chore(deps): update dependency checkov to v3.2.129

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
checkov	==3.2.74 -> ==3.2.129

---

Release Notes

bridgecrewio/checkov (checkov)

v3.2.129

Compare Source

v3.2.128

Compare Source

Feature

• azure: drop support for dotnet v7.0 - #​6383
• general: Image Referencer should not run for CI workflow files - #​6386
• secrets: Add _prioritise_secrets by 3 levels of severity - #​6390
• terraform: add 5 policies - #​6401
• terraform: add 6 policies - #​6396
• terraform: add fix for ckv_aws_300 - #​6404
• terraform: add fix for not contains solver - #​6389

Bug Fix

• ansible: filter conf if its int or float - #​6409
• general: add try except gihub_action read file - #​6411
• general: bitbucket integration test failure - #​6407
• general: CKV2_AZURE_50 generates false positive azurerm_storage_account violations - #​6391
• sast: add log for sast on windows - #​6397

v3.2.127

Compare Source

v3.2.126

Compare Source

v3.2.125

Compare Source

Feature

• arm: Add check for AzureML workspace not configured with private endpoint - #​6387

v3.2.124

Compare Source

Feature

• azure: Add policy to ensure proper AzureML Workspace network access - #​6362
• azure: Ensure Azure Storage Account storing Machine Learning workspace high business impact data is not publicly accessible - #​6368

v3.2.123

Compare Source

v3.2.122

Compare Source

Feature

• arm: AppServicePythonVersion - 82 check the 'python version' is the latest, if used to run the web app - #​6282

v3.2.120

Compare Source

v3.2.116

Compare Source

v3.2.115

Compare Source

v3.2.114

Compare Source

v3.2.113

Compare Source

v3.2.112

Compare Source

Feature

• terraform: Add provider address to resources - #​6266
• terraform: Support for count & for_each in data blocks - #​6359

Bug Fix

• terraform: Fix an issue for loading tfvars + issue in the dynamic rendering - #​6360

v3.2.111

Compare Source

v3.2.110

Compare Source

v3.2.109

Compare Source

v3.2.108

Compare Source

Bug Fix

• sast: don't scan hidden files - #​6349

v3.2.107

Compare Source

Bug Fix

• terraform: Handle registry modules with a version in CKF_TF_2 - #​6354

v3.2.106

Compare Source

Feature

• arm: Ensure Databricks Workspace data plane to control plane co… - #​6319
• general: TF and ARM - Ensure that Databricks Workspaces enable… - #​6313
• secrets: Bump detect-secrets - #​6346

v3.2.105

Compare Source

Feature

• arm: add AppServiceJavaVersion - #​6258
• arm: add CKV_AZURE_145 to check that the function app uses the latest version of TLS encryption - #​6323
• arm: add CKV_AZURE_218 to ensure that Application Gateway defines secure protocols for in transit communicationApp gw defines secure protocols - #​6320
• arm: add CKV_AZURE_54 to ensure Enforce a minimal Tls version for the server - #​6270
• arm: add CKV_AZURE_71 to Ensure that Managed identity provider is enabled for web apps - #​6272
• arm: add CKV_AZURE_72 to ensure that remote debugging is not enabled for app services - #​6281
• arm: AzureDefenderOStorage - #​6269
• arm: MySQLPublicAccessDisabled-Azure MySQL: Restrict Public Access - #​6263
• arm: StorageSyncPublicAccessDisabled - #​6331
• secrets: eliminate false positives in entropy keyword combinator detector - #​6327

