Releases: bridgecrewio/checkov
Releases · bridgecrewio/checkov
3.2.145
Documentation
- general: Note for feature requests - #6497
3.2.144
Bug Fix
- kubernetes: ensure seccompProfile is set to RuntimeDefault for all containers in deployments and similar resources - #6459
- terraform: Add more conditions for CKV_AWS_70 - #6464
3.2.141
Bug Fix
- secrets: dedup secrets history values - #6462
3.2.140
Feature
- azure: fix ckv_azure_189 according to docs - #6413
Bug Fix
- sca: Support parsing json with comments - #6466
Documentation
- general: fix pre-commit link - #6433
3.2.138
Feature
- graph: support creation of resource type allow/deny lists - #6451
Bug Fix
- terraform: Fix name of CKV2_AWS_67 to be more clear - #6434
- terraform: Fix when apt is in rm statement - #6437
- terraform: Update CKV_AWS_224 title - #6435
3.2.136
Bug Fix
- arm: Correct AzureMLWorkspacePrivateEndpoint rule check logic - #6432
- general: removed references Putin references - #6445
3.2.133
Feature
- general: add AI_AND_ML to CheckCategories - #6423
Bug Fix
- sast: Update CKV IDs for CDK policies - #6415
3.2.130
Feature
- arm: add CKV_AZURE_135 to ensure Application Gateway WAF prevents message lookup in Log4j2. - #6364
- arm: add CKV_AZURE_140 to ensure that Local Authentication is disabled on CosmosDB - #6329
- arm: add CKV_AZURE_163 Enable vulnerability scanning for container images - #6339
- arm: add MariaDbPublicAccessDisabled convert policy to arm - #6246
- arm: AKSLocalAdminDisabled - #6334
- arm: AppServiceFTPSState - #6363
- arm: AzureServiceFabricClusterProtectionLevel - #6366
- arm: ensure ACR disables anonymous pulling of images (CKV_AZURE_138) - #6373
- arm: KeyVaultDisablesPublicNetworkAccess - #6342
- arm: PostgreSQLServerPublicAccessDisabled - #6330
- terraform: extract image referencers for AWS SageMaker - #6408
Bug Fix
- ansible: add dict check in create_tasks_vertices - #6417
3.2.128
Feature
- azure: drop support for dotnet v7.0 - #6383
- general: Image Referencer should not run for CI workflow files - #6386
- secrets: Add _prioritise_secrets by 3 levels of severity - #6390
- terraform: add 5 policies - #6401
- terraform: add 6 policies - #6396
- terraform: add fix for ckv_aws_300 - #6404
- terraform: add fix for not contains solver - #6389
Bug Fix
- ansible: filter conf if its int or float - #6409
- general: add try except gihub_action read file - #6411
- general: bitbucket integration test failure - #6407
- general: CKV2_AZURE_50 generates false positive azurerm_storage_account violations - #6391
- sast: add log for sast on windows - #6397
3.2.125
Feature
- arm: Add check for AzureML workspace not configured with private endpoint - #6387