checkov

Bug Fix

• terraform: Replaced / with os.pathsep to support windows better in terraform runner - #5473

Documentation

• terraform: make jq default - #5462

Bug Fix

• terraform: Fix for-each/count updating inner for each index for every child resource - #5463

Platform

• sca: Filter IR FW upload results by supportedIrFw list - #5448

Feature

• dockerfile: Add CKV2_DOCKER_17 for chpasswd - #5441

Bug Fix

• kustomize: Fix kustomize ignoring external policy dir command line options - #5436

Feature

• terraform: Remove old tf parser - #5420

Bug Fix

• terraform: ensure TFModule is created properly in definition context - #5446

Feature

• terraform: Removed most usages of enable_nested_modules - #5415

Feature

• sca: update spdx-tools dep to version 0.8.0 and lower bound it - #5431
• terraform: Add address field on vertices even if render_variables is set to False - #5434

Bug Fix

• terraform: add new attached resource possibility to CKV2_AWS_23 #5424 - #5429
• terraform: fix ordering issue in CKV_AWS_358 - #5425

Bug Fix

• arm: improve CKV_AZURE_24 check - #5427

Bug Fix

• general: Fix empty credentials file issue - #5421

Feature

• secrets: Make non-entropy signatures take precedence over entropy signatures - #5412

Bug Fix

• terraform: Remove DMS S3 check CKV_AWS_299 - #5413

Feature

• terraform: Github Actions OIDC trust policy check - #5402

Feature

• general: allow --var-file to be passed as environment variable - #5406
• terraform: Add new policy to ensure AWS Transfer server only allows secure protocols - #5409

Platform

• general: remove obsolete run config fallback API call - #5404

Documentation

• gha: Update setup-python version in GitHub Actions.md - #5393

Feature

• terraform: new serialization methods for module and block - #5391

Bug Fix

• terraform: pr for upgrade-checkov - #5400

Bug Fix

• terraform: add TFDefinitionKey to get_entity_context_and_evaluations - #5392
• terraform: consider new domain attribute in CKV2_AWS_19 - #5383

Feature

• sca: support composer.json - #5382
• terraform: Use new function to create multi graph instead of single graph - #5375

Platform

• general: Implement SSO Relay State Parameter in Checkov Output Links - #5217

Feature

• sca: fix package line numbers - #5376

Bug Fix

• terraform: Fix CKV_AWS_104 to support new values - #5377

Feature

• general: enrich terraform definitions context key - #5350

Bug Fix

• terraform: fix get module name - foreach or count - #5373

Feature

• terraform: add new function to create module and definitions with tests - #5362
• terraform: GCP Ensure IAM Workload identity is restricted - #5369

Bug Fix

• general: fix inline suppression collection inside lists - #5370

Bug Fix

• terraform: leverage read_file_with_any_encoding to safely look for modules - #5360

Feature

• general: Add resource code filter to all checkov loggers - #5356
• general: Infrastructure for custom code logger filter - #5346

Bug Fix

• kustomize: Avoid index error when calculating file path - #5357