Update dependency checkov to v3 #22

general: anchor setuptools to fix metadata version - #7330
general: update our publishing job SHA to latest - #7332
terraform_plan: fix handling of resource_id for enrichment in tf_plan - #7329

`v3.2.482`

Compare Source

`v3.2.477`

Compare Source

Bug Fix

terraform_plan: compute the longest common prefix between two optional vertex - #7320
terraform_plan: Don't add values to empty list values in after_unknown - #7319

Documentation

general: Add JAVA_FULL_DT environment variable to CLI reference - #7312

`v3.2.473`

Compare Source

no noteworthy changes

`v3.2.472`

Compare Source

Feature

terraform: fix foreach module handling - #7313

`v3.2.471`

Compare Source

Bug Fix

terraform_plan: fix access to list by str in tf plan under _handle_complex_after_unknown - #7299

`v3.2.470`

Compare Source

Bug Fix

helm: Make Helm template detection less aggressive - #7288

`v3.2.469`

Compare Source

Feature

general: Control parallelism - #7286

`v3.2.468`

Compare Source

`v3.2.467`

Compare Source

Bug Fix

serverless: Fixed bad entity code line generation - #7285

`v3.2.466`

Compare Source

Feature

terraform: add aws_vpc_endpoint to RESOURCE_TYPES_JSONIFY - #7281

Bug Fix

general: Add exclusion for plan_with_providers test files in security scanning - #7282

`v3.2.465`

Compare Source

`v3.2.464`

Compare Source

Feature

secrets: support suppressions in JSON files - #7275

`v3.2.463`

Compare Source

`v3.2.462`

Compare Source

`v3.2.461`

Compare Source

Bug Fix

terraform: Handled git external module loading with sub-directory but without protocol - #7272

`v3.2.460`

Compare Source

Bug Fix

general: pin boto3 and botocore versions as failed test in Jenkins - #7270

`v3.2.459`

Compare Source

`v3.2.458`

Compare Source

Bug Fix

terraform: Fix conditional expression evaluation - #7265
terraform: Update FunctionAppsAccessibleOverHttps - #7078

`v3.2.457`

Compare Source

Bug Fix

dockerfile: Use proxy env vars in aiohttp client requests - #7260

`v3.2.456`

Compare Source

Bug Fix

terraform: Parse continue as a string rather as a python object - #7261

`v3.2.455`

Compare Source

`v3.2.454`

Compare Source

Bug Fix

serverless: Fixed extraction of code lines for serverless resources - #7259

`v3.2.453`

Compare Source

`v3.2.452`

Compare Source

Feature

general: Support Py 3.13 on build workflow - #7222

`v3.2.451`

Compare Source

Feature

terraform: Support parsing of provider functions - #7237

`v3.2.450`

Compare Source

Bug Fix

arm: filter out failed checks with resource names containing un-rendered functions - #7231

`v3.2.449`

Compare Source

Bug Fix

terraform: fix cloning external modules from private regsitries - #7229
terraform: fix issue 7216 module version parsing issue - #7224

`v3.2.448`

Compare Source

`v3.2.447`

Compare Source

Bug Fix

terraform: Added support in restricting to a specific GitHub organization for GithubActionsOIDCTrustPolicy - #7221

`v3.2.446`

Compare Source

Feature

kubernetes: include hidden folders in scan - #7219

`v3.2.445`

Compare Source

Bug Fix

helm: fix file paths to point to original files and not generated ones - #7212
secrets: fix omitting and masking - #7218

`v3.2.444`

Compare Source

`v3.2.443`

Compare Source

Bug Fix

secrets: fix omit and masking - #7213

`v3.2.442`

Compare Source

Bug Fix

secrets: fix relative path secrets - #7211

`v3.2.441`

Compare Source

`v3.2.440`

Compare Source

Feature

secrets: Bump detect secrets - #7203

`v3.2.439`

Compare Source

Bug Fix

serverless: Enhance yaml parsing, better support for file expansion - #7115
terraform: Better utilization of managed modules (if enabled) - #7111

`v3.2.438`

Compare Source

`v3.2.437`

Compare Source

Bug Fix

terraform: Handle explicitly-specified tfvars explicitly - #7107

`v3.2.436`

Compare Source

Bug Fix

terraform_plan: Support count in terraform plan files - #7195

`v3.2.435`

Compare Source

Bug Fix

kubernetes: Only filter out files that contain Helm built-in variables and functions - #6922
serverless: check if start and end line in serverless definitions context - #7189

