Checkov

v3.3.1 Breaking

This release includes 1 breaking change for platform teams planning a safe upgrade.

Published 1d Vulnerability Scanning

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

aws aws-security azure cloudformation compliance devops

+6 more

gcp iac kubernetes scans static-analysis terraform

Summary

AI summary

Serverless checks now always use variables by default.

Changes in this release

Type	Severity	Summary	CVE
Feature	Low	Disables serverless variable opt-out by default. Disables serverless variable opt-out by default. Source: llm_adapter@2026-06-12 Confidence: high	—

Full changelog

Feature

serverless: disable vars opt out - #7574

Breaking Changes

Serverless checks no longer honor the opt-out for variable usage; vars are enabled by default.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Checkov

Get notified when new releases ship.

About Checkov

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

All releases →

Checkov

Summary

Changes in this release

Feature

Breaking Changes

Related context

Related tools