chore(deps): update checkov-patch to v3.2.179
This MR contains the following updates:
| Package | Update | Change |
|---|---|---|
| bridgecrewio/checkov | patch |
3.2.39 -> 3.2.179
|
| checkov | patch |
3.2.39 -> 3.2.179
|
Release Notes
bridgecrewio/checkov (bridgecrewio/checkov)
v3.2.179
Feature
- arm: add CKV_AZURE_206 to ensure that Storage Accounts use replication - #6524
- arm: BCE-33785 Support Azure Synapse Analytics policies - #6513
v3.2.177
Bug Fix
- sast: fix cdk policies - #6552
v3.2.175
Feature
- arm: AzureSearchSQLQueryUpdates - #6543
v3.2.174
Feature
- arm: add CKV_AZURE_172 to ensure autorotation of Secrets Store CSI Driver secrets for AKS clusters - #6533
- arm: add CKV_AZURE_173 to ensure that API management uses at least TLS 1.2 - #6478
- arm: AppServicePlanZoneRedundant - #6472
- arm: AzureSearchSLAIndex - #6530
- arm: SQLDatabaseZoneRedundant - #6515
- azure: add new policies for Azure Synapse - #6520
- general: update detect secrets package - #6535
v3.2.171
Feature
- arm: add CKV_AZURE_171 to ensure that AKS cluster upgrade channel is chosen - #6532
- arm: add CKV_AZURE_175 to ensure that Web PubSub uses a SKU with an SLA - #6523
- arm: add CKV_AZURE_178 to ensure that linux VM enables SSH with keys for secure communication - #6486
- arm: add CKV_AZURE_85 to ensure that Azure Defender is set to On for Kubernetes - #6279
- arm: CKV_AZURE_99 to Ensure Cosmos DB accounts have restricted access - #6498
- arm: DataFactoryNoPublicNetworkAccess - #6479
- arm: DataLakeStoreEncryption - #6516
- arm: EventHubNamespaceMinTLS12 - #6485
Bug Fix
- openapi: [CKV_OPENAPI_3] Prevent false-positive when checking for http+!basic - #6406
- terraform_json: support locals block in CDKTF output - #6452
- terraform: Deprecate CKV2_AWS_67 - #6529
v3.2.164
Documentation
- general: Add Python note - #6521
v3.2.163
Feature
- arm: add CKV_AZURE_174 to ensure that API management public access is disabled - #6480
- arm: AppServicePHPVersion - #6436
- arm: AppServicePublicAccessDisabled - #6467
- arm: KeyVaultEnablesPurgeProtection - #6465
- arm: PubsubSpecifyIdentity - #6483
v3.2.159
Bug Fix
-
arm: fix CKV_AZURE_78:
siteConfigobject should be underproperties- #6477 - general: Mypy issues - #6510
- terraform: ignore comment out modules - #6507
v3.2.156
Feature
- arm: add CKV_AZURE_129 Ensure that MariaDB server enables geo-redundant backups - #6427
- arm: add CKV_AZURE_137 Ensure ACR admin account is disabled - #6430
- arm: add CKV_AZURE_139 Ensure ACR set to disable public networking - #6428
- arm: add CKV_AZURE_166 Ensure container image quarantine, scan, and mark images verified - #6431
- arm: add CKV_AZURE_168 to ensure that Azure Kubernetes Cluster (AKS) nodes should use a minimum number of 50 pods - #6385
- arm: add CKV_AZURE_45 to ensure that no sensitive credentials are exposed in VM custom_data - #6422
- arm: add CKV_AZURE_70 to ensure that Function apps is only accessible over HTTPS - #6457
- arm: ARM AppServiceSlotDebugDisabled - CKV_AZURE_155 - #6453
- arm: ARM AppServiceSlotHTTPSOnly - #6454
- arm: ARM VnetLocalDNS - #6424
- arm: PostgressSQLGeoBackupEnabled - #6456
- arm: StorageAccountName - #6426
- secrets: dont filter secrets - #6508
Bug Fix
- azure: fix description of CKV_AZURE_236 - #6503
- kubernetes: Fix CKV_K8S_31 for CronJobs - #6506
- sca: fix parsing json with comments - #6509
- terraform: CKV_AWS_339 add Kubernetes 1.30 to AWS EKS version checks - #6353
