Releases: bridgecrewio/checkov
Releases · bridgecrewio/checkov
3.2.133
Feature
- general: add AI_AND_ML to CheckCategories - #6423
Bug Fix
- sast: Update CKV IDs for CDK policies - #6415
3.2.130
Feature
- arm: add CKV_AZURE_135 to ensure Application Gateway WAF prevents message lookup in Log4j2. - #6364
- arm: add CKV_AZURE_140 to ensure that Local Authentication is disabled on CosmosDB - #6329
- arm: add CKV_AZURE_163 Enable vulnerability scanning for container images - #6339
- arm: add MariaDbPublicAccessDisabled convert policy to arm - #6246
- arm: AKSLocalAdminDisabled - #6334
- arm: AppServiceFTPSState - #6363
- arm: AzureServiceFabricClusterProtectionLevel - #6366
- arm: ensure ACR disables anonymous pulling of images (CKV_AZURE_138) - #6373
- arm: KeyVaultDisablesPublicNetworkAccess - #6342
- arm: PostgreSQLServerPublicAccessDisabled - #6330
- terraform: extract image referencers for AWS SageMaker - #6408
Bug Fix
- ansible: add dict check in create_tasks_vertices - #6417
3.2.128
Feature
- azure: drop support for dotnet v7.0 - #6383
- general: Image Referencer should not run for CI workflow files - #6386
- secrets: Add _prioritise_secrets by 3 levels of severity - #6390
- terraform: add 5 policies - #6401
- terraform: add 6 policies - #6396
- terraform: add fix for ckv_aws_300 - #6404
- terraform: add fix for not contains solver - #6389
Bug Fix
- ansible: filter conf if its int or float - #6409
- general: add try except gihub_action read file - #6411
- general: bitbucket integration test failure - #6407
- general: CKV2_AZURE_50 generates false positive azurerm_storage_account violations - #6391
- sast: add log for sast on windows - #6397
3.2.125
Feature
- arm: Add check for AzureML workspace not configured with private endpoint - #6387
3.2.124
Feature
- azure: Add policy to ensure proper AzureML Workspace network access - #6362
- azure: Ensure Azure Storage Account storing Machine Learning workspace high business impact data is not publicly accessible - #6368
3.2.122
Feature
- arm: AppServicePythonVersion - 82 check the 'python version' is the latest, if used to run the web app - #6282
3.2.121
Feature
- terraform: AWS SageMaker notebook instance KMS Key - #6374
- terraform: CognitiveServicesConfigureIdentity - new check - #6378
- terraform: Ensure that Cognitive Services accounts enable local authentication - new check - #6377
3.2.119
Feature
- arm: add FunctionAppsEnableAuthentication - Checking if a certain field exists - #6250
- terraform: Add more conditions to CKV_AWS_70 - #6371
- terraform: Added the CKV2_AWS_68 Check for TF and CFN - #6369
Bug Fix
- ansible: set task as ansible vertices config - #6376
- terraform: for_each/count attribute wasn't rendering if referencing a dynamic variable of a higher level module - #6372
3.2.112
Feature
- terraform: Add provider address to resources - #6266
- terraform: Support for count & for_each in data blocks - #6359
Bug Fix
- terraform: Fix an issue for loading tfvars + issue in the dynamic rendering - #6360
3.2.108
Bug Fix
- sast: don't scan hidden files - #6349