checkov

checkov copied to clipboard

**Describe the issue** Github Actions should pin the actions in workflows to SHA to prevent supply chain attacks such as this: https://www.wiz.io/blog/github-action-tj-actions-changed-files-supply-chain-attack-cve-2025-30066 **Examples** Please share an example code sample (in...

bt-macole

fix(terraform): correctly evaluate CKV_AWS_37 when there's a dynamic …

3

# User description …block **By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.** [//]: # " # PR Title...

Alex-Waring

fix(azurerm_redis_cache): Update policy to detect non_ssl_port_enabled

1

# User description **By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.** [//]: # " # PR Title We...

rannaladasu

fix(Terraform): Failing checks due to parsing error CKV_GCP_54 & CKV_GCP_57 Issue 7033

2

# User description **By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.** [//]: # " # PR Title We...

andrewkaldani30

Bicep / ARM support expectations are misleading for real-world Azure usage

1

Hi Checkov maintainers, I’m opening this as **feedback** rather than a bug report. After running a proof-of-concept using Checkov on a real Azure infrastructure codebase, I wanted to share observations...

jdvor

**By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.** [//]: # " # PR Title We use the title...

FCZhang1126

**Describe the feature** Terraform [plan](https://developer.hashicorp.com/terraform/internals/json-format) provides `variables` key which currently cannot read from `BaseResourceCheck.scan_resource_conf` **Examples** ``` { "format_version": "1.0", "terraform_version": "1.0.0", "variables": { "account": { "value": "dev" } }, ......

nurdann

**Describe the issue** Updating existing Terraform config to dotnet 10.0; we are seeing "Ensure that 'Net Framework' version is the latest, if used as a part of the web app"...

SimonWaters-bca

[WinError 32] The process cannot access the file because it is being used by another process

1

While running the Checkov 3.2.495 binary on Windows 11 an error arises. ``` [ secrets framework ]: 100%|████████████████████|[282/282], Current File Scanned=xxx.yml 2025-12-04 13:43:53,607 [MainThread ] [ERROR] Exception traceback:le Scanned=xxx\yyyy\zzzz\pod.yaml Traceback...

smclinden

**Describe the feature** When Checkov fails with an internal error, there is no distinction on exit codes. **Examples** Like for example I got the internal error, but due to `--soft-fail`...

pszypowicz