- terraform: remove print from CKV_AWS_364 - #6504
v3.2.145
Documentation
- general: Note for feature requests - #6497
v3.2.144
Bug Fix
- kubernetes: ensure seccompProfile is set to RuntimeDefault for all containers in deployments and similar resources - #6459
- terraform: Add more conditions for CKV_AWS_70 - #6464
v3.2.141
Bug Fix
- secrets: dedup secrets history values - #6462
v3.2.140
Feature
- azure: fix ckv_azure_189 according to docs - #6413
Bug Fix
- sca: Support parsing json with comments - #6466
Documentation
- general: fix pre-commit link - #6433
v3.2.138
Feature
- graph: support creation of resource type allow/deny lists - #6451
Bug Fix
- terraform: Fix name of CKV2_AWS_67 to be more clear - #6434
- terraform: Fix when apt is in rm statement - #6437
- terraform: Update CKV_AWS_224 title - #6435
v3.2.136
Bug Fix
- arm: Correct AzureMLWorkspacePrivateEndpoint rule check logic - #6432
- general: removed references Putin references - #6445
v3.2.133
Feature
- general: add AI_AND_ML to CheckCategories - #6423
Bug Fix
- sast: Update CKV IDs for CDK policies - #6415
v3.2.130
Feature
- arm: add CKV_AZURE_135 to ensure Application Gateway WAF prevents message lookup in Log4j2. - #6364
- arm: add CKV_AZURE_140 to ensure that Local Authentication is disabled on CosmosDB - #6329
- arm: add CKV_AZURE_163 Enable vulnerability scanning for container images - #6339
- arm: add MariaDbPublicAccessDisabled convert policy to arm - #6246
- arm: AKSLocalAdminDisabled - #6334
- arm: AppServiceFTPSState - #6363
- arm: AzureServiceFabricClusterProtectionLevel - #6366
- arm: ensure ACR disables anonymous pulling of images (CKV_AZURE_138) - #6373
- arm: KeyVaultDisablesPublicNetworkAccess - #6342
- arm: PostgreSQLServerPublicAccessDisabled - #6330
- terraform: extract image referencers for AWS SageMaker - #6408
Bug Fix
- ansible: add dict check in create_tasks_vertices - #6417
v3.2.128
Feature
- azure: drop support for dotnet v7.0 - #6383
- general: Image Referencer should not run for CI workflow files - #6386
- secrets: Add _prioritise_secrets by 3 levels of severity - #6390
- terraform: add 5 policies - #6401
- terraform: add 6 policies - #6396
- terraform: add fix for ckv_aws_300 - #6404
- terraform: add fix for not contains solver - #6389
Bug Fix
- ansible: filter conf if its int or float - #6409
- general: add try except gihub_action read file - #6411
- general: bitbucket integration test failure - #6407
- general: CKV2_AZURE_50 generates false positive azurerm_storage_account violations - #6391
- sast: add log for sast on windows - #6397
v3.2.125
Feature
- arm: Add check for AzureML workspace not configured with private endpoint - #6387
v3.2.124
Feature
- azure: Add policy to ensure proper AzureML Workspace network access - #6362
- azure: Ensure Azure Storage Account storing Machine Learning workspace high business impact data is not publicly accessible - #6368
v3.2.122
Feature
- arm: AppServicePythonVersion - 82 check the 'python version' is the latest, if used to run the web app - #6282
v3.2.121
Feature
- terraform: AWS SageMaker notebook instance KMS Key - #6374
- terraform: CognitiveServicesConfigureIdentity - new check - #6378
- terraform: Ensure that Cognitive Services accounts enable local authentication - new check - #6377
v3.2.119
Feature
- arm: add FunctionAppsEnableAuthentication - Checking if a certain field exists - #6250
- terraform: Add more conditions to CKV_AWS_70 - #6371
