chore(deps): update pre-commit hook bridgecrewio/checkov to v2.5.20
This MR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| bridgecrewio/checkov | repository | minor |
2.3.358 -> 2.5.20
|
View the Renovate pipeline for this MR
Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.
Release Notes
bridgecrewio/checkov (bridgecrewio/checkov)
v2.5.20
v2.5.19
v2.5.18
Feature
- general: Adds GHA support for skip-frameworks, skip-cve-package & output-bc-ids flags - #5619
- terraform: Ensure that the SQL database is zone-redundant - #5540
- terraform: Ensure the Azure Event Hub Namespace is zone redundant - #5538
Bug Fix
- bicep: enforce encryption flag to be string for CKV_AZURE_97 - #5669
- terraform_plan: Add provisioners to TF Plan parser - #5622
v2.5.17
v2.5.16
v2.5.15
Feature
- terraform: Support for merge func inside jsondecode - #5656
Bug Fix
- sca: make the abs path to be correcnt - #5660
v2.5.14
v2.5.13
Feature
- arm: implement CKV_AZURE_103 for ARM - #5527
- arm: implement CKV_AZURE_96 for ARM - #5506
- arm: implement CKV_AZURE_97 for ARM - #5515
Bug Fix
- terraform: Added a check to make sure dynamic "blocks" are of the expected type - #5642
- terraform: update CKV_AWS_339 valid EKS versions - #5652
v2.5.12
v2.5.11
Feature
- sca: giving file path on relative the the current dir for cases there is no either specified root_folder and the is no repo scan dir - #5654
v2.5.10
Feature
- terraform: support scanning of Terraform managed modules instead of downloading them - #5635
Bug Fix
- terraform: Fixing issues with checks CKV_AZURE_226 & CKV_AZURE_227 - #5638
v2.5.9
Feature
- sca: support case where there are no cves suppressions - #5636
v2.5.8
Feature
- general: Remove code upload for on-prem integrations - #5624
v2.5.7
v2.5.6
Feature
Bug Fix
- terraform_plan: add azurerm_portal_dashboard to jsonify list - #5618
- terraform: check if the dynamic name is one of the resources block - #5607
v2.5.5
v2.5.4
v2.5.3
Breaking Change
- general: remove Python 3.7 - #5605
- graph: remove CHECKOV_CREATE_GRAPH env var to control graph creation - #5606
Bug Fix
- dockerfile: fix Docker image scan - #5617
- openapi: Take into account that security is at the root level of your OpenAPI specification. - #5603
- terraform: stop CKV_GCP_43 crashing when not a string - #5561
v2.5.2
v2.5.1
Feature
- general: Adds GHA support for skip-frameworks, skip-cve-package & output-bc-ids flags - #5619
- terraform: Ensure that the SQL database is zone-redundant - #5540
- terraform: Ensure the Azure Event Hub Namespace is zone redundant - #5538
Bug Fix
- bicep: enforce encryption flag to be string for CKV_AZURE_97 - #5669
- terraform_plan: Add provisioners to TF Plan parser - #5622
v2.5.0
v2.4.61
Bug Fix
- terraform: fix upload resource_subgraph_maps - #5615
Platform
- terraform: Upload resource subgraph map - #5612
v2.4.60
v2.4.59
Platform
- terraform: fix in subgraphs uploads - #5610
v2.4.58
Platform
- terraform: upload tf sub graphs - #5596
v2.4.57
Feature
- terraform: Ensure ephemeral disks are used for OS disks - #5584
- terraform: Ensure that App Service plan is zone redundant - #5577
- terraform: Ensure that the AKS cluster encrypt temp disks, caches, and data flows between Compute and Storage resources - #5588
v2.4.56
v2.4.55
Feature
- general: Add image referencer rustworkx support - #5564
- general: Add rustworkx support - #5595
- terraform: Adding 2 new AWS policies - #5599
- terraform: simply IMDSv2 checks - #5601
v2.4.54
v2.4.53
v2.4.52
v2.4.51
Feature
Bug Fix
- terraform: Adding missing null checks - #5589
v2.4.50
Feature
v2.4.49
v2.4.48
Platform
- general: expose retry and timeout configuration for interaction with the platform - #5585
v2.4.47
Feature
- sca: creating alias mapping for javascript - #5567
- sca: creating alias mapping for javascript - #5582
- sca: revert creating alias mapping for javascript - #5581
Bug Fix
- general: fix print to encode in windows - #5572
- terraform: Nested source_module_objects with missing foreach key - #5580
v2.4.46
v2.4.45
v2.4.44
v2.4.43
v2.4.42
v2.4.41
v2.4.40
v2.4.39
Feature
- arm: implement CKV2_AZURE_27 for arm - #5534
- terraform: Add new policy for deprecated runtimes - #5555
- terraform: Ensure Event Hub Namespace uses at least TLS 1.2 - #5535
- terraform: Ensure that the Ledger feature is enabled on database that requires cryptographic proof and nonrepudiation of data integrity - #5541
v2.4.38
v2.4.37
v2.4.36
Feature
- general: add rustworkx - #5511
Bug Fix
- terraform: Module from_dict func to static func - #5562
v2.4.35
v2.4.34
v2.4.33
Feature