`v3.2.434`

Compare Source

`v3.2.433`

Compare Source

Bug Fix

terraform_plan: add a check to avoid doing get on a none dict object in tfplan scan - #7180

`v3.2.432`

Compare Source

Bug Fix

terraform: Multiple fixes - #7178

`v3.2.431`

Compare Source

`v3.2.430`

Compare Source

`v3.2.429`

Compare Source

Bug Fix

general: Fix support for git external module syntax 'git::git@' - #7175
general: Remove asteval syntax error logs - #7172

`v3.2.428`

Compare Source

`v3.2.427`

Compare Source

Feature

secrets: Revert - Bump detect secrets - #7171

Bug Fix

terraform: dont move clone to internal dir - #7159

`v3.2.426`

Compare Source

Feature

secrets: Bump detect secrets - #7158
terraform: 7 new policies - #7056

`v3.2.425`

Compare Source

`v3.2.424`

Compare Source

Feature

terraform: Add SNS check and modify some - #7154

Bug Fix

secrets: Fix for git-history scan by commits - #7160

`v3.2.423`

Compare Source

`v3.2.422`

Compare Source

Feature

secrets: git-history allow scan by commits list - #7155

Bug Fix

general: exclude start_line and end_line from is empty solver - #7156

`v3.2.421`

Compare Source

`v3.2.420`

Compare Source

Feature

kustomize: export get kustomize resource id to a function - #7153

Bug Fix

general: Skip bc_api_key in output - #7148
terraform: Fixed crash when using variable rendering inside a list of len > 1 - #7151

`v3.2.419`

Compare Source

`v3.2.418`

Compare Source

`v3.2.417`

Compare Source

Breaking Change

general: Remove OpenAI - #7146

`v3.2.416`

Compare Source

Bug Fix

terraform_plan: use provider name not resource address to fix supported_provider matching - #7119

`v3.2.415`

Compare Source

Bug Fix

general: using asteval instead of using eval - #7116

`v3.2.414`

Compare Source

Bug Fix

terraform: Fix protocols for CKV2_AWS_74 and fix for CKV2_K8S_5 - #7134

`v3.2.413`

Compare Source

Feature

terraform: Add new check for overly permissive SQS policy - #7125

Bug Fix

terraform: support CLI notation in CKV_AZURE_228 for EventHub locations - #7124

`v3.2.412`

Compare Source

`v3.2.411`

Compare Source

Feature

secrets: Add support in git history for producer consumer - #7123

Bug Fix

general: Make --download-external-modules Optional[bool] - #7121
secrets: Fix test directory tree race - #7122
terraform: add aws_elasticache_serverless_cache to CKV2_AWS_5 - #7079

`v3.2.410`

Compare Source

`v3.2.409`

Compare Source

`v3.2.408`

Compare Source

Feature

terraform: Over permissive Lambda Cors check (Terraform & Cloudformation) - #7113

Bug Fix

general: base_runner: Properly escape excluded directories that begin with '.' - #7112

`v3.2.407`

Compare Source

Feature

terraform: Add new check and update old around cipher suites - #7108

`v3.2.406`

Compare Source

Bug Fix

kustomize: handle kustomize file with empty resources section - #7109

`v3.2.405`

Compare Source

`v3.2.404`

Compare Source

Bug Fix

terraform: Fix for multiple checks - #7097

`v3.2.403`

Compare Source

Feature

cloudformation: Update Lambda Runtime checks - #7065

`v3.2.402`

Compare Source

Bug Fix

terraform: Change to valid name - #7089
terraform: CKV2_IBM_1 - ignore case for load balancer of type private_path - #7010
terraform: rename test FunctionAppsAccessibleOverHttps - #7085

Documentation

general: Add install for debian - #7083

`v3.2.401`

Compare Source

`v3.2.400`

Compare Source

Bug Fix

general: typos discovered by codespell - #7012
terraform: Update FunctionAppsAccessibleOverHttps - #7084

`v3.2.399`

Compare Source

`v3.2.398`

Compare Source

Bug Fix

general: handle connected_node tuple in CustomJSONEncoder for json report (#7062) - #7063