- terraform: Added the CKV2_AWS_68 Check for TF and CFN - #6369
Bug Fix
- ansible: set task as ansible vertices config - #6376
- terraform: for_each/count attribute wasn't rendering if referencing a dynamic variable of a higher level module - #6372
v3.2.112
Feature
- terraform: Add provider address to resources - #6266
- terraform: Support for count & for_each in data blocks - #6359
Bug Fix
- terraform: Fix an issue for loading tfvars + issue in the dynamic rendering - #6360
v3.2.108
Bug Fix
- sast: don't scan hidden files - #6349
v3.2.107
Bug Fix
- terraform: Handle registry modules with a version in CKF_TF_2 - #6354
v3.2.106
Feature
- arm: Ensure Databricks Workspace data plane to control plane co… - #6319
- general: TF and ARM - Ensure that Databricks Workspaces enable… - #6313
- secrets: Bump detect-secrets - #6346
v3.2.105
Feature
- arm: add AppServiceJavaVersion - #6258
- arm: add CKV_AZURE_145 to check that the function app uses the latest version of TLS encryption - #6323
- arm: add CKV_AZURE_218 to ensure that Application Gateway defines secure protocols for in transit communicationApp gw defines secure protocols - #6320
- arm: add CKV_AZURE_54 to ensure Enforce a minimal Tls version for the server - #6270
- arm: add CKV_AZURE_71 to Ensure that Managed identity provider is enabled for web apps - #6272
- arm: add CKV_AZURE_72 to ensure that remote debugging is not enabled for app services - #6281
- arm: AzureDefenderOStorage - #6269
- arm: MySQLPublicAccessDisabled-Azure MySQL: Restrict Public Access - #6263
- arm: StorageSyncPublicAccessDisabled - #6331
- secrets: eliminate false positives in entropy keyword combinator detector - #6327
Bug Fix
v3.2.100
Feature
v3.2.98
Bug Fix
- terraform: Remove invalid CIDRs in CKV2_AWS_44 - #6301
v3.2.97
Feature
- arm: add CKV_AZURE_73 to ensure that Automation account variables are encrypted - #6271
- arm: add CKV_AZURE_76 to ensure that Azure Batch account uses key vault to encrypt data - #6280
- arm: add FunctionAppDisallowCORS - password correctness check - #6248
- arm: ARM FunctionAppHttpVersionLatest policy - #6244
- arm: CKV_AZURE_74 to Ensure that Azure Data Explorer (Kusto) uses disk encryption - #6273
- arm: MSSQLServerMinTLSVersion - #6245
v3.2.95
Bug Fix
- terraform: handle module source tag ref when it is not the first parameter - #6314
v3.2.94
Bug Fix
- sast: fix random test sast js - #6315
Platform
- general: Double-Encode URI for RelayState Parameter - #6302
v3.2.92
Feature
Bug Fix
- secrets: secret_filter_block_list filter by file name and suffixes - #6285
- secrets: secret_filter_block_list filter by file name and suffixes 2 - #6306
Platform
- general: Fix policy.name to use the spaces as specified on CLI. - #6296
v3.2.91
Feature
- secrets: bump bc-detect-secrets to 1.5.10 - #6297
v3.2.90
Feature
Bug Fix
- ansible: fix ansible definitions raw type - #6292
Platform
- ansible: add set definitions raw to ansible runner - #6286
- general: Handle SAST suppressions (suppressions V2) - #6109
Documentation
- general: add RENDER_EDGES_DUPLICATE_ITER_COUNT to docs - #6291
- general: Update README links for PyPi - #6231
v3.2.85
Platform
- ansible: add missing arg to ansible runner - #6276
v3.2.84
Feature
- sast: Enable cdk ts integraion test - #6158
Bug Fix
v3.2.82
Feature
- github: add summary message in github_failed_only output - #6131
- sast: add ts checks to python pack - #6261
- sast: run all cdk integration test - #6256
