checkov

Platform

• terraform: upload tf sub graphs - #5596

Feature

• terraform: Ensure ephemeral disks are used for OS disks - #5584
• terraform: Ensure that App Service plan is zone redundant - #5577
• terraform: Ensure that the AKS cluster encrypt temp disks, caches, and data flows between Compute and Storage resources - #5588

Feature

• general: Add image referencer rustworkx support - #5564
• general: Add rustworkx support - #5595
• terraform: Adding 2 new AWS policies - #5599
• terraform: simply IMDSv2 checks - #5601

Feature

• arm: CKV_AZURE_88 convert to arm check - #5465
• arm: implement CKV_AZURE_149 for ARM - #5496

Bug Fix

• terraform: Adding missing null checks - #5589

Feature

• general: add rustworkx (#5511) - #5565
• general: Revert add rustworkx (#5565)" - #5594

Platform

• general: expose retry and timeout configuration for interaction with the platform - #5585

Feature

• sca: creating alias mapping for javascript - #5567
• sca: creating alias mapping for javascript - #5582
• sca: revert creating alias mapping for javascript - #5581

Bug Fix

• general: fix print to encode in windows - #5572
• terraform: Nested source_module_objects with missing foreach key - #5580

Feature

• arm: implement CKV2_AZURE_27 for arm - #5534
• terraform: Add new policy for deprecated runtimes - #5555
• terraform: Ensure Event Hub Namespace uses at least TLS 1.2 - #5535
• terraform: Ensure that the Ledger feature is enabled on database that requires cryptographic proof and nonrepudiation of data integrity - #5541

Feature

• general: add rustworkx - #5511

Bug Fix

• terraform: Module from_dict func to static func - #5562

Feature

• general: attempt to fix overload in loaders and add tests - #5549
• general: remove 3.7 integ. test - #5556
• general: remove line to force code change - #5558
• terraform: add check Neptune DB clusters should be configured to copy tags to snapshots - #5552
• terraform: add CKV_AWS_361 to ensure Neptune DB cluster has adequate backup retention - #5548

Bug Fix

• terraform: Fix external_modules_source_map serialization - #5546

Feature

• terraform: add check for Neptune DB clusters IAM database auth enabled - #5545
• terraform: add CKV_AWS_360 to ensure backup retention period on AWS Document DB - #5547

Feature

• terraform: add public network checks for Azure Function and Web Apps - #5533

Feature

• arm: Implement CKV_AZURE_111 in ARM - #5528
• arm: implement CKV_AZURE_134 for ARM - #5518
• arm: implement CKV_AZURE_160 for arm - #5526
• arm: implement CKV_AZURE_89 for ARM - #5529

Bug Fix

• terraform: CKV_AWS_208 bug fix - #5512

Feature

• general: Check module download - #5525
• general: Check module download and quit on failure - #5523

Feature

• arm: Implement CKV_AZURE_101 for ARM - #5516
• arm: implement CKV_AZURE_107 for arm - #5514
• arm: implement CKV_AZURE_113 for ARM - #5510

Feature

• arm: implement CKV_AZURE_112 for arm - #5507
• arm: implement CKV_AZURE_40 for ARM - #5499
• arm: implement CKV_AZURE_58 for ARM - #5497
• arm: implement CKV_AZURE_94 for arm - #5508

Bug Fix

• helm: Changed error message to failure to better differentiate problems - #5517
• terraform_json: correctly parse data blocks in Terraform JSON - #5509
• terraform: continue processing of TF modules in the same file - #5503
• terraform: fix error type - #5513

Feature

• arm: implement CKV_AZURE_100 for arm - #5490
• arm: implement CKV_AZURE_114 for arm - #5489
• arm: implement CKV_AZURE_130 for arm - #5485
• arm: implement CKV_AZURE_151 for arm - #5484

Bug Fix

• arm: correctly handle json files with comments and output parsing errors - #5495

Feature

• arm: CKV_AZURE_66 implement config logging check for arm - #5464
• arm: convert CKV_AZURE_65 to arm - #5467
• arm: Implement CKV_AZURE_109 in arm - #5483
• arm: implement CKV_AZURE_63 for arm - #5475
• arm: implement CKV_AZURE_80 in arm - #5476
• secrets: fix resource in git history scan - #5482

Bug Fix

• terraform: extend CKV2_AWS_5 to include aws_appstream_fleet (#5487) - #5491

Feature

• arm: migrate check CKV_AZURE_50 to arm - #5453
• arm: translate tf CKV_AZURE_93 check to arm - #5450
• kubernetes: Added new endpoint for both helm and kustomize - #5481

Bug Fix

• dockerfile: consider platform flag in CKV_DOCKER_7 - #5468
• kustomize: support kubectl 1.28+ - #5480

Feature

• secrets: handle non iac secrets FP - #5478