feat(terraform): cross variable performance improvement #4946

bo156 · 2023-04-20T11:03:07Z

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Description

Only called _build_edges_for_vertex once, passing on all of the modules internally.

Checklist:

My code follows the style guidelines of this project
I have performed a self-review of my own code
I have commented my code, particularly in hard-to-understand areas
I have made corresponding changes to the documentation
I have added tests that prove my feature, policy, or fix is effective and works
New and existing tests pass locally with my changes
Any dependent changes have been merged and published in downstream modules

* only call build_edges_for_vertex once under cross-variable-edges * returned if and break * flake8 * Removed comment

* fix(github): make GH Actions delimiter unique in multiline env vars (#4938) fix: make delimiter unique in multiline env vars see here for docs: https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#multiline-strings * chore: update release notes * feat(general): deserialize report & record from json (#4947) * deserialize report & record * missing import * lint * lint * lint --------- Co-authored-by: Eliran Turgeman <[email protected]> * feat(general): deserialize report & record from json (#4947) * deserialize report & record * missing import * lint * lint * lint --------- Co-authored-by: Eliran Turgeman <[email protected]> * feat(terraform): cross variable performance improvement (#4946) * only call build_edges_for_vertex once under cross-variable-edges * returned if and break * flake8 * Removed comment * feat(sca): fix extract fix version in sbom report (#4936) * fixed extract fix version * lint * fixed * ut * feat(terraform): cross variable performance improvement (#4946) * only call build_edges_for_vertex once under cross-variable-edges * returned if and break * flake8 * Removed comment * chore: update release notes * docs(terraform_plan): Add Deep Analysis to docs (#4950) * Add Deep Analysis to docs * Update help * typo * chore: bump stefanzweifel/changelog-updater-action from 1.6.2 to 1.7.0 (#4953) Bumps [stefanzweifel/changelog-updater-action](https://github.com/stefanzweifel/changelog-updater-action) from 1.6.2 to 1.7.0. - [Release notes](https://github.com/stefanzweifel/changelog-updater-action/releases) - [Changelog](https://github.com/stefanzweifel/changelog-updater-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/stefanzweifel/changelog-updater-action/compare/bbfa2bd8afcc53bf7ec1f01e69a7847d82a8b4c6...3ad74a04f312e09210fdb3b0d8bf7ee66865288e) --- updated-dependencies: - dependency-name: stefanzweifel/changelog-updater-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: bump actions/setup-python from 4.5.0 to 4.6.0 (#4954) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.5.0 to 4.6.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435...57ded4d7d5e986d7296eab16560982c6dd7c923b) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: bump github/codeql-action from 2.2.12 to 2.3.0 (#4955) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.12 to 2.3.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/7df0ce34898d659f95c0c4a09eaa8d4e32ee64db...b2c19fb9a2a485599ccf4ed5d65527d94bc57226) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: bump docker/metadata-action from 4.3.0 to 4.4.0 (#4956) Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 4.3.0 to 4.4.0. - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](https://github.com/docker/metadata-action/compare/507c2f2dc502c992ad446e3d7a5dfbe311567a96...c4ee3adeed93b1fa6a762f209fb01608c1a22f1e) --- updated-dependencies: - dependency-name: docker/metadata-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix(kustomize): fix image_referencer paths (#4898) * use kustomize original path instead of k8s path for image_reference * fix lint * fix test and fix image path to be relative * fix paths * fix lint * fix lint * fix paths for helm * fix lint * chore: bump docker/metadata-action from 4.3.0 to 4.4.0 (#4956) Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 4.3.0 to 4.4.0. - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](https://github.com/docker/metadata-action/compare/507c2f2dc502c992ad446e3d7a5dfbe311567a96...c4ee3adeed93b1fa6a762f209fb01608c1a22f1e) --- updated-dependencies: - dependency-name: docker/metadata-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat(terraform): Network firewall must define a logging configuration CKV2_AWS_63 (#4872) * Ntrework forewall must define a logging configuration * Port is invalid --------- Co-authored-by: Anton Grübel <[email protected]> * feat(terraform): ensure pidmode is not set to host 335 (#4786) * ensure pidmode is not set to host * for the plan * update check and tests --------- Co-authored-by: gruebel <[email protected]> * feat(terraform): ensure pidmode is not set to host 335 (#4786) * ensure pidmode is not set to host * for the plan * update check and tests --------- Co-authored-by: gruebel <[email protected]> * feat(terraform): ensure pidmode is not set to host 335 (#4786) * ensure pidmode is not set to host * for the plan * update check and tests --------- Co-authored-by: gruebel <[email protected]> * feat(terraform): Ensure container defines a readonly root drive 336 (#4788) * Ensure container defines a readonly root drive * update check --------- Co-authored-by: gruebel <[email protected]> * feat(terraform): Ensure SSM params are encrypted using a CMK 337 (#4789) Ensure SSM params are encrypted using a CMK Co-authored-by: Anton Grübel <[email protected]> * feat(terraform): Ensure SSM params are encrypted using a CMK 337 (#4789) Ensure SSM params are encrypted using a CMK Co-authored-by: Anton Grübel <[email protected]> * feat(terraform): Ensure SSM params are encrypted using a CMK 337 (#4789) Ensure SSM params are encrypted using a CMK Co-authored-by: Anton Grübel <[email protected]> * fix(terraform): support TF provider v3 for lifecycle existence check (#4952) support TF provider v3 for lifecycle existence check * fix(terraform): support TF provider v3 for lifecycle existence check (#4952) support TF provider v3 for lifecycle existence check * feat(terraform): Reduce module loading in TF Parser (#4959) * Update tf_parser.py * Update tf_parser.py * Update tf_parser.py * Update tf_parser.py * feat(terraform): Reduce module loading in TF Parser (#4959) * Update tf_parser.py * Update tf_parser.py * Update tf_parser.py * Update tf_parser.py * chore: update release notes * chore: transform YAML graph checks to JSON before packaging (#4951) * transform YAML graph checks to JSON before packaging * add setup_requires * fix test * transform rest of YAML graph checks to JSON * enable for_each * simplify yaml file search and disable for_each * chore: transform YAML graph checks to JSON before packaging (#4951) * transform YAML graph checks to JSON before packaging * add setup_requires * fix test * transform rest of YAML graph checks to JSON * enable for_each * simplify yaml file search and disable for_each * chore: publish pypi package via trusted publisher (#4967) publish pypi package via trusted publisher * feat(terraform): remove cross varaibles bad list comprehension (#4948) * only call build_edges_for_vertex once under cross-variable-edges * returned if and break * flake8 * Found much better way to handle relative_module_idx, some tests still fail * Final fix to pass tests * only use new tf parser for getting the key * feat(terraform): remove cross varaibles bad list comprehension (#4948) * only call build_edges_for_vertex once under cross-variable-edges * returned if and break * flake8 * Found much better way to handle relative_module_idx, some tests still fail * Final fix to pass tests * only use new tf parser for getting the key * fix(secrets): change default value of secret values to empty strings (#4973) * fix none in added commit hush to be string and not None * fix mypy * fix(terraform): Added a condition to not override source module object for old parser (#4975) added a condition to not override source module object for old parser * fix(general): remove invalid URLs in GitLab SAST output (#4960) remove invalid URLs in GitLab SAST output * fix(general): remove invalid URLs in GitLab SAST output (#4960) remove invalid URLs in GitLab SAST output * feat(terraform): add support for private terraform registries (#4964) * somewhat working * fix dest_dir calculation * fix test * refactor api endpoint calculation * refactor module_params * rename TFC_TOKEN and add deprecation warning * update docs * add tests * remove skip-ssl * remove trailing comma * fix flake8 errors * Update docs/7.Scan Examples/Terraform.md Co-authored-by: Taylor <[email protected]> * Update docs/7.Scan Examples/Terraform.md Co-authored-by: Taylor <[email protected]> * fix third party registry module download * update docs * format markdown * add tests * return early for github and bb sources * add test --------- Co-authored-by: Taylor <[email protected]> * feat(terraform): add support for private terraform registries (#4964) * somewhat working * fix dest_dir calculation * fix test * refactor api endpoint calculation * refactor module_params * rename TFC_TOKEN and add deprecation warning * update docs * add tests * remove skip-ssl * remove trailing comma * fix flake8 errors * Update docs/7.Scan Examples/Terraform.md Co-authored-by: Taylor <[email protected]> * Update docs/7.Scan Examples/Terraform.md Co-authored-by: Taylor <[email protected]> * fix third party registry module download * update docs * format markdown * add tests * return early for github and bb sources * add test --------- Co-authored-by: Taylor <[email protected]> * fix(general): log all returned enforcement rules for debugging (#4989) * log all returned rules for debugging * add total rule count to log message * fix(general): log all returned enforcement rules for debugging (#4989) * log all returned rules for debugging * add total rule count to log message * chore: update release notes * docs(terraform): fix docs formatting (#4988) * fix docs formatting * remove blank line * fix(gitlab): fix resource id parsing recursive (#4987) fix bug * docs(terraform): fix docs formatting (#4988) * fix docs formatting * remove blank line * chore: remove tests from package (#4994) remove tests from package * chore: update release notes * chore: improve multiline test (#4997) improve multiline test * chore: improve multiline test (#4997) improve multiline test * chore: update bc-detect-secrets version to 1.4.24 (#4979) * update bc-detect-secrets version * mypy --------- Co-authored-by: maxamel <[email protected]> Co-authored-by: Omry Mendelovich <[email protected]> * chore: update bc-detect-secrets version to 1.4.24 (#4979) * update bc-detect-secrets version * mypy --------- Co-authored-by: maxamel <[email protected]> Co-authored-by: Omry Mendelovich <[email protected]> * feat(terraform): remove redundant foreach deepcopy (#4982) * Removed deepcopy call from _build_sub_graph which takes around 20% of the deepcopy calls * Removed all deepcopy other than for blocks in _build_sub_graph * Removed more deepcopies * feat(terraform): remove redundant foreach deepcopy (#4982) * Removed deepcopy call from _build_sub_graph which takes around 20% of the deepcopy calls * Removed all deepcopy other than for blocks in _build_sub_graph * Removed more deepcopies * chore(secrets): add info of multiline to the secret data when detecting it (#4998) add info of multiline to the secret data when detecting it * chore(secrets): add info of multiline to the secret data when detecting it (#4998) add info of multiline to the secret data when detecting it * fix(secrets): fix missing history results when history store is used (#4992) * fix missing history results when history store is used * fix test * remove additional quotes * fix(secrets): fix missing history results when history store is used (#4992) * fix missing history results when history store is used * fix test * remove additional quotes * chore: update pycep to version 0.4.0 (#4999) update pycep to version 0.4.0 * feat(terraform): Ensure Cloudwatch retention is a year or more 338 (#4799) * Ensure Cloudwatch rention is a year or more * adjust check logic --------- Co-authored-by: gruebel <[email protected]> * feat(terraform): AWS EKS Use only platform supported versions 339 (#4810) * Use only platform supported verisons * Use only platform supported versions * bump passes * bump passes * bump passes * add version 1.26 --------- Co-authored-by: Anton Grübel <[email protected]> * feat(terraform): AWS EKS Use only platform supported versions 339 (#4810) * Use only platform supported verisons * Use only platform supported versions * bump passes * bump passes * bump passes * add version 1.26 --------- Co-authored-by: Anton Grübel <[email protected]> * feat(terraform): AWS EKS Use only platform supported versions 339 (#4810) * Use only platform supported verisons * Use only platform supported versions * bump passes * bump passes * bump passes * add version 1.26 --------- Co-authored-by: Anton Grübel <[email protected]> * feat(terraform): Azure APIm backend uses only HTTPS (#4811) * APIm backend uses only HTTPS * catch * adjust check logic --------- Co-authored-by: gruebel <[email protected]> * fix(terraform): secret- also check user data in launch config and template (#4969) also check user data in launch config and template * feat(kubernetes): support suppressing custom K8s policies (#4990) * support suppressing custom K8s policies * fix test * feat(kubernetes): support suppressing custom K8s policies (#4990) * support suppressing custom K8s policies * fix test * feat(kubernetes): support suppressing custom K8s policies (#4990) * support suppressing custom K8s policies * fix test * platform(general): upload checks code_block to report (#5001) upload checks code_block to platform report * chore: exclude test file from secrets check (#5002) exclude test file from secrets check * chore: update release notes * fix(secrets): change color of invalid secret message (#5007) change color Co-authored-by: Eliran Turgeman <[email protected]> * fix(secrets): change color of invalid secret message (#5007) change color Co-authored-by: Eliran Turgeman <[email protected]> * chore: update bc-detect-secrets version to 1.4.26 (#5000) update bc-detect-secrets version Co-authored-by: pazbechor <[email protected]> * chore: bump github/codeql-action from 2.3.0 to 2.3.2 (#5003) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.0 to 2.3.2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/b2c19fb9a2a485599ccf4ed5d65527d94bc57226...f3feb00acb00f31a6f60280e6ace9ca31d91c76a) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: move performance tests to hosted runners (#4986) * move performance tests to hosted runners * also install Python 3.7 * exclude test file from secrets check * run performance tests on 3.7 only * fix(secrets): Adding quote to required secret in case needed (#5008) * Adding quote to required secret in case needed * . * Fix security tests.. * classmethod -> static --------- Co-authored-by: pazbechor <[email protected]> * fix(secrets): Adding quote to required secret in case needed (#5008) * Adding quote to required secret in case needed * . * Fix security tests.. * classmethod -> static --------- Co-authored-by: pazbechor <[email protected]> * chore: update release notes * feat(terraform): Set TF modules for_each env vars as True (#4794) * Set CHECKOV_NEW_TF_PARSER as True * try with tfvars fix * another fix * Set true * remove unused if * Fix UTs * Fix UTs * aet CHECKOV_ENABLE_MODULES_FOREACH_HANDLING as True * Some fixes and improvments * remove unrelated changes * try with pickle * set CHECKOV_ENABLE_FOREACH_HANDLING as true * Set foreach modules env var to False * Match all UTs to new parser * Match all UTs to new parser * fix(terraform): improve attribute performance (#5014) * improve attribute performance * . * lint * default value * fix * fix * . * fix(terraform): improve attribute performance (#5014) * improve attribute performance * . * lint * default value * fix * fix * . * feat(secrets): open the feature - scan git history (#5022) open the feature - scan git history * feat(secrets): open the feature - scan git history (#5022) open the feature - scan git history * chore: trigger bridgecrew-py update (#5024) trigger bridgecrew-py update * fix(terraform): Update CKV2_AZURE_33 to remove checks on unrelated conditions (#5020) * Remove network_rules attribute checks * Included tests for CKV2_AZURE_33 * fix(terraform): Update CKV2_AZURE_33 to remove checks on unrelated conditions (#5020) * Remove network_rules attribute checks * Included tests for CKV2_AZURE_33 * fix(terraform): Update CKV_AWS_338 message and retention check for 0 (#5018) * fix(terraform): Update CKV_AWS_338 message and retention check for 0 (#5018) * fix(terraform): Update CKV_AWS_338 message and retention check for 0 (#5018) * feat(terraform): Set TF Modules for_each env var to true (#5021) * Set env var to true * Some small improvements * increase performance tests by 1 sec * Small CR fix * revert change * feat(terraform): Set TF Modules for_each env var to true (#5021) * Set env var to true * Some small improvements * increase performance tests by 1 sec * Small CR fix * revert change * fix(secrets): add filter for suppressed custom secret checks (#5016) * add filter out for suppressed custom secret checks * add filter out for suppressed custom secret checks * add filter out for suppressed custom secret checks * fix(secrets): add filter for suppressed custom secret checks (#5016) * add filter out for suppressed custom secret checks * add filter out for suppressed custom secret checks * add filter out for suppressed custom secret checks * chore: update release notes * feat(terraform): Elastic beanstalk uses managed updates and fixes the EB check while i… 340 (#4816) * Elastic beanstalk uses managed updates and fixes the EB check while im there * update branch --------- Co-authored-by: gruebel <[email protected]> * fix(terraform): fix foreach render value for lookup (#5037) * fix foreach render value for lookup * pr comments * add upper test * Merge 81e831b560bd81df73288f0fe0d52ca6038755d6 into 624365dc822fe6cdbb5b7b04ddaaa1807025c8b9 * fix(terraform): fix foreach render value for lookup (#5037) * fix foreach render value for lookup * pr comments * add upper test * fix(terraform): Handle entity context for for_each resources (#5036) Handle entity context for for_each resources * fix(terraform): Handle entity context for for_each resources (#5036) Handle entity context for for_each resources * fix(secrets): don't scan images in git history (#5040) * don't scan images * remove the flaky test * fix(secrets): don't scan images in git history (#5040) * don't scan images * remove the flaky test * chore: update release notes * platform(general): Catch None responses from BE (#5033) * Catch `None` responses from BE gracefully * Add retry with limited times * mypy * Remove flaky test * Leverage _get_s3_role and fix text * platform(general): Catch None responses from BE (#5033) * Catch `None` responses from BE gracefully * Add retry with limited times * mypy * Remove flaky test * Leverage _get_s3_role and fix text * chore: update release notes * fix(secrets): add handling of unicode error (#5055) * fix(secrets): add handling of unicode error (#5055) * feat(terraform): Update CKV_AZURE_43 StorageAccountName.py VARIABLE_REFS (#5045) Update StorageAccountName.py Update VARIABLE_REFS list within StorageAccountName.py to also include `each.` value . This is useful when using for_each with a certain resource/module and can reference variables from within the map instead of directly a global `var.` variable . * fix(arm): enabled is not true (#5051) * fix(cloudformation): Enable ALB to support tls1.3 policies #4962 (#5035) * fix to support tls1.3 policies * Update ALBListenerTLS12.py * feat(terraform): launch config/template Ensure metadata hop =1 341 (#4817) * Ensure metadatahop =1 * minor change --------- Co-authored-by: Anton Grübel <[email protected]> * fix(cloudformation): Enable ALB to support tls1.3 policies #4962 (#5035) * fix to support tls1.3 policies * Update ALBListenerTLS12.py * feat(terraform): launch config/template Ensure metadata hop =1 341 (#4817) * Ensure metadatahop =1 * minor change --------- Co-authored-by: Anton Grübel <[email protected]> * feat(general): include missing files in save repository (#5056) * include missing files * fix mypy * feat(general): include missing files in save repository (#5056) * include missing files * fix mypy * chore: update release notes * chore: scan repo with own secrets runner (#5046) * scan repo with own secrets runner * add checkov config file * add skip comments * add quiet flag * use new token * override enforcement rules * change to pull_request_target * leverage environment * checkout pull request branch * chore: scan repo with own secrets runner (#5046) * scan repo with own secrets runner * add checkov config file * add skip comments * add quiet flag * use new token * override enforcement rules * change to pull_request_target * leverage environment * checkout pull request branch * chore: bump github/codeql-action from 2.3.2 to 2.3.3 (#5057) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.2 to 2.3.3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/f3feb00acb00f31a6f60280e6ace9ca31d91c76a...29b1f65c5e92e24fe6b6647da1eaabe529cec70f) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: bump mikepenz/release-changelog-builder-action from 3.7.1 to 3.7.2 (#5058) chore: bump mikepenz/release-changelog-builder-action Bumps [mikepenz/release-changelog-builder-action](https://github.com/mikepenz/release-changelog-builder-action) from 3.7.1 to 3.7.2. - [Release notes](https://github.com/mikepenz/release-changelog-builder-action/releases) - [Commits](https://github.com/mikepenz/release-changelog-builder-action/compare/f7dd0f5932037ca4fff56395ffb04837fd97851a...342972d8fda7082778588387394cf150b9f7226f) --- updated-dependencies: - dependency-name: mikepenz/release-changelog-builder-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: bump crazy-max/ghaction-import-gpg from 5.2.0 to 5.3.0 (#5059) Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg) from 5.2.0 to 5.3.0. - [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases) - [Commits](https://github.com/crazy-max/ghaction-import-gpg/compare/111c56156bcc6918c056dbef52164cfa583dc549...72b6676b71ab476b77e676928516f6982eef7a41) --- updated-dependencies: - dependency-name: crazy-max/ghaction-import-gpg dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: bump pypa/gh-action-pypi-publish from 1.8.5 to 1.8.6 (#5060) Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.8.5 to 1.8.6. - [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases) - [Commits](https://github.com/pypa/gh-action-pypi-publish/compare/0bf742be3ebe032c25dd15117957dc15d0cfc38d...a56da0b891b3dc519c7ee3284aff1fad93cc8598) --- updated-dependencies: - dependency-name: pypa/gh-action-pypi-publish dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat(terraform): check that WAF rules have an action 342 (#4806) * Check that a waf rule has an assoicated acgtion * fix id * Update WAFRuleHasAnyActions.py * update check logic --------- Co-authored-by: Anton Grübel <[email protected]> * feat(terraform): redshift should be set to automatically take snapshots 343 (#4727) * redshift should be set to automatically take snapshots * Update RedshiftClusterAutoSnap.py * Update RedshiftClusterAutoSnap.py * Update RedshiftClusterAutoSnap.py * feat(terraform): check that WAF rules have an action 342 (#4806) * Check that a waf rule has an assoicated acgtion * fix id * Update WAFRuleHasAnyActions.py * update check logic --------- Co-authored-by: Anton Grübel <[email protected]> * feat(terraform): redshift should be set to automatically take snapshots 343 (#4727) * redshift should be set to automatically take snapshots * Update RedshiftClusterAutoSnap.py * Update RedshiftClusterAutoSnap.py * Update RedshiftClusterAutoSnap.py * feat(terraform): aws ensure delete protection for firewalls 344 (#4870) ensure delete protection for firewalls Co-authored-by: Anton Grübel <[email protected]> * feat(terraform): Ensure encryption for firewall uses a CMK CKV_AWS_345 (#4871) * Ensure encryption fvor forewall uses a CMK * add aws_networkfirewall_rule_group --------- Co-authored-by: Anton Grübel <[email protected]> * feat(terraform): Ensure Network firewall policy defines a encryption configuration that uses a CMK - CKV_AWS_346 (#4877) * Ensure Network firewall policy defines a encryption confihguration that specifies a CMK * Ensure Network firewall policy defines a encryption configuration that specifies a CMK --------- Co-authored-by: Anton Grübel <[email protected]> * feat(terraform): Ensure Network firewall policy defines a encryption configuration that uses a CMK - CKV_AWS_346 (#4877) * Ensure Network firewall policy defines a encryption confihguration that specifies a CMK * Ensure Network firewall policy defines a encryption configuration that specifies a CMK --------- Co-authored-by: Anton Grübel <[email protected]> * feat(terraform): Ensure Network firewall policy defines a encryption configuration that uses a CMK - CKV_AWS_346 (#4877) * Ensure Network firewall policy defines a encryption confihguration that specifies a CMK * Ensure Network firewall policy defines a encryption configuration that specifies a CMK --------- Co-authored-by: Anton Grübel <[email protected]> * fix(kubernetes): Update ckv_k8s_31 (#4991) * Updated ckv_k8s_31 Catch when all containers have the type RuntImeDefault * Update ckv_k8s_31 * Update test_PodSecurityContext.py * Delete pod-one-containerFAIL-onePASS.yaml * Undo update test_PodSecurityContext.py * Undo update PodSecurityContext.py * Undo update PodSecurityContext.py * Update to pass tests * Update Seccomp.py * Update Seccomp.py * Update Seccomp.py * Update Seccomp.py * fix dogfood tests * Revert "fix dogfood tests" This reverts commit e92309d2676e6b47772d91e0d8d4558e2a930db7. * Update Seccomp.py * update check logic * fix dogfood test --------- Co-authored-by: gruebel <[email protected]> * fix(kubernetes): Update ckv_k8s_31 (#4991) * Updated ckv_k8s_31 Catch when all containers have the type RuntImeDefault * Update ckv_k8s_31 * Update test_PodSecurityContext.py * Delete pod-one-containerFAIL-onePASS.yaml * Undo update test_PodSecurityContext.py * Undo update PodSecurityContext.py * Undo update PodSecurityContext.py * Update to pass tests * Update Seccomp.py * Update Seccomp.py * Update Seccomp.py * Update Seccomp.py * fix dogfood tests * Revert "fix dogfood tests" This reverts commit e92309d2676e6b47772d91e0d8d4558e2a930db7. * Update Seccomp.py * update check logic * fix dogfood test --------- Co-authored-by: gruebel <[email protected]> * chore: update release notes * docs(general): Fix some links (#5064) * Fix some links * Update SECURITY.md Co-authored-by: Taylor <[email protected]> --------- Co-authored-by: Taylor <[email protected]> * feat(terraform): Added caller_file_path and caller_file_line_range to reduced report (#5062) Added caller_file_path and caller_file_line_range to reduced report * feat(terraform): Added caller_file_path and caller_file_line_range to reduced report (#5062) Added caller_file_path and caller_file_line_range to reduced report * feat(terraform): Ensure Neptune cluster is encrypted with a CMK CKV_AWS_347 (#4965) Ensure Neptune cluster is encrypted with a CMK * docs(general): update Python custom checks docs (#5054) * update Python custom checks docs * add PR suggestion Co-authored-by: Taylor <[email protected]> --------- Co-authored-by: Taylor <[email protected]> * feat(terraform): AWS IAM don't generate root credentials 348 (#4966) dont generate root credentials * feat(terraform): Ensure Neptune cluster is encrypted with a CMK CKV_AWS_347 (#4965) Ensure Neptune cluster is encrypted with a CMK * feat(terraform): AWS IAM don't generate root credentials 348 (#4966) dont generate root credentials * fix(terraform): fix SQS encryption check CKV_AWS_27 (#5065) fix SQS encryption check CKV_AWS_27 * feat(terraform): AWS IAM don't generate root credentials 348 (#4966) dont generate root credentials * chore: update release notes * fix(secrets): add filter for suppressed custom secret checks (#5068) . * fix(secrets): add filter for suppressed custom secret checks (#5068) . * fix(secrets): exclude Kubernetes secretName from secret scanning (#5071) exclude Kubernetes secretName from secret scanning Co-authored-by: Omry Mendelovich <[email protected]> * Merge 1cfd16963a04119c8ad598eaf5851ecdba2ed13e into 4b2344ac1275704a06389708a1d2e922929c84f5 * chore: update bc-detect-secrets version to 1.4.27 (#5072) * update bc-detect-secrets version * remove ignore * fix if for check id --------- Co-authored-by: omryMen <[email protected]> Co-authored-by: Omry Mendelovich <[email protected]> * fix(secrets): omit the code line (#5075) omit the code line * fix(secrets): omit the code line (#5075) omit the code line * chore: update release notes * feat(kustomize): Support inline skips for Kubernetes graph checks (#5070) add graph check to kustomize * feat(kustomize): Support inline skips for Kubernetes graph checks (#5070) add graph check to kustomize * chore: add skip comments to test secrets (#5077) * add skip comments to test secrets * enable checkov secrets scan and remove trufflehog * add trufflehog back * Create jekyll-gh-pages.yml * Update jekyll-gh-pages.yml * chore: update release notes * fix(sca): only run image referencer with sca_image framework (#5081) only run image referencer with sca_image framework * fix(sca): only run image referencer with sca_image framework (#5081) only run image referencer with sca_image framework * chore: update release notes * fix(terraform): skip invalid multiple modules names (#5079) * skip invalid multiple modeuls names * fix * fix(terraform): skip invalid multiple modules names (#5079) * skip invalid multiple modeuls names * fix * platform(graph): upload graphs to the platform (#5073) * implement upload graphs to the platform * fix lint * fix UTs * fix UTs * fix dogfood tests * fix * remove redundant import * platform(general): Add lines to SBOM (#5078) * add lines to sbom * tests * tests * lint * / * / * chore: update release notes * feat(kubernetes): Improve k8s perf (#5083) * remove deepcopy usage in k8s utils * cache repo file path calculation * fix linting * Merge 6a93b867c22569011d8d54e4ece7e70832cbd67a into 2124ce17efa29eadf59789929d1cc37397a0f1d6 * chore: bump peter-evans/create-pull-request from 5.0.0 to 5.0.1 (#5087) Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 5.0.0 to 5.0.1. - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](https://github.com/peter-evans/create-pull-request/compare/5b4a9f6a9e2af26e5f02351490b90d01eb8ec1e5...284f54f989303d2699d373481a0cfa13ad5a6666) --- updated-dependencies: - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: bump azure/setup-helm from 3.4 to 3.5 (#5086) Bumps [azure/setup-helm](https://github.com/azure/setup-helm) from 3.4 to 3.5. - [Release notes](https://github.com/azure/setup-helm/releases) - [Commits](https://github.com/azure/setup-helm/compare/v3.4...5119fcb9089d432beecbf79bb2c7915207344b78) --- updated-dependencies: - dependency-name: azure/setup-helm dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix(terraform): handle false-positives for Route53ZoneEnableDNSSECSigning (#5084) handle false-positives for Route53ZoneEnableDNSSECSigning Route53ZoneEnableDNSSECSigning is applicable only for public hosted zones. However, the check currently incorrectly applies to private hosted zones as well. Private hosted zones can be differentiated if the hosted zone is associated with a VPC. VPC configuration can be added inline via a vpc block or via a aws_route53_zone_association resource. * feat(terraform): EMR - At rest local disk, EBS and in transit encryption checks (#4968) * At rest lcoal disk, EBS and in transit encryption checks * fix test cases * update check logic * skip secret finding --------- Co-authored-by: Anton Grübel <[email protected]> * chore: make networkx import truly optional (#5080) make networkx import truly optional * fix(terraform): handle false-positives for Route53ZoneEnableDNSSECSigning (#5084) handle false-positives for Route53ZoneEnableDNSSECSigning Route53ZoneEnableDNSSECSigning is applicable only for public hosted zones. However, the check currently incorrectly applies to private hosted zones as well. Private hosted zones can be differentiated if the hosted zone is associated with a VPC. VPC configuration can be added inline via a vpc block or via a aws_route53_zone_association resource. * chore: make networkx import truly optional (#5080) make networkx import truly optional * fix(kubernetes): add mini k8s parser for invalid templates (#5088) * add k8s parser * add test * mypy * fix mypy, lint * fix mypy, lint * mypy * try to fix tests * add log * fix(kubernetes): add mini k8s parser for invalid templates (#5088) * add k8s parser * add test * mypy * fix mypy, lint * fix mypy, lint * mypy * try to fix tests * add log * chore: update release notes * feat(sca): using the lines in the directly in the record, rather than in the "vulnerability_details" + having it in ExtraResources (#5092) * fsd * adjust tests * fix --------- Co-authored-by: ipeleg <[email protected]> * Merge 0af202104cfba9e21f282b60d43e0103f079236f into 227e87339ca4c8301a75e1aedb16eef56178f894 * chore: update pre-commit and Python deps (#5091) update pre-commit and Python deps * feat(dockerfile): Support docker graph check skips (#5085) * add context creation and support graph check suppression * add docs * fix test * safely access context * chore: update pre-commit and Python deps (#5091) update pre-commit and Python deps * feat(kubernetes): seperate service acoount builder to improve performance (#5093) * Separated ServiceAccount handling from KeywordEdgeBuidler to improve performance in this case * prettify * CR and flake fixes * mypy * mypy * added check that service accounts even exist before updating cache * chore: update release notes * feat(sca): showing line numbers in the cli output for csv (#5096) * fsd * adjust tests * fix * enabling displaying line number also for root packages without cves * adding "(lines)" only in case there are lines-details * adding "(lines)" only in case there are lines-details - fix * naming * fix for tests * fix for tests * Lines in the tests --------- Co-authored-by: ipeleg <[email protected]> * chore: update bc-detect-secrets version to 1.4.28 (#5105) update bc-detect-secrets version Co-authored-by: marynaKK <[email protected]> * feat(sca): showing line numbers in the cli output for licenses (#5098) * fsd * adjust tests * fix * enabling displaying line number also for root packages without cves * adding "(lines)" only in case there are lines-details * adding "(lines)" only in case there are lines-details - fix * naming * add lines for license violation + printing itr in the cli-outputop * fix for tests * fix for tests * fix tests * fix * fix * fix * fix * fix * Lines in the tests * add test * add test * add tests * add tests * fix the bug in v1 * change the output format + having tests --------- Co-authored-by: ipeleg <[email protected]> * linters * feat(general): add SPDX output (#5104) * add SPDX output * resolve merge conflict * create spdx output * except * licenses * Added licenses-expression to setup.py * Fix mypy for spdx.py * Fix setup.py * fixed setup.py and pipfile * Fixed mypy errors * Fixed mypy errors * Fix pipfile --------- Co-authored-by: nazoulay <[email protected]> Co-authored-by: Saar Ettinger <[email protected]> * feat(general): add SPDX output (#5104) * add SPDX output * resolve merge conflict * create spdx output * except * licenses * Added licenses-expression to setup.py * Fix mypy for spdx.py * Fix setup.py * fixed setup.py and pipfile * Fixed mypy errors * Fixed mypy errors * Fix pipfile --------- Co-authored-by: nazoulay <[email protected]> Co-authored-by: Saar Ettinger <[email protected]> * chore: update release notes * feat(terraform): Adding yaml based build time policies for corresponding PC runtime policies (#5089) * adding 2 YAML policies - S3 & Neptune security config * adding 2 YAML policies * adding 2 YAML policies * adding 2 YAML policies * added 2 YAML policies * updated the pass and fail cases * Updated terraform pass and fail cases * Deleted - AWS S3 global ACL view check * added policy "Ensure Elastic Search has dedicated master node enabled" CKV2_AWS_59: Ensure Elastic Search has dedicated master node enabled * added policy "CKV2_AWS_60: Ensure RDS instance with copy tags to snapshots is enabled" Ensure RDS instance with copy tags to snapshots is enabled * [New Policy]: CKV2_AZURE_23: Ensure Azure spring cloud is configured with Virtual network (Vnet) CKV2_AZURE_23: Ensure Azure spring cloud is configured with Virtual network (Vnet) * [2 new Policies]: CKV2_AZURE_24, CKV2_AZURE_25 CKV2_AZURE_24: Ensure Azure automation account is NOT overly permissive CKV2_AZURE_25: Ensure Azure SQL database Transparent Data Encryption (TDE) is enabled * Update checkov/terraform/checks/graph_checks/aws/ElasticSearchDedicatedMasterEnabled.yaml Added opensearch check capability Co-authored-by: Anton Grübel <[email protected]> * Modified CKV2_AWS_59: Ensure ElasticSearch/OpenSearch has dedicated master node enabled * Renamed/Modified CKV2_AZURE_24: Ensure Azure automation account does NOT have overly permissive network access * Renamed/Modified CKV2_AZURE_24: Ensure Azure automation account does NOT have overly permissive network access * Modified CKV2_AZURE_23: Ensure Azure spring cloud is configured with Virtual network (Vnet) * CKV2_AZURE_25: Ensure Azure SQL database Transparent Data Encryption (TDE) is enabled * Modified CKV2_AWS_60: Ensure RDS instance with copy tags to snapshots is enabled * Added 5 YAML policies * Modified CKV2_AWS_60: Ensure RDS instance with copy tags to snapshots is enabled * Partial YAML policy: AzureEnableDefenderForDNS * Partial completion of AzureEnableDefenderForDNS * Deleted AzurEnableForDefender * Added a YAML policy AzureSQLserverNotOverlyPermissive * Added policy: AzureRecoveryServicesvaultConfigManagedIdentity * Added policy: AzureAutomationAccConfigManagedIdentity * Added new YAML policy AzureMariaDBserverUsingTLS_1_2 * Added new YAML policy: AzureStorageAccountEnableSoftDelete and modified AzureMariaDBserverUsingTLS_1_2 * Updated test_yaml_policies.yaml * Modifications made based on PR inputs * adjust skip comment --------- Co-authored-by: Anton Grübel <[email protected]> * feat(terraform): NACL should restrict port ingress (#4976) * NACL should restrict ingress * NACL should restrict ingress * fix brain fog * adjust check name --------- Co-authored-by: Anton Grübel <[email protected]> * feat(terraform): NACL should restrict port ingress (#4976) * NACL should restrict ingress * NACL should restrict ingress * fix brain fog * adjust check name --------- Co-authored-by: Anton Grübel <[email protected]> * feat(terraform): NACL should restrict port ingress (#4976) * NACL should restrict ingress * NACL should restrict ingress * fix brain fog * adjust check name --------- Co-authored-by: Anton Grübel <[email protected]> * feat(secrets): add jwt detector to the secret runner (#5116) add jwt detector to the secret runner * feat(secrets): add jwt detector to the secret runner (#5116) add jwt detector to the secret runner * docs(general): Update CLI Command Reference.md (#5114) Update CLI Command Reference.md * fix(dockerfile): improve update searching in CKV_DOCKER_5 (#5115) improve update searching in CKV_DOCKER_5 * feat(terraform): RDS Enable Performance insights (#4983) * feat(terraform): RDS Enable Performance insights * adjust category * fix test --------- Co-authored-by: Anton Grübel <[email protected]> * feat(terraform): AWS Ensure RDS performance insights uses a CMK (#4985) * feat(terraform): AWS Ensure RDS performance insights uses a CMK * fix test --------- Co-authored-by: Anton Grübel <[email protected]> * feat(terraform): RDS Enable Performance insights (#4983) * feat(terraform): RDS Enable Performance insights * adjust category * fix test --------- Co-authored-by: Anton Grübel <[email protected]> * feat(terraform): AWS Ensure RDS performance insights uses a CMK (#4985) * feat(terraform): AWS Ensure RDS performance insights uses a CMK * fix test --------- Co-authored-by: Anton Grübel <[email protected]> * chore: enable mypy on part of terraform codebase (#5106) * enable mypy on part of terraform codebase * fix linting * chore: enable mypy on part of terraform codebase (#5106) * enable mypy on part of terraform codebase * fix linting * chore: update release notes * feat(sca): dockerfile image-referencer fixes (#5120) * dockerfile ir fixes * uts fixes * fix(gitlab): Skipping image blocks without name attribute (#5126) skipping image blocks without name attribute Co-authored-by: Eliran Turgeman <[email protected]> * fix(gitlab): Skipping image blocks without name attribute (#5126) skipping image blocks without name attribute Co-authored-by: Eliran Turgeman <[email protected]> * feat(sca): adding the risk factor v2 to the vulnerability details (#5108) * add the risk factor v2 o the vulnerability details * afjust tests --------- Co-authored-by: ipeleg <[email protected]> * feat(terraform): AWS Ensure RDS performance insights uses a CMK (#4985) * feat(terraform): AWS Ensure RDS performance insights uses a CMK * fix test --------- Co-authored-by: Anton Grübel <[email protected]> * chore: bump requests from 2.30.0 to 2.31.0 (#5125) Bumps [requests](https://github.com/psf/requests) from 2.30.0 to 2.31.0. