Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: bridgecrewio/checkov
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 3.2.383
Choose a base ref
...
head repository: bridgecrewio/checkov
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 3.2.384
Choose a head ref
  • 4 commits
  • 11 files changed
  • 2 contributors

Commits on Mar 11, 2025

  1. chore: update release notes

    @gruebel @github-actions
    gruebel authored and github-actions[bot] committed Mar 11, 2025
    Loading
    Loading status checks…

    Verified

    This commit was signed with the committer’s verified signature.
    phillebaba Philip Laine
    GPG key ID: F6D0B743CA3EFF33
    Verified
    Learn about vigilant mode
    Copy the full SHA
    e8a6855 View commit details

Commits on Mar 12, 2025

  1. fix(terraform): Update CKV_ALI_1 (#7040) 

    Update CKV_ALI_1
    @tsmithv11
    tsmithv11 authored Mar 12, 2025
    Loading
    Loading status checks…

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    GPG key ID: B5690EEEBB952194
    Verified
    Learn about vigilant mode
    Copy the full SHA
    93811db View commit details

  2. fix(terraform): Update CKV_ALI_1 (#7040) 

    Update CKV_ALI_1
    @tsmithv11 @actions-user
    tsmithv11 authored and actions-user committed Mar 12, 2025

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    GPG key ID: B5690EEEBB952194
    Verified
    Learn about vigilant mode
    Copy the full SHA
    4817ad7 View commit details

  3. fix(terraform): Update CKV_ALI_1 (#7040) 

    Update CKV_ALI_1
    @tsmithv11 @actions-user
    tsmithv11 authored and actions-user committed Mar 12, 2025
    Loading
    Loading status checks…

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    GPG key ID: B5690EEEBB952194
    Verified
    Learn about vigilant mode
    Copy the full SHA
    2569247 View commit details
12 changes: 11 additions & 1 deletion CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,16 @@
# CHANGELOG

## [Unreleased](https://github.com/bridgecrewio/checkov/compare/3.2.382...HEAD)
## [Unreleased](https://github.com/bridgecrewio/checkov/compare/3.2.383...HEAD)

## [3.2.383](https://github.com/bridgecrewio/checkov/compare/3.2.382...3.2.383) - 2025-03-11

### Feature

- **serverless:** add tags enrichment to serverless - [#7044](https://github.com/bridgecrewio/checkov/pull/7044)

### Bug Fix

- **sast:** Fix CKV_AWS_194 policy - [#7048](https://github.com/bridgecrewio/checkov/pull/7048)

## [3.2.382](https://github.com/bridgecrewio/checkov/compare/3.2.381...3.2.382) - 2025-03-06

47 changes: 47 additions & 0 deletions checkov/terraform/checks/graph_checks/alicloud/OSSBucketPublic.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
metadata:
id: "CKV_ALI_1"
name: "Alibaba Cloud OSS bucket accessible to public"
category: "GENERAL_SECURITY"
definition:
and:
- cond_type: "attribute"
resource_types:
- "alicloud_oss_bucket"
attribute: "acl"
operator: "not_within"
value:
- "public-read"
- "public-read-write"
- or:
- and:
- cond_type: "filter"
attribute: "resource_type"
value:
- "alicloud_oss_bucket"
operator: "within"
- cond_type: "connection"
resource_types:
- "alicloud_oss_bucket"
connected_resource_types:
- "alicloud_oss_bucket_acl"
operator: "not_exists"
- and:
- cond_type: "filter"
attribute: "resource_type"
value:
- "alicloud_oss_bucket"
operator: "within"
- cond_type: "connection"
resource_types:
- "alicloud_oss_bucket"
connected_resource_types:
- "alicloud_oss_bucket_acl"
operator: "exists"
- cond_type: "attribute"
resource_types:
- "alicloud_oss_bucket_acl"
attribute: "acl"
operator: "not_within"
value:
- "public-read"
- "public-read-write"
20 changes: 0 additions & 20 deletions checkov/terraform/checks/resource/alicloud/OSSBucketPublic.py
View file

This file was deleted.

2 changes: 1 addition & 1 deletion checkov/version.py
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
version = '3.2.383'
version = '3.2.384'
Loading