`v3.2.397`

Compare Source

no noteworthy changes

`v3.2.396`

Compare Source

Bug Fix

terraform: Fix keeping range a range - #7073

`v3.2.395`

Compare Source

Feature

serverless: add check for empty resource attributes - #7074

`v3.2.394`

Compare Source

Bug Fix

terraform: Fix CKV2_GCP_12 and a few tests - #7069

`v3.2.393`

Compare Source

Bug Fix

general: Updated correct connected_node when creating graph report out of all options - #7068

`v3.2.392`

Compare Source

Bug Fix

terraform_plan: Run provider checks against all providers in plan - #7061

`v3.2.391`

Compare Source

Bug Fix

secrets: Bump detect-secrets to not flag AZ secrets in plan files - #7064

`v3.2.390`

Compare Source

Feature

terraform: add raw tf resource to graph - #7047

Bug Fix

general: Fix a few checks - #7051
general: Remove sneaky unicode characters that break a regex and console outputs on Windows - #6987
terraform: CKV_AWS_228 - support new AWS Opensearch TLS policy - #7007

`v3.2.389`

Compare Source

`v3.2.388`

Compare Source

`v3.2.387`

Compare Source

`v3.2.386`

Compare Source

no noteworthy changes

`v3.2.385`

Compare Source

Bug Fix

terraform: Update all resources - #7049

`v3.2.384`

Compare Source

Bug Fix

terraform: Update CKV_ALI_1 - #7040

`v3.2.383`

Compare Source

Feature

serverless: add tags enrichment to serverless - #7044

Bug Fix

sast: Fix CKV_AWS_194 policy - #7048

`v3.2.382`

Compare Source

Feature

secrets: Bump detect-secrets to remove more lock files - #7039

`v3.2.381`

Compare Source

Bug Fix

general: prevent connected_node attribute from being overriden - #7032
secrets: ckv_secret_80 filtering fix - #7037

`v3.2.380`

Compare Source

`v3.2.379`

Compare Source

Feature

terraform: Add azure DB checks for flexible server private endpoints - #7030

`v3.2.378`

Compare Source

Bug Fix

secrets: Remove CKV_SECRET_80 instead of CKV_SECRET_6 - #7029

`v3.2.377`

Compare Source

Feature

terraform: adding 3 policies & tests - #7011

Bug Fix

cloudformation: Handle subs in CKV_AWS_384 - #7022
secrets: Fix Duplicated Violation in line bug - #7027
terraform: Fixed CKV2_GCP_10 to exclude non http triggered cloud functions from security_level requirement - #7008
terraform: Handle new resource type for CKV_GCP_73 - #7023

`v3.2.376`

Compare Source

`v3.2.375`

Compare Source

`v3.2.374`

Compare Source

`v3.2.373`

Compare Source

Bug Fix

terraform: CKV_GCP_74, CKV_GCP_76 incorrectly enforced for REGIONAL and GLOBAL managed proxy networks - #7002

`v3.2.372`

Compare Source

Feature

terraform: Add multiple checks - #7016

Bug Fix

terraform: Postgres latest stable version - #7015

`v3.2.371`

Compare Source

`v3.2.370`

Compare Source

Bug Fix

general: Handle ECS enhanced container insights - #7001

`v3.2.369`

Compare Source

Bug Fix

terraform: Multiple check fixes - #6999

`v3.2.368`

Compare Source

Feature

general: fix proxy access from git and registry loader - #6992

`v3.2.367`

Compare Source

`v3.2.366`

Compare Source

Bug Fix

bicep: Add bicep specific for CKV_AZURE_25 since ARM implementation fails - #6996
terraform: CKV_AZURE_249 & CKV_AWS_358 - better support for OIDC 'repo' detection regex and conditions order - #6994

`v3.2.365`

Compare Source

`v3.2.364`

Compare Source

Bug Fix

terraform: CKV_AWS_339 - Add EKS platform version 1.32 to allowed lists of versions - #6988

`v3.2.363`

Compare Source

`v3.2.362`

Compare Source

Bug Fix

secrets: Multiple matching groups are being caught as regex separated by | sign - #6967
secrets: Remove both random and base64 entropy secrets finding - #6969

