checkov

Feature

• terraform: Ensure App Service Environment is zone redundant - #5662
• terraform: Ensure that Standard Replication is enabled - #5649

Bug Fix

• sca: Setting only relevant cves for the extracted reachable functions with risk factor of ReachableFunction as True - #5715
• terraform: CKV_AWS_208 valid Amazon MQ versions - #5653

Feature

• sca: adjusting the cli-output to support indicating of reachable functions - #5713
• terraform: Adding YAML based build time policies for corresponding PC runtime policies - #5637
• terraform: bigtable deletion protection [depends on #5625] - #5626
• terraform: drop and deletion checks for spanner - #5625

Bug Fix

• sast: add cveid to reachability report - #5708

Feature

• sca: Extending reachability post-runner in checkov and enriching cves with ReachableFunction data - #5707

Bug Fix

• general: fix duplicate components in CycloneDX report - #5705

Bug Fix

• general: address python 3.12 SyntaxWarning - #5699
• terraform: fix variable rendering for foreach resources with dot included names - #5701

Bug Fix

• sast: comment out SAST JS integration test - #5697

Bug Fix

• general: Fix sast & cdk integration tests - #5688
• sast: Adding exit code in sast integration test - #5690
• sast: adjust SAST file pattern search - #5694
• sast: fix sast reachability report format - #5686
• terraform: Fixing the typo within the name of the Terraform check CKV_AZURE_158 - #5696

Platform

• general: Do not crash the run if S3 integration fails during setup, upload, or finalize - #5691

Bug Fix

• secrets: fix secret FP of client_secret_setting_name - #5679

Platform

• general: Add SAST enforcement rules and check severity thresholds - #5684
• general: do not get fixes for on prem integrations - #5668

Breaking Change

• general: remove level up flow - #5677
• general: remove multi_signature and adjust base check classes - #5645
• general: v3 release - #5681

Bug Fix

• sast: fix error logs coming from SAST - #5685

Documentation

• general: add BC token deprecation notice and v3 migration guide - #5644

Feature

• general: Adds GHA support for skip-frameworks, skip-cve-package & output-bc-ids flags - #5619
• terraform: Ensure that the SQL database is zone-redundant - #5540
• terraform: Ensure the Azure Event Hub Namespace is zone redundant - #5538

Bug Fix

• bicep: enforce encryption flag to be string for CKV_AZURE_97 - #5669
• terraform_plan: Add provisioners to TF Plan parser - #5622

Feature

• terraform: Support for merge func inside jsondecode - #5656

Bug Fix

• sca: make the abs path to be correcnt - #5660

Feature

• arm: implement CKV_AZURE_103 for ARM - #5527
• arm: implement CKV_AZURE_96 for ARM - #5506
• arm: implement CKV_AZURE_97 for ARM - #5515

Bug Fix

• terraform: Added a check to make sure dynamic "blocks" are of the expected type - #5642
• terraform: update CKV_AWS_339 valid EKS versions - #5652

Feature

• sca: giving file path on relative the the current dir for cases there is no either specified root_folder and the is no repo scan dir - #5654

Feature

• terraform: support scanning of Terraform managed modules instead of downloading them - #5635

Bug Fix

• terraform: Fixing issues with checks CKV_AZURE_226 & CKV_AZURE_227 - #5638

Feature

• sca: support case where there are no cves suppressions - #5636

Feature

• general: Remove code upload for on-prem integrations - #5624

Feature

• arm: implement CKV_AZURE_95 for ARM - #5500
• general: Added source and target to edge data - #5621

Bug Fix

• terraform_plan: add azurerm_portal_dashboard to jsonify list - #5618
• terraform: check if the dynamic name is one of the resources block - #5607

Breaking Change

• general: remove Python 3.7 - #5605
• graph: remove CHECKOV_CREATE_GRAPH env var to control graph creation - #5606

Bug Fix

• dockerfile: fix Docker image scan - #5617
• openapi: Take into account that security is at the root level of your OpenAPI specification. - #5603
• terraform: stop CKV_GCP_43 crashing when not a string - #5561

Bug Fix

• terraform: fix upload resource_subgraph_maps - #5615

Platform

• terraform: Upload resource subgraph map - #5612

Platform

• terraform: fix in subgraphs uploads - #5610