Skip to content

Release history

Checkov releases

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

Back to tool Latest release

All releases

25 shown

Config change
3.2.532 New feature
Auth Crypto / TLS

Signature verification

Open
Review required
3.2.531 New feature
Auth

GitHub OIDC trust check

Open
Review required
3.2.530 Bug fix
Auth Breaking upgrade

Disable var resolution

Open
No immediate action
3.2.529 Bug fix

Rotation check includes 90‑day boundary

Open
3.2.528 Bug fix

Fixed secrets scanner to report all multiline regex matches per file instead of only the first.

Full changelog

Bug Fix

  • secrets: report all multiline regex matches per file, not just first occurrence - FIX - #7540
View release on GitHub
3.2.527 Breaking risk patches CVE-2020-11023 patches CVE-2023-44487
Breaking changes
  • Secrets scanner now reports only the first multiline regex match per file, reverting previous behavior that reported all matches.
Full changelog

Feature

  • secrets: Revert "fix(secrets): report all multiline regex matches per file, not just first occurrence" - #7537
View release on GitHub
3.2.526 Bug fix

Fixed compatibility with Helm versions greater than v3.

Full changelog

Bug Fix

  • helm: Accept helm version greater than v3 - #7399
View release on GitHub
3.2.524 Bug fix

Minor fixes and improvements.

Full changelog

Bug Fix

  • general: Revert Switch Terraform regex eval to RE2 for better performance - #7520
  • sca: Align ImageScanner.run_image_scan with execute_scan - #7518
View release on GitHub
3.2.522 Bug fix

Minor fixes and improvements.

Full changelog

Bug Fix

  • general: Strip unnecessary control bytes from CLI code block - #7515
  • general: Switch Terraform regex eval to RE2 for better performance - #7516
View release on GitHub
3.2.521 Bug fix

Minor fixes and improvements.

Full changelog

Bug Fix

  • general: make version cache init lazy - #7509
  • secrets: report all multiline regex matches per file, not just first occurrence - #7483
View release on GitHub
3.2.517 Bug fix

Added validation for allowlisted Prisma Cloud and Bridgecrew API URLs and hardened tar and zip extraction to prevent malformed archives and unauthorized connections.

View release on GitHub
3.2.513 Bug fix

## Bug Fix - **general:** Log update - [#7482](https://github.com/bridgecrewio/checkov/pull/7482)

View release on GitHub
3.2.511 Bug fix

Improved error handling to prevent run failures when invalid policies are encountered during scanning.

View release on GitHub
3.2.510 Maintenance

Updated compliance checks to support modern TLS security policies, latest EKS Kubernetes versions, and current PostgreSQL versions.

View release on GitHub
3.2.508 Bug fix

Eliminated race condition in secrets scanner to prevent duplicate detections when running concurrently with other scanners.

View release on GitHub
3.2.507 Bug fix

Fixed thread safety issue in secret runner configuration to support concurrent secret scanning operations.

View release on GitHub
3.2.506 Bug fix

Fixed Terraform module path resolution when destination directory already exists on Linux systems.

View release on GitHub
3.2.505 Bug fix

Reverted dependency change to improve Bicep syntax parsing and template validation.

View release on GitHub
3.2.504 New feature
Breaking changes
  • .NET v6 support deprecated
Notable features
  • .NET v9 support
  • .NET v10 support
View release on GitHub
3.2.501 Bug fix

Fixed secret detection accuracy in build log files containing line prefixes and formatting variations.

View release on GitHub
3.2.500 Bug fix

Fixed CloudFormation configuration variable interpolation in analysis vertices and config rendering.

View release on GitHub
3.2.499 New feature
Notable features
  • BC_CA_BUNDLE environment variable support
  • Cortex-specific AWS check overrides
View release on GitHub

Beta — feedback welcome: [email protected]