most recently from a84b545 to b2aef53 Compare July 9, 2024 10:27

renovate bot force-pushed the renovate/checkov-3.x branch 7 times, most recently from c376ea5 to 53f3b7d Compare July 14, 2024 11:54

renovate bot force-pushed the renovate/checkov-3.x branch 7 times, most recently from abaa4a3 to 55b89d3 Compare November 10, 2024 16:17

renovate bot force-pushed the renovate/checkov-3.x branch 12 times, most recently from a040dff to 1c23560 Compare November 18, 2024 11:13

renovate bot force-pushed the renovate/checkov-3.x branch 8 times, most recently from bab2a23 to 693a297 Compare November 25, 2024 10:24

renovate bot force-pushed the renovate/checkov-3.x branch from 693a297 to edf7146 Compare November 26, 2024 14:01

Update dependency checkov to v3

efbef5f

renovate bot force-pushed the renovate/checkov-3.x branch from edf7146 to efbef5f Compare November 27, 2024 15:52

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependency checkov to v3 #22

Update dependency checkov to v3 #22

renovate bot commented Jun 17, 2024 •

edited

Loading

Update dependency checkov to v3 #22

Are you sure you want to change the base?

Update dependency checkov to v3 #22

Conversation

renovate bot commented Jun 17, 2024 • edited Loading

Release Notes

Feature

Bug Fix

Feature

Bug Fix

Bug Fix

Bug Fix

Bug Fix

Feature

Bug Fix

Bug Fix

Feature

Bug Fix

Feature

Bug Fix

Feature

Bug Fix

Feature

Bug Fix

Bug Fix

Feature

Bug Fix

Bug Fix

Documentation

Bug Fix

Bug Fix

Bug Fix

Bug Fix

Feature

Bug Fix

Feature

Feature

Bug Fix

Feature

Feature

Feature

Bug Fix

Bug Fix

Bug Fix

Feature

Bug Fix

Documentation

Bug Fix

Feature

Bug Fix

Feature

Bug Fix

Feature

Bug Fix

Feature

Feature

Feature

Feature

Bug Fix

Feature

Feature

Bug Fix

renovate bot commented Jun 17, 2024 •

edited

Loading