checkov

Feature

• openapi: Add CKV_OPENAPI_21 - #5268

Bug Fix

• secrets: handle regex error in custom secrets gracefully - #5355

Documentation

• general: update docs about installation guidelines - #5352

Feature

• github: Add ability for External checks with git branch - #5337
• sca: add fix command and code for indirect deps - #5347

Bug Fix

• kubernetes: No dups when extracting images - #5339

Feature

• sca: add fix code and command to cve report - #5333
• sca: fix code block array structure - #5338

Bug Fix

• general: properly encode non supported chars in SARIF uri field - #5336

Documentation

• sca: Add SCA skip comments to docs - #5330

Bug Fix

• kustomize: Added support for case where no parents are found for the relative fie path - #5332
• terraform: Update CKV2_AWS_12 for the new defaults - #5203

Feature

• kustomize: Support child k8s resources inside kustomize origin annotations - #5328

Bug Fix

• kustomize: Checked for existence of caller_file_path in definitions_raw - #5324
• openapi: Fix ws for CKV_OPENAPI_20 - #5317
• terraform: CKV_AWS_342 - managed rules have predefined actions - #5322

Feature

• general: support UTF-16 and other encodings in multiple frameworks - #5308
• kustomize: add back reverted kustomize annotations and update build github action to use github runners - #5316
• kustomize: Add origin annotations to calculate bases of kustomize checks - #5298

Feature

• secrets: Improve the entropy keyword combinator secret scanner - #5307

Bug Fix

• openapi: Fix CKV_OpenAPI_20 - #5302
• terraform: fix invalid value in CKV_AWS_304 - #5301
• terraform: support new field in CKV2_AWS_3 - #5304

Feature

• dockerfile: add ARM build for K8s container image - #5293
• general: Add checkov.spec to enable PyInstaller - #5281

Bug Fix

• terraform: remove CKV2_AZURE_18 check and improve CKV2_AZURE_1 - #5294

Platform

• general: use sca inline suppressions - #5285

Feature

• openapi: New OpenAPI check CKV_OPENAPI_20 - #5253

Bug Fix

• terraform: remove deprecated check CKV_GCP_67 - #5275

Documentation

• general: Add csv to output - #5273

Feature

• graph: add experimental debug output for graph check evaluation - #5257

Bug Fix

• general: revert add composer files to supported package files - #5269

Platform

• general: add composer files to supported package files - #5263

Feature

• terraform: add module check for commit hash revision usage - #5261

Bug Fix

• openapi: add security definition type validation into CKV_OPENAPI_9 - #5262
• secrets: fix secrets omit crash when value is not string - #5260
• terraform: ignore local modules in CKV_TF_1 - #5264

Bug Fix

• arm: consider encryption property in CKV_AZURE_2 - #5254

Bug Fix

• terraform: add missing AWS RDS CA certificate identifiers for aws_db_instance resource - #5247

Feature

• general: remove log from parallel common - #5244

Platform

• general: Fix local repo generated name if ends with / - #5243

Feature

• terraform: ensure kms key policy is defined - #5235

Bug Fix

• sca: fix wrongly invoked Image Referencer scanning when scanning a single file - #5237
• terraform_plan: add terraform plan vertices to terraform graph if not exist - #5230

Bug Fix

• dockerfile: negative is_dockerfile() lookup on .dockerignore suffix - #5219
• terraform: fix empty value issue for CKV_GIT_4 - #5222

Documentation

• graph: add jsonpath custom policy example - #5221

Feature

• gha: add skip_path flag to GHA and allow multiple values in var_file - #5213
• sca: add root package name and version to csv sbom - #5211