checkov

Bug Fix

• general: check both path types for suppression - #5834
• terraform: Fix range issue in OCI RDP check - #5832

Bug Fix

• sca: Update the log level of specific logs - #5828
• terraform: CKV_GCP_26 Added additional google_compute_subnetwork purposes that do not support flow logs - #5812
• terraform: Fix CKV_GCP_30 for unknown service account - #5818
• terraform: Fixed to_dict of terraform block regarding source_module_object - #5822

Feature

• ansible: add CKV_PAN_17 - Check for src and dst zone any - #5803
• sast: sast enabled from integration - #5780
• terraform: Adding Python based build time policies for corresponding PC runtime policies - #5762
• terraform: Adding YAML based build time policies for corresponding PC runtime policies - #5810

Platform

• general: handle the updated on prem response from the platform - #5809

Feature

• sca: Using alias data from assets.json for giving Package Used indication for aliased packages - #5808

Bug Fix

• terraform: Add source_module_object to blocks from_dict func - #5806

Feature

• ansible: PAN-OS IPsec checks - #5802

Feature

• ansible: add CKV_PAN_16 PAN-OS BPA Check for session log at start - #5794
• sast: Add alias data to imports assets - #5788

Bug Fix

• bicep: Update AppServiceHttps20Enabled to consider newer ApiVersion - #5795

Bug Fix

• general: Policy metadata API fixes - #5761

Bug Fix

• gha: Update GitHub Actions Workflow Schema #5742 - #5759
• terraform_plan: load terraform registry checks when using terraform plan - #5778
• terraform: Ensure HTTPS in Azure Function App and App Slots - #5766

Platform

• general: do not display an auth error when the runconfig endpoint returns a 500 - #5779

Breaking Change

• general: set default parallelization type to spawn and leverage Terraform downloaded module by default - #5760

Feature

• terraform: Ensure ACR is zone-redundant - #5748

Bug Fix

• general: Revert parallelization commit - #5777
• sast: remove SAST frameworks for OSS users - #5773
• secrets: don't reinitialize the upload client without API key usage - #5771

Documentation

• general: properly escape CLI flags in the CLI command docs - #5768

Bug Fix

• terraform_plan: TF plan resources connection fix - #5767

Feature

• terraform: Adding YAML based build time policies for corresponding PC runtime policies - #5714

Bug Fix

• terraform: fix valid value for aws keyspaces_table encryption_specification type - #5756

Bug Fix

• terraform: check min TLS version also on azure app slots - #5753

Feature

• general: add possibility to change parallelization type - #5737

Bug Fix

• cloudformation: ignore unresolved references in CKV_AWS_45 - #5747

Feature

• sast: Python cdk policies batch 2 - #5725

Bug Fix

• general: add option to pass --skip-download with github-action - #5734

Platform

• general: print the log upload location if the --support flag is used - #5738

Bug Fix

• terraform: Adding both azurerm_linux_web_app_slot & azurerm_windows_web_app_slot in scope of the test CKV_AZURE_153 - #5687

Documentation

• general: Switch references to Bridgecrew with Prisma Cloud - #5704

Bug Fix

• general: do not require a repo ID when using an API key and --list - #5726

Feature

• sast: add new python CDK policies - #5706
• terraform: Ensure that only critical system pods run on system nodes - #5665