Bug Fix

• ansible: fix ansible resource id in local graph - #​6344
• secrets: fix entropy type - #​6347

v3.2.104

Compare Source

v3.2.103

Compare Source

v3.2.102

Compare Source

v3.2.101

Compare Source

v3.2.100

Compare Source

Feature

• sast: TS-legacy-checks - #​6311
• secrets: entropy limit as env variable - #​6332

v3.2.99

Compare Source

v3.2.98

Compare Source

Bug Fix

• terraform: Remove invalid CIDRs in CKV2_AWS_44 - #​6301

v3.2.97

Compare Source

Feature

• arm: add CKV_AZURE_73 to ensure that Automation account variables are encrypted - #​6271
• arm: add CKV_AZURE_76 to ensure that Azure Batch account uses key vault to encrypt data - #​6280
• arm: add FunctionAppDisallowCORS - password correctness check - #​6248
• arm: ARM FunctionAppHttpVersionLatest policy - #​6244
• arm: CKV_AZURE_74 to Ensure that Azure Data Explorer (Kusto) uses disk encryption - #​6273
• arm: MSSQLServerMinTLSVersion - #​6245

v3.2.96

Compare Source

v3.2.95

Compare Source

Bug Fix

• terraform: handle module source tag ref when it is not the first parameter - #​6314

v3.2.94

Compare Source

Bug Fix

• sast: fix random test sast js - #​6315

Platform

• general: Double-Encode URI for RelayState Parameter - #​6302

v3.2.93

Compare Source

v3.2.92

Compare Source

Feature

• sast: CDK TypeScript policies - #​6161
• terraform: add check for tf module versioned tag - #​6213

Bug Fix

• secrets: secret_filter_block_list filter by file name and suffixes - #​6285
• secrets: secret_filter_block_list filter by file name and suffixes 2 - #​6306

Platform

• general: Fix policy.name to use the spaces as specified on CLI. - #​6296

v3.2.91

Compare Source

Feature

• secrets: bump bc-detect-secrets to 1.5.10 - #​6297

v3.2.90

Compare Source

Feature

• general: Add deep-analysis to GHA - #​6288
• terraform: Add more hype policies - #​6239

Bug Fix

• ansible: fix ansible definitions raw type - #​6292

Platform

• ansible: add set definitions raw to ansible runner - #​6286
• general: Handle SAST suppressions (suppressions V2) - #​6109

Documentation

• general: add RENDER_EDGES_DUPLICATE_ITER_COUNT to docs - #​6291
• general: Update README links for PyPi - #​6231

v3.2.89

Compare Source

v3.2.88

Compare Source

v3.2.87

Compare Source

v3.2.86

Compare Source

v3.2.85

Compare Source

Platform

• ansible: add missing arg to ansible runner - #​6276

v3.2.84

Compare Source

Feature

• sast: Enable cdk ts integraion test - #​6158

Bug Fix

• secrets: add files for secret to skip - #​6275
• terraform: Update CKV_AWS_31 for RBAC - #​6224

v3.2.83

Compare Source

v3.2.82

Compare Source

Feature

• github: add summary message in github_failed_only output - #​6131
• sast: add ts checks to python pack - #​6261
• sast: run all cdk integration test - #​6256

Bug Fix

• general: fix changed serif path - #​6251

v3.2.81

Compare Source

v3.2.80

Compare Source

v3.2.79

Compare Source

Feature

• sast: Add 10 TS CDK - #​6194
• sast: add typescript - DONT MERGE - #​6193
• sast: Filter js files generate by ts - #​6220
• secrets: bump bc-detect-secrets 1.5.9 - #​6205
• terraform: Add GCP policy - #​6177
• terraform: Add resource attributes to jsonify - #​6203
• terraform: Ensure dedicated data endpoints are enabled - #​6188
• terraform: support provider in tf_plan graph - #​6195
• terraform: Update CloudArmorWAFACLCVE202144228.py - #​6217

Bug Fix

• general: add print to random test - #​6229
• general: fix integration test in build - #​6227
• general: fix integration tests - #​6207
• kubernetes: Update checkov-job.yaml - #​5985
• sca: remove old test for the depracated workflow github-action - #​6232
• terraform_plan: Edges not created because of indexing in resource["address"] when resources in modules use count - #​6145
• terraform: CKV_AWS_23 rule description fixed for clarity - #​5993
• terraform: Fix CKV_AWS_358 to handle plan files - #​6202

Platform

• ansible: add create_definitions function for ansible framework - #​6225

Documentation

• general: Fix docs html brackets - #​6051
• general: Remove Python 3.7 - #​6200

v3.2.78

Compare Source

v3.2.77

Compare Source

v3.2.76

Compare Source

v3.2.75

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.