chore(deps): update checkov-major to v3 (major)
This MR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| bridgecrewio/checkov | major |
2.5.18 -> 3.1.60
|
|
| bridgecrewio/checkov | repository | major |
2.5.20 -> 3.1.60
|
| checkov | major |
2.5.18 -> 3.1.60
|
Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.
Release Notes
bridgecrewio/checkov (bridgecrewio/checkov)
v3.1.60
Bug Fix
- sast: fix relative paths in sast cdk reports - #5932
- sast: fix sast cdk code location paths - #5938
- terraform: CKV_GCP_79 Upgrade CloudSQL SQLSERVER major version to 2022 - #5936
- terraform: Improved bad performance pathlib check - #5939
v3.1.57
Bug Fix
- general: fix multiprocess abilities - #5887
- general: fixing hidden dependencies & state breaking tests - #5911
- general: Reenabling cdk-integration-tests - #5922
v3.1.55
Bug Fix
- terraform: Support "pass_prefix_list" for SG ingress rules correctly - #5918
v3.1.54
Bug Fix
- general: temporary disable runtime config - #5921
v3.1.53
Feature
- terraform: node pools should be configured separately from a cl… - #5916
Bug Fix
- terraform: handle no action in aws_dlm_lifecycle_policy - #5905
v3.1.51
- no noteworthy changes
v3.1.50
Feature
- sast: Add sast metadata to sast report - #5910
- terraform: Add various vertex related policies - #5898
Bug Fix
v3.1.46
Feature
- terraform: CLI output - add indication if repository was discovered In a running environment - #5908
Bug Fix
- sast: add missing field in MatchMetadata - #5907
v3.1.44
Feature
- sast: add dataflow to checkov report from sast - #5892
v3.1.43
Feature
- terraform: add CKV2_AZURE_47, ensure storage account is configured without blob anonymous access - #5888
- terraform: Ensure SES Configuration Set enforces TLS usage - #5891
Bug Fix
- terraform: pod security policy removed in GKE 1.25 - #5675
v3.1.42
Feature
- sast: Split sast and cdk reports - #5889
Bug Fix
- terraform: Fix CKV_Azure_234 - #5886
v3.1.40
Feature
- terraform_plan: Add PY graph checks for tf plan - #5875
Bug Fix
- terraform: Remove CKV_AWS_188 as dupe - #5884
v3.1.38
Feature
- sast: add integration test platform report - #5856
- sast: python Cdk policies batch 3 - #5820
- sast: python Cdk policies batch 4 - #5857
Bug Fix
- sast: add save local sast report to run integration script - #5863
v3.1.34
Feature
- terraform: Used parallel run to run all split_graph iterations - #5840
v3.1.33
Feature
- general: anchor cyclonedx to last non breaking version - #5846
- general: Revert pipfile lock changes - #5848
- sast: add back commented checks - #5851
Bug Fix
- sast: fix reachability with no regular matches - #5847
- sca: not printing reachability data for lines without cves - #5849
v3.1.29
Feature
- terraform: fix for check VPCPeeringRouteTableOverlyPermissive and add tests - #5837
Bug Fix
- sast: fix sast report format - #5811
v3.1.27
Feature
- secrets: used 10 characters in secret violation - #5835
v3.1.26
Bug Fix
- general: check both path types for suppression - #5834
- terraform: Fix range issue in OCI RDP check - #5832
v3.1.24
Bug Fix
- sca: Update the log level of specific logs - #5828
- terraform: CKV_GCP_26 Added additional google_compute_subnetwork purposes that do not support flow logs - #5812
- terraform: Fix CKV_GCP_30 for unknown service account - #5818
- terraform: Fixed to_dict of terraform block regarding source_module_object - #5822
v3.1.21
Feature
- ansible: add CKV_PAN_17 - Check for src and dst zone any - #5803
- sast: sast enabled from integration - #5780
- terraform: Adding Python based build time policies for corresponding PC runtime policies - #5762
- terraform: Adding YAML based build time policies for corresponding PC runtime policies - #5810
v3.1.20
Platform
- general: handle the updated on prem response from the platform - #5809
v3.1.19
Feature
- sca: Using alias data from assets.json for giving Package Used indication for aliased packages - #5808
v3.1.18
Bug Fix
- terraform: Add source_module_object to blocks from_dict func - #5806
v3.1.17
Feature