- general: attempt to fix overload in loaders and add tests - #5549
- general: remove 3.7 integ. test - #5556
- general: remove line to force code change - #5558
- terraform: add check Neptune DB clusters should be configured to copy tags to snapshots - #5552
- terraform: add CKV_AWS_361 to ensure Neptune DB cluster has adequate backup retention - #5548
Bug Fix
- terraform: Fix external_modules_source_map serialization - #5546
v2.4.32
Feature
- terraform: add check for Neptune DB clusters IAM database auth enabled - #5545
- terraform: add CKV_AWS_360 to ensure backup retention period on AWS Document DB - #5547
v2.4.31
v2.4.30
Feature
- terraform: add public network checks for Azure Function and Web Apps - #5533
v2.4.29
Feature
- arm: Implement CKV_AZURE_111 in ARM - #5528
- arm: implement CKV_AZURE_134 for ARM - #5518
- arm: implement CKV_AZURE_160 for arm - #5526
- arm: implement CKV_AZURE_89 for ARM - #5529
Bug Fix
- terraform: CKV_AWS_208 bug fix - #5512
v2.4.28
v2.4.27
Feature
v2.4.26
v2.4.25
Feature
- arm: Implement CKV_AZURE_101 for ARM - #5516
- arm: implement CKV_AZURE_107 for arm - #5514
- arm: implement CKV_AZURE_113 for ARM - #5510
v2.4.24
v2.4.23
v2.4.22
Feature
- arm: implement CKV_AZURE_112 for arm - #5507
- arm: implement CKV_AZURE_40 for ARM - #5499
- arm: implement CKV_AZURE_58 for ARM - #5497
- arm: implement CKV_AZURE_94 for arm - #5508
Bug Fix
- helm: Changed error message to failure to better differentiate problems - #5517
- terraform_json: correctly parse data blocks in Terraform JSON - #5509
- terraform: continue processing of TF modules in the same file - #5503
- terraform: fix error type - #5513
v2.4.21
v2.4.20
v2.4.19
v2.4.18
Feature
- arm: implement CKV_AZURE_100 for arm - #5490
- arm: implement CKV_AZURE_114 for arm - #5489
- arm: implement CKV_AZURE_130 for arm - #5485
- arm: implement CKV_AZURE_151 for arm - #5484
Bug Fix
- arm: correctly handle json files with comments and output parsing errors - #5495
v2.4.17
v2.4.16
v2.4.15
v2.4.14
Feature
- arm: CKV_AZURE_66 implement config logging check for arm - #5464
- arm: convert CKV_AZURE_65 to arm - #5467
- arm: Implement CKV_AZURE_109 in arm - #5483
- arm: implement CKV_AZURE_63 for arm - #5475
- arm: implement CKV_AZURE_80 in arm - #5476
- secrets: fix resource in git history scan - #5482
Bug Fix
v2.4.13
v2.4.12
v2.4.11
v2.4.10
Feature
- arm: migrate check CKV_AZURE_50 to arm - #5453
- arm: translate tf CKV_AZURE_93 check to arm - #5450
- kubernetes: Added new endpoint for both helm and kustomize - #5481
Bug Fix
- dockerfile: consider platform flag in CKV_DOCKER_7 - #5468
- kustomize: support kubectl 1.28+ - #5480
v2.4.9
v2.4.8
v2.4.7
Feature
- secrets: handle non iac secrets FP - #5478
v2.4.6
Bug Fix
- terraform: fix upload resource_subgraph_maps - #5615
Platform
- terraform: Upload resource subgraph map - #5612
v2.4.5
Platform
- terraform: fix in subgraphs uploads - #5610
v2.4.4
Platform
- general: expose retry and timeout configuration for interaction with the platform - #5585
v2.4.3
Feature
- arm: implement CKV2_AZURE_27 for arm - #5534
- terraform: Add new policy for deprecated runtimes - #5555
- terraform: Ensure Event Hub Namespace uses at least TLS 1.2 - #5535
- terraform: Ensure that the Ledger feature is enabled on database that requires cryptographic proof and nonrepudiation of data integrity - #5541
v2.4.2
Feature
- arm: Implement CKV_AZURE_111 in ARM - #5528
- arm: implement CKV_AZURE_134 for ARM - #5518
- arm: implement CKV_AZURE_160 for arm - #5526
- arm: implement CKV_AZURE_89 for ARM - #5529
Bug Fix
- terraform: CKV_AWS_208 bug fix - #5512
v2.4.1
Feature
- arm: implement CKV_AZURE_100 for arm - #5490
- arm: implement CKV_AZURE_114 for arm - #5489
- arm: implement CKV_AZURE_130 for arm - #5485
- arm: implement CKV_AZURE_151 for arm - #5484
Bug Fix
- arm: correctly handle json files with comments and output parsing errors - #5495
v2.4.0
v2.3.366
v2.3.365
Feature
- terraform: Removed most usages of enable_nested_modules - #5415
v2.3.364
Feature
- sca: update spdx-tools dep to version 0.8.0 and lower bound it - #5431
- terraform: Add address field on vertices even if render_variables is set to False - #5434
Bug Fix
- terraform: add new attached resource possibility to CKV2_AWS_23 #5424 - #5429
- terraform: fix ordering issue in CKV_AWS_358 - #5425
v2.3.363
v2.3.362
v2.3.361
Bug Fix
- arm: improve CKV_AZURE_24 check - #5427
v2.3.360
Bug Fix
- general: Fix empty credentials file issue - #5421
v2.3.359
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.
Edited by renovate-bot token