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](https://github.com/psf/requests/compare/v2.30.0...v2.31.0) --- updated-dependencies: - dependency-name: requests dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: add type hints to tf modules and module_loading (#5119) * add type hints to tf modules and module_loading * add missing future annotation * chore: add type hints to tf modules and module_loading (#5119) * add type hints to tf modules and module_loading * add missing future annotation * platform(general): Enhancing Sarif output with Security Severity Level (#5074) * add severity level the name for sarif output * add severity level the name for sarif output * add comments to the code * switch to SEVERITY_TO_SCORE * Add a condition to add the properties dictionary * Check the existence of CVSS score * fix flake8 blank line missing * use get function on vulnerability_details * fix tests and update docs --------- Co-authored-by: gruebel <[email protected]> * feat(secrets): Add new pre-commit hook for secrets (#5103) * Add secrets hook * Update .pre-commit-hooks.yaml Co-authored-by: Anton Grübel <[email protected]> --------- Co-authored-by: Anton Grübel <[email protected]> * feat(secrets): Add new pre-commit hook for secrets (#5103) * Add secrets hook * Update .pre-commit-hooks.yaml Co-authored-by: Anton Grübel <[email protected]> --------- Co-authored-by: Anton Grübel <[email protected]> * fix(terraform): fix terraform variable rendering for provider alias (#5124) * fix terraform variable rendering for provider alias * fix test * fix(terraform): fix terraform variable rendering for provider alias (#5124) * fix terraform variable rendering for provider alias * fix test * feat(terraform): add check to look at star resources (#4996) * add check to look at star resources * add missing cases * slightly adjust code --------- Co-authored-by: gruebel <[email protected]> * feat(terraform): add check to look at star resources (#4996) * add check to look at star resources * add missing cases * slightly adjust code --------- Co-authored-by: gruebel <[email protected]> * feat(terraform): add check to look at star resources (#4996) * add check to look at star resources * add missing cases * slightly adjust code --------- Co-authored-by: gruebel <[email protected]> * chore: update release notes * platform(general): SBOM lines numbers adjusting (#5127) * output add lines * output add lines * mypy * lines * tests * get_package_lines * fix(kustomize): fix empty kustomize file crash (#5131) fix empty kustomize file crash * feat(terraform): IAM limit resource access (#5015) Co-authored-by: Anton Grübel <[email protected]> * feat(terraform): extend CKV2_AWS_5 with new resources (#5129) extend CKV2_AWS_5 with new resources * feat(terraform): extend CKV2_AWS_5 with new resources (#5129) extend CKV2_AWS_5 with new resources * feat(terraform): extend CKV2_AWS_5 with new resources (#5129) extend CKV2_AWS_5 with new resources * chore: replace deepcopy with pickle (#4885) * replace deepcopy with pickle * fix test * enable for_each handling by default * replace all other deepcopy usage * lower perf test thresholds and increase rounds * rename function name * chore: replace deepcopy with pickle (#4885) * replace deepcopy with pickle * fix test * enable for_each handling by default * replace all other deepcopy usage * lower perf test thresholds and increase rounds * rename function name * chore: update release notes * chore: disable checkov-secrets GHA job (#5138) disable checkov-secrets GHA job * fix(terraform): Should use UNKNOWN rather than skipped (#5136) * Should use UNKNOWN rather than skipped * Should use UNKNOWN rather than skipped * Should use UNKNOWN rather than skipped * Should use UNKNOWN rather than skipped * fix(terraform): Should use UNKNOWN rather than skipped (#5136) * Should use UNKNOWN rather than skipped * Should use UNKNOWN rather than skipped * Should use UNKNOWN rather than skipped * Should use UNKNOWN rather than skipped * feat(general): Added computation of git_root_path to igraph serialization (#5107) * Added computation of git_root_path to igraph serialization based on nodes * linters * Changed git usage to find root path with os.path.abspath * Matched graph json name to parameter Co-authored-by: YaaraVerner <[email protected]> * Made absolute_root_folder optional as it is only for cli runs * Used '' instead of None as default value to make sure it is serializeable --------- Co-authored-by: Nimrod Kor <[email protected]> Co-authored-by: YaaraVerner <[email protected]> * feat(terraform): foreach remove error from info log. (#5139) Remove error from info log. * feat(sca): adding validation for the file_line_number (#5132) * add some validation for the file_line_range * Update checkov/common/sca/commons.py Co-authored-by: Anton Grübel <[email protected]> * log instead of error --------- Co-authored-by: ipeleg <[email protected]> Co-authored-by: Anton Grübel <[email protected]> * feat(sca): adding validation for the file_line_number (#5132) * add some validation for the file_line_range * Update checkov/common/sca/commons.py Co-authored-by: Anton Grübel <[email protected]> * log instead of error --------- Co-authored-by: ipeleg <[email protected]> Co-authored-by: Anton Grübel <[email protected]> * chore: update release notes * chore: bump github/codeql-action from 2.3.3 to 2.3.5 (#5142) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.3 to 2.3.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/29b1f65c5e92e24fe6b6647da1eaabe529cec70f...0225834cc549ee0ca93cb085b92954821a145866) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: bump actions/setup-python from 4.6.0 to 4.6.1 (#5141) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.6.0 to 4.6.1. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/57ded4d7d5e986d7296eab16560982c6dd7c923b...bd6b4b6205c4dbad673328db7b31b7fab9e241c0) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * update Piplock * fixed Pipfile.lock * mypy fix --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: Aviad Hahami <[email protected]> Co-authored-by: gruebel <[email protected]> Co-authored-by: Eliran Turgeman <[email protected]> Co-authored-by: Eliran Turgeman <[email protected]> Co-authored-by: Barak Fatal <[email protected]> Co-authored-by: Aya Jbara <[email protected]> Co-authored-by: Taylor <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: YaaraVerner <[email protected]> Co-authored-by: James Woolfenden <[email protected]> Co-authored-by: Anton Grübel <[email protected]> Co-authored-by: ChanochShayner <[email protected]> Co-authored-by: marynaKK <[email protected]> Co-authored-by: Kartikeya Pande <[email protected]> Co-authored-by: Mike Urbanski <[email protected]> Co-authored-by: maxamel <[email protected]> Co-authored-by: Omry Mendelovich <[email protected]> Co-authored-by: Omry Mendelovich <[email protected]> Co-authored-by: pazbechor <[email protected]> Co-authored-by: pazbec <[email protected]> Co-authored-by: pazbechor <[email protected]> Co-authored-by: achiar99 <[email protected]> Co-authored-by: NathanDunning <[email protected]> Co-authored-by: Manu Chandrasekhar <[email protected]> Co-authored-by: LirShindalman <[email protected]> Co-authored-by: Nimrod Kor <[email protected]> Co-authored-by: Horia Gunica <[email protected]> Co-authored-by: james-otten-pan <[email protected]> Co-authored-by: omryMen <[email protected]> Co-authored-by: wadhah mahrouk <[email protected]> Co-authored-by: Noa Azoulay <[email protected]> Co-authored-by: shine <[email protected]> Co-authored-by: itai1357 <[email protected]> Co-authored-by: ipeleg <[email protected]> Co-authored-by: matansha <[email protected]> Co-authored-by: marynaKK <[email protected]> Co-authored-by: Barak Fatal <[email protected]> Co-authored-by: Saar Ettinger <[email protected]> Co-authored-by: Praveen <[email protected]> Co-authored-by: Simon Melotte <[email protected]>