Bug Fix
- general: fix changed serif path - #6251
v3.2.79
Feature
- sast: Add 10 TS CDK - #6194
- sast: add typescript - DONT MERGE - #6193
- sast: Filter js files generate by ts - #6220
- secrets: bump bc-detect-secrets 1.5.9 - #6205
- terraform: Add GCP policy - #6177
- terraform: Add resource attributes to jsonify - #6203
- terraform: Ensure dedicated data endpoints are enabled - #6188
- terraform: support provider in tf_plan graph - #6195
- terraform: Update CloudArmorWAFACLCVE202144228.py - #6217
Bug Fix
- general: add print to random test - #6229
- general: fix integration test in build - #6227
- general: fix integration tests - #6207
- kubernetes: Update checkov-job.yaml - #5985
- sca: remove old test for the depracated workflow github-action - #6232
- terraform_plan: Edges not created because of indexing in resource["address"] when resources in modules use count - #6145
- terraform: CKV_AWS_23 rule description fixed for clarity - #5993
- terraform: Fix CKV_AWS_358 to handle plan files - #6202
Platform
- ansible: add create_definitions function for ansible framework - #6225
Documentation
v3.2.74
Feature
- general: Update range includes to handle lists of ranges and lists of values - #6192
v3.2.73
Feature
- sast: TypeScript cdk policies p7 - #6186
v3.2.72
Feature
- bicep: Add bicep version of policy - #6191
v3.2.71
Feature
- sca: support licenses custom policies enforcement rules - #6173
v3.2.70
Feature
- sast: Add 5 cdk for TS - #6179
Bug Fix
- sast: fix skipped_checks paths before upload to the platform - #6183
v3.2.68
Feature
- sast: adding extended code block - #6178
- sca: using the new api license/get-licenses-violations instead of packages/get-licenses-violations (which is deprecated) - #6174
Bug Fix
- sca: Revert "feat(sca): using the new api license/get-licenses-violations … - #6176
v3.2.65
Bug Fix
- sast: save suppress_comment for sast inline suppressions - #6171
- secrets: Azure Storage Key detector updates in bc-detect-secrets 1.5.7 - #6168
v3.2.63
Feature
- sast: CDK TS policies p2 - #6165
v3.2.60
Feature
Bug Fix
- terraform: Fix conditional expression evaluation logic with compare - #6160
- terraform: Fixed flaky test for CKV_AWS_356 - #6162
v3.2.55
Feature
- sast: Adding typescript cdk part 6 paz - #6149
Bug Fix
- sca: enabling suppression in the cli-output for IR-files and dockerfiles - #6148
v3.2.53
Feature
- terraform: support s3 bucket name for references in graph - #6134
v3.2.52
Feature
- general: Update the releases' zip file names to be generic - #6141
v3.2.51
Feature
- general: add policy metadata filter exception flag - #6132
v3.2.50
Bug Fix
- general: remove limitation of resource and provider in tf.json file - #6133
v3.2.49
Bug Fix
- general: pin the version of schema to <=0.7.5 - #6125
v3.2.47
Feature
- secrets: bump manually bc-detect-secrets - #6120
- terraform: add fix for when tf_def is a string - #6121
v3.2.45
Feature
- terraform: fix for_each resource handling - #6119
v3.2.44
Bug Fix
- sca: Fix suppression integration crashing if licenseTypes is missing - #6117
v3.2.43
Bug Fix
- terraform: Fixed bug in evaluate_conditional_expression and added zipmap support - #6106
v3.2.42
Feature
- sast: support sast skipped checks - #6095
Bug Fix
- secrets: ignore secret check in test file - #6105
Platform
- general: handle API errors with more detail - #6107
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.
Edited by Soos