Platform

general: Backfill more eval keys - #6970

`v3.2.361`

Compare Source

`v3.2.360`

Compare Source

`v3.2.359`

Compare Source

`v3.2.358`

Compare Source

Feature

general: Add env var for policy metadata - #6979

`v3.2.357`

Compare Source

Feature

general: initial support for python 3.13 - #6962

Bug Fix

terraform: OIDC checks fixes - #6964

`v3.2.356`

Compare Source

`v3.2.355`

Compare Source

Feature

terraform: Update CKV_AWS_358, add CKV_GCP_125 and CKV_AZURE_249 for OIDC claims analysis for GitHub - #6960

Bug Fix

terraform: Accept TLS 1.3 for Azure web apps and web app slots - #6956

Platform

terraform: Add eval keys - #6929

`v3.2.354`

Compare Source

`v3.2.353`

Compare Source

Bug Fix

general: Support CVE suppressions with the root file in repo - #6948

`v3.2.352`

Compare Source

Feature

terraform: add option to add external_modules_content_cache to terraform build_graph - #6942

`v3.2.351`

Compare Source

Bug Fix

terraform: Skip tsconfig in terraform plan - #6941

`v3.2.350`

Compare Source

Feature

terraform: add CKV_AZURE_248 - Azure batch account network access restriction - #6928

Bug Fix

terraform: Revert feat(terraform): Add a terraform block check (#6904) - #6937

`v3.2.349`

Compare Source

`v3.2.348`

Compare Source

`v3.2.347`

Compare Source

Feature

general: Change behavior where if a config file is missing, run the scan as if there was no config file - #6926

Bug Fix

terraform: Fix for multiple checks - #6933

`v3.2.346`

Compare Source

Feature

terraform: add option to add proxy to request - #6923

`v3.2.345`

Compare Source

Feature

cloudformation: Add sensitive param check - #6921
terraform: add option to add proxy to request - #6916
terraform: check cognitive services restrict outbound network - #6919

Bug Fix

terraform_json: support CDKTF output in CKV_TF_3 - #6918

`v3.2.344`

Compare Source

Bug Fix

kubernetes: Add to nested resources on k8s graph inherit namespace - #6912

`v3.2.343`

Compare Source

`v3.2.342`

Compare Source

Feature

serverless: serverless definitions context - #6910
serverless: Serverless graph integration - #6911
terraform: Add a terraform block check - #6904

`v3.2.341`

Compare Source

`v3.2.340`

Compare Source

`v3.2.339`

Compare Source

Bug Fix

general: Fix jsonpath-key handling for special characters like "/" and reduce log size - #6907
serverless: Fix serverless check crash - #6909

`v3.2.337`

Compare Source

`v3.2.336`

Compare Source

Feature

general: add cortex:skip for suppressions - #6908

Bug Fix

terraform: fix CKV_AZURE_136 for replicas - #6895
terraform: Fix CKV_AZURE_227 for Azure V4 - #6906

`v3.2.335`

Compare Source

`v3.2.334`

Compare Source

Feature

serverless: Serverless graph vertices - #6894

Bug Fix

secrets: fix indentation to remove duplications - #6626

`v3.2.333`

Compare Source

`v3.2.332`

Compare Source

Feature

terraform: Add multi skip inline suppression - #6860
terraform: New bedrock check - #6892

Bug Fix

kubernetes: fix json file parsing - #6891
terraform: Fix CKV2_AZURE_31 - #6893

`v3.2.331`

Compare Source

`v3.2.330`

Compare Source

`v3.2.329`

Compare Source

`v3.2.328`

Compare Source

Feature

serverless: Serverless refactor for graph implementation - #6885

Documentation

general: docs flags update - #6888

`v3.2.327`

Compare Source

Bug Fix

terraform: Convert to graph check - #6875

`v3.2.326`

Compare Source

Feature

general: add new CIDR operator - #6877

Bug Fix

arm: Fix resource ID generation to use variables - #6884

`v3.2.325`

Compare Source

`v3.2.324`

Compare Source

Bug Fix

terraform_plan: run post_runner after get_enriched_resources for terraform_plan - #6883

`v3.2.322`

Compare Source

Feature

general: Update range includes to handle range values - #6867

Bug Fix

general: fix_memory error with adding new env - #6879
general: revert comment out ARM test - #6882

