checkov
checkov copied to clipboard
bridgecrewio
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
**Describe the issue** Terraform provisioners are sometimes passed in a "mangled" form to the `scan_resource_conf` method. **Examples** Try running the following policy: ```py from typing import Dict, Any from checkov.common.typing...
Hey! New checkov user here 👋 ## How I noticed the problem While trying to run checkov's test suit on my local machine I noticed that some files were being...
**Describe the issue** In [setup.py](https://github.com/bridgecrewio/checkov/blob/df33f9f3df0139563d82077ad715df6732e8542b/setup.py#L111), the version of `urllib3` is pinned to an old release. The old versions are known to have security [vulnerabilities](https://nvd.nist.gov/vuln/detail/cve-2024-37891). To avoid potential issues with outdated...
**Describe the issue** Check CKV_AWS_46 "Ensure no hard-coded secrets exist in EC2 user data" fails even userdata does not contain any secrets. Also even based on same code (CDK), one...
**Describe the issue** [CKV_AWS_363](https://www.checkov.io/5.Policy%20Index/terraform.html#:~:text=511-,CKV_AWS_363,-resource) is not up to date and lacks already-[deprecated](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtimes-deprecated) lambda content **Examples** ``` # Lambda function resource "aws_lambda_function" "example" { runtime = "nodejs18.x" #
**By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.** [//]: # " # PR Title We use the title...
**By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.** [//]: # " # PR Title We use the title...
**Describe the issue** `CKV_AZURE_9` is not able to identify misconfigurations for NSG rules that include a `source_address_prefix` with a `/0`, like:`/0`. Would suggest replacing `INTERNET_ADDRESSES` in `NSGRulePortAccessRestricted.py` (line 8): ```pytho...
**Describe the issue** I am testing a fail scenario to validate the CKV_AWS_260 rule, but the rule is incorrectly passing instead of detecting a violation. **Examples** Please review the sample...
What would be the checkov valid way of getting a dependency from the internet? `RUN wget` seems just as insecure, and putting the files on the disk before running docker...
Metadata
Owner
Metadata
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.