checkov

Feature

• general: add Ansible framework - #4244
• general: Allow using --repo-root-for-plan-enrichment flag in GitHub Actions - #4292
• secrets: add new sanity test files for base64 entropy detector - #4298
• terraform: Adding yaml based build time policies for corresponding PC run time policies - #4265

Bug Fix

• sca: fix dependency tree cli print - #4282
• terraform: fix Exception in image ref - #4297
• terraform: fix in variable rendering - #4296
• terraform: Fix policy str in graph checks - #4286

Feature

• general: add Image referencer igraph support - #4277
• general: Support aiohttp for IR API calls - #4274

Bug Fix

• general: Enable running cloned policies in case the OOTB policy is suppressed - #4281
• secrets: change default secret validation status to unavailable - #4284
• terraform: fix error for push_skipped_checks_down with definition that not in the definition context - #4272

Feature

• azure: Add image referencer in azure pipelines - #4234
• gha: fix yaml parsing of multi files - #4270
• secrets: fix to keyword combinator to reduce FPs - #4260

Bug Fix

• secrets: add guideline and severity to custom secret check metadata - #4276

Feature

• gha: fix failing image retrieval in GHA IR - #4268

Bug Fix

• cloudformation: fix CloudFormation checks related to number values - #4243
• general: Add normalization to change the name of nuget to dotNet lang - #4271

Feature

• dockerfile: Add checks for PYTHONHTTPSVERIFY and NODE_TLS_REJECT_UNAUTHORIZED - #4223
• secrets: Skip invalid secrets checks + soft/hard fails - #4247
• terraform: Azure search service checks - #4064
• terraform: GCP checks for definition of a firewall resource for a network - #4188

Bug Fix

• general: Support encoding of function object - #4259
• kubernetes: handle missing subjects in k8s cluster role binding - #4262
• kubernetes: handle resources with incompatible selector - #4257
• secrets: Change secret validation status message - #4250
• terraform: default value for CKV_AZURE_5 - #4237
• terraform: fix get_current_module_index for path that contain .tf in them - #4261

Feature

• general: fix circleci crash when cannot find image - #4249
• general: fix circleci yaml-doc - #4246
• kubernetes: set default k8s graph env vars to true - #4225
• terraform: Add new checks for ensuring execution history logging and Xray for State Machine is enabled - #4240

Bug Fix

• cloudformation: Fix edge-cases in checks - #4251
• kubernetes: removed env vars from tests - #4252
• secrets: Change secret validation status message - #4238
• secrets: Revert "fix(secrets): Change secret validation status message" - #4248

Feature

• terraform: PC-Policy-Team - GCP PostgreSQL Instance Database Policies - #4090

Bug Fix

• secrets: Change verify secrets key to include relative path - #4232
• terraform: improve cross-variable edges performance - #4231

Feature

• general: Add resource attributes to omit arg - #4193
• terraform: enable cross variable edges - #4224

Bug Fix

• secrets: add function to add the custom policies to the metadata integration not in the multiprocess - #4221

Feature

• kubernetes: support more types of k8s pod template containers - #4208
• secrets: Add secret validation status to reduced report - #4219
• secrets: fix unquoted secret value - #4214
• terraform_plan: support multiple references in one resource - #4206

Bug Fix

• kubernetes: allow filtering of custom with built-in Kubernetes check IDs - #4204
• secrets: add long to see metadata_integration - #4220
• terraform_plan: fix module resources ids - #4211

Feature

• dockerfile: Add checks for unsafe wget and pip usages - #4202
• secrets: Implement lower entropy threshold on a line with keyword - #4210
• terraform: add CKV2_AWS_51 to Ensure AWS Managed IAMFullAccess IAM policy is not used. - #4174
• terraform: CDN and service bus checks for azure - #4059

Bug Fix

• secrets: add logs - #4215
• secrets: add logs to secrets - #4213
• secrets: Disable verify secrets if skip_download is specified - #4209
• secrets: fix relative file path in secrets saved to coordinator - #4212

Bug Fix

• general: fix incorrect billing message when frameworks are removed from --framework list - #4201

Feature

• dockerfile: Add check for unsafe curl usages - #4186
• general: add logic to vcs scanning to prevent empty repo collabs failing check - #4199
• terraform: Adding yaml based build time policies for corresponding PC run time policies - #4113

Bug Fix

• general: handle variable dependent values in policy - #4200
• secrets: Fix api key condition in verify_secrets - #4195
• secrets: Remove raw string modifier from re.compile - #4197

Feature

• sca: enable CHECKOV_RUN_SCA_PACKAGE_SCAN_V2 env var - #4192
• secrets: Call secrets verify API - #4181

Bug Fix

• general: set newer jsonschema dependency bound- solves #2227 - #4183
• general: Update exclude-patterns.txt - #4187

Documentation

• general: fix links in contributing docs - #4184

Feature

• general: Skip check in json file - #4172

Feature

• gha: add support for gha existing graph - #4175
• secrets: change secretsCoordinator to dict format - #4169
• terraform: added aws_ssoadmin_managed_policy_attachment resource to CKV_AWS_274 - #4173

Bug Fix

• general: add link to BaseGraphRegistry checks - #4177
• general: change CODE_LINK_BASE from master to main - #4178
• kubernetes: remove unneeded context check - #4171
• kustomize: fixed kustomize abs_file_path - #4159
• terraform: out of range error by checking if list is empty - #4176

Feature

• sca: remove report_results from checkov, as it is not used at all - #4161

Bug Fix

• general: fix f-string log message - #4170

Documentation

• general: fix reference link in Contributing docs page - #4164

Feature

• general: Make code blocks for json check results focused on the relevant part - #4130
• openapi: Add v2 openAPI new checks - #4112
• terraform: new azure storage checks - #4021

Bug Fix

• github: Handle entity configurations of type list - #4160
• sca: Fix extra space in output of dependencies - #4162

Feature

• azure: Add check - azure keyvalut public network access - #4155

Bug Fix

• terraform: fix edge-case in CKV_AZURE_183 check - #4154
• terraform: fix graph checks nested modules - #4157
• terraform: fix or connection graph checks nested modules - #4158

Feature

• kubernetes: Support graph edges for nested (related) Pod resources. - #4100
• secrets: Keep original secrets data in runtime for further validation - #4144
• secrets: Keep original secrets data in runtime for further validation - #4149

Bug Fix

• general: fix excluded paths for path with special characters - #4152
• terraform: add test path to exclude-patterns - #4150
• terraform: fix edge-case in CKV_AZURE_37 check - #4153
• terraform: fix getting graph entity config in terraform runner - #4146
• terraform: remove redundant nested definitions - #4147