`v3.2.321`

Compare Source

`v3.2.320`

Compare Source

Feature

terraform: Add new checks to match run checks - #6868

Bug Fix

arm: Fix arm root folder - #6880
terraform: Update CKV_AZURE_164 to correct check on trust policy - #6757

`v3.2.319`

Compare Source

`v3.2.318`

Compare Source

`v3.2.317`

Compare Source

Feature

terraform: support resource_type attribute - #6872

Bug Fix

arm: Fix arm report resource naming - #6876
terraform: Fix two checks and logs - #6874

`v3.2.316`

Compare Source

`v3.2.315`

Compare Source

[`v3.2.314`](https://redirect.github.com/bridgecrewio/checkov/releases

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate bot force-pushed the renovate/checkov-3.x branch 4 times, most recently from 5ea9214 to 2b25a61 Compare June 23, 2024 22:41

renovate bot force-pushed the renovate/checkov-3.x branch 9 times, most recently from b85bae5 to ef3a72f Compare July 1, 2024 14:28

renovate bot force-pushed the renovate/checkov-3.x branch 10 times, most recently from a84b545 to b2aef53 Compare July 9, 2024 10:27

renovate bot force-pushed the renovate/checkov-3.x branch 7 times, most recently from c376ea5 to 53f3b7d Compare July 14, 2024 11:54

renovate bot force-pushed the renovate/checkov-3.x branch 3 times, most recently from c3945c9 to e059aa9 Compare July 14, 2025 16:42

renovate bot force-pushed the renovate/checkov-3.x branch 4 times, most recently from 12f7741 to cd3224a Compare July 28, 2025 13:01

renovate bot force-pushed the renovate/checkov-3.x branch 3 times, most recently from c072c91 to e464e17 Compare August 12, 2025 10:34

renovate bot force-pushed the renovate/checkov-3.x branch 4 times, most recently from 190f407 to d716f72 Compare August 27, 2025 14:04

renovate bot force-pushed the renovate/checkov-3.x branch 2 times, most recently from f38410f to 8344d85 Compare September 8, 2025 12:06

renovate bot force-pushed the renovate/checkov-3.x branch from 8344d85 to 1a7b479 Compare September 14, 2025 13:32

renovate bot force-pushed the renovate/checkov-3.x branch 2 times, most recently from bf02d7f to cad72d5 Compare September 30, 2025 15:40

renovate bot force-pushed the renovate/checkov-3.x branch 4 times, most recently from d764f19 to abaf570 Compare October 12, 2025 13:51

renovate bot force-pushed the renovate/checkov-3.x branch 3 times, most recently from 8aa89bd to 0f0aa60 Compare October 22, 2025 12:58

renovate bot force-pushed the renovate/checkov-3.x branch 2 times, most recently from 6b4da13 to 2df5c36 Compare October 27, 2025 08:46

Update dependency checkov to v3

0c7ff53

renovate bot force-pushed the renovate/checkov-3.x branch from 2df5c36 to 0c7ff53 Compare October 29, 2025 16:10

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Update dependency checkov to v3 #22

Update dependency checkov to v3 #22

Uh oh!

renovate bot commented Jun 17, 2024 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Update dependency checkov to v3 #22

Are you sure you want to change the base?

Update dependency checkov to v3 #22

Uh oh!

Conversation

renovate bot commented Jun 17, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

Bug Fix

Feature

Bug Fix

Feature

Bug Fix

Bug Fix

Feature

Bug Fix

Documentation

Feature

Bug Fix

Bug Fix

Feature

Bug Fix

Feature

Bug Fix

Feature

Bug Fix

Bug Fix

Bug Fix

Bug Fix

Bug Fix

Bug Fix

Feature

Feature

Bug Fix

Bug Fix

Bug Fix

Feature

Bug Fix

Bug Fix

Bug Fix

Feature

Bug Fix

Bug Fix

Bug Fix

Bug Fix

Bug Fix

Bug Fix

Bug Fix

Feature

Bug Fix

Feature

Feature

Bug Fix

Feature

Bug Fix

Feature

Bug Fix

Breaking Change

Bug Fix

Bug Fix

Bug Fix

Feature

Bug Fix

Feature

Bug Fix

Feature

renovate bot commented Jun 17, 2024 •

edited

Loading