- ansible: PAN-OS IPsec checks - #5802
v3.1.15
Feature
- ansible: add CKV_PAN_16 PAN-OS BPA Check for session log at start - #5794
- sast: Add alias data to imports assets - #5788
Bug Fix
- bicep: Update AppServiceHttps20Enabled to consider newer ApiVersion - #5795
v3.1.11
Bug Fix
- general: Policy metadata API fixes - #5761
v3.1.9
Bug Fix
- gha: Update GitHub Actions Workflow Schema #5742 - #5759
- terraform_plan: load terraform registry checks when using terraform plan - #5778
- terraform: Ensure HTTPS in Azure Function App and App Slots - #5766
Platform
- general: do not display an auth error when the runconfig endpoint returns a 500 - #5779
v3.1.4
Feature
- terraform: CLI output - add indication if repository was discovered In a running environment - #5908
Bug Fix
- sast: add missing field in MatchMetadata - #5907
v3.0.40
Bug Fix
- terraform_plan: TF plan resources connection fix - #5767
v3.0.38
Feature
- terraform: Adding YAML based build time policies for corresponding PC runtime policies - #5714
v3.0.37
Bug Fix
- terraform: fix valid value for aws keyspaces_table encryption_specification type - #5756
v3.0.36
Bug Fix
- terraform: check min TLS version also on azure app slots - #5753
v3.0.34
Feature
- general: add possibility to change parallelization type - #5737
Bug Fix
- cloudformation: ignore unresolved references in CKV_AWS_45 - #5747
v3.0.32
Feature
- sast: Python cdk policies batch 2 - #5725
Bug Fix
-
general: add option to pass
--skip-downloadwith github-action - #5734
Platform
- general: print the log upload location if the --support flag is used - #5738
v3.0.28
Bug Fix
- terraform: Adding both azurerm_linux_web_app_slot & azurerm_windows_web_app_slot in scope of the test CKV_AZURE_153 - #5687
Documentation
- general: Switch references to Bridgecrew with Prisma Cloud - #5704
v3.0.25
Bug Fix
- general: do not require a repo ID when using an API key and --list - #5726
v3.0.24
Feature
- sast: add new python CDK policies - #5706
- terraform: Ensure that only critical system pods run on system nodes - #5665
v3.0.21
Feature
- terraform: Ensure App Service Environment is zone redundant - #5662
- terraform: Ensure that Standard Replication is enabled - #5649
Bug Fix
- sca: Setting only relevant cves for the extracted reachable functions with risk factor of ReachableFunction as True - #5715
- terraform: CKV_AWS_208 valid Amazon MQ versions - #5653
v3.0.19
Feature
- sca: adjusting the cli-output to support indicating of reachable functions - #5713
- terraform: Adding YAML based build time policies for corresponding PC runtime policies - #5637
- terraform: bigtable deletion protection [depends on #5625] - #5626
- terraform: drop and deletion checks for spanner - #5625
Bug Fix
- sast: add cveid to reachability report - #5708
v3.0.16
Feature
- sca: Extending reachability post-runner in checkov and enriching cves with ReachableFunction data - #5707
v3.0.15
Bug Fix
- general: fix duplicate components in CycloneDX report - #5705
v3.0.14
Bug Fix
- general: address python 3.12 SyntaxWarning - #5699
- terraform: fix variable rendering for foreach resources with dot included names - #5701
v3.0.13
Bug Fix
- sast: comment out SAST JS integration test - #5697
v3.0.12
Bug Fix
- general: Fix sast & cdk integration tests - #5688
- sast: Adding exit code in sast integration test - #5690
- sast: adjust SAST file pattern search - #5694
- sast: fix sast reachability report format - #5686
- terraform: Fixing the typo within the name of the Terraform check CKV_AZURE_158 - #5696
Platform
- general: Do not crash the run if S3 integration fails during setup, upload, or finalize - #5691
v3.0.7
Bug Fix
- secrets: fix secret FP of client_secret_setting_name - #5679
Platform
- general: Add SAST enforcement rules and check severity thresholds - #5684
- general: do not get fixes for on prem integrations - #5668
v3.0.4
Bug Fix
- terraform_plan: TF plan resources connection fix - #5767
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.
Edited by Renovate Bot