bo156 force-pushed the hotfix/cross-variable-performance branch from 2721af0 to e64a38c Compare April 20, 2023 11:41

bo156 added 4 commits April 20, 2023 15:30

only call build_edges_for_vertex once under cross-variable-edges

6ee2b81

returned if and break

c58a3ff

flake8

c3aefee

Removed comment

22fbebd

bo156 force-pushed the hotfix/cross-variable-performance branch from eefaa91 to 22fbebd Compare April 20, 2023 12:30

rotemavni approved these changes Apr 20, 2023

View reviewed changes

YaaraVerner approved these changes Apr 23, 2023

View reviewed changes

bo156 merged commit 81fc591 into main Apr 23, 2023

bo156 deleted the hotfix/cross-variable-performance branch April 23, 2023 07:19

gruebel pushed a commit that referenced this pull request Apr 23, 2023

feat(terraform): cross variable performance improvement (#4946)

ad1f5e5

* only call build_edges_for_vertex once under cross-variable-edges * returned if and break * flake8 * Removed comment

bo156 mentioned this pull request Apr 27, 2023

fix(terraform): Added a condition to not override source module object for old parser #4975

Merged

7 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(terraform): cross variable performance improvement #4946

feat(terraform): cross variable performance improvement #4946

bo156 commented Apr 20, 2023

feat(terraform): cross variable performance improvement #4946

feat(terraform): cross variable performance improvement #4946

Conversation

bo156 commented Apr 20, 2023

Description

Checklist: