Merge branch 'main' into mariaDBConvertToARM

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,21 @@
+---
+name: Feature request
+about: Feature requests or requests for enhancements that are not bugs.
+title: ''
+labels: 'contribution requested'
+assignees: ''
+
+---
+
+**Describe the feature**
+
+Explain the feature in detail. Note that feature requests are always reviewed, but prioritized based on popularity, effort, and impact. We also welcome contributions.
+
+**Examples**
+
+Please share an example code sample (in the IaC of your choice) + expected inputs and outputs from Checkov + the expected outcomes.
+
+**Additional context**
+
+Add any other context about the problem here.
+

.github/PULL_REQUEST_TEMPLATE.md

@@ -2,14 +2,14 @@
 
 [//]: # "
     # PR Title
-    Be aware that we use the title to create changelog automatically and therefore only allow specific prefixes
-    - break:    to indicate a breaking change, this supersedes any of the types
+    We use the title to create changelog automatically and therefore only allow specific prefixes
+    - break:    to indicate a breaking change, this supersedes any of the other types
     - feat:     to indicate new features or checks
     - fix:      to indicate a bugfix or handling of edge cases of existing checks
     - docs:     to indicate an update to our documentation
     - chore:    to indicate adjustments to workflow files or dependency updates
     - platform: to indicate a change needed for the platform
-    Additionally a scope is needs to be added to the prefix, which indicates the targeted framework, in doubt choose 'general'.
+    Each prefix should be accompanied by a scope that specifies the targeted framework. If uncertain, use 'general'.
     #    
     Allowed prefixs:
     ansible|argo|arm|azure|bicep|bitbucket|circleci|cloudformation|dockerfile|github|gha|gitlab|helm|kubernetes|kustomize|openapi|sast|sca|secrets|serverless|terraform|general|graph|terraform_plan|terraform_json
@@ -34,10 +34,8 @@ Fixes # (issue)
 
 ## Checklist:
 
-- [ ] My code follows the style guidelines of this project
 - [ ] I have performed a self-review of my own code
 - [ ] I have commented my code, particularly in hard-to-understand areas
 - [ ] I have made corresponding changes to the documentation
 - [ ] I have added tests that prove my feature, policy, or fix is effective and works
 - [ ] New and existing tests pass locally with my changes
-- [ ] Any dependent changes have been merged and published in downstream modules

.github/workflows/pr-test.yml

@@ -38,12 +38,23 @@ jobs:
       - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c  # v4
         with:
           python-version: ${{ env.PYTHON_VERSION }}
+      - name: Get changed CFN test files
+        id: changed-files-specific
+        uses: tj-actions/changed-files@eaf854ef0c266753e1abec356dcf17d92695b251 # v44
+        with:
+          files: tests/cloudformation/checks/resource/aws/**/*
       - name: Install cfn-lint
+        if: steps.changed-files-specific.outputs.any_changed == 'true'
         run: |
           pip install -U cfn-lint
       - name: Lint Cloudformation templates
+        if: steps.changed-files-specific.outputs.any_changed == 'true'
+        env:
+          ALL_CHANGED_FILES: ${{ steps.changed-files-specific.outputs.all_changed_files }}
         run: |
-          cfn-lint tests/cloudformation/checks/resource/aws/**/* -i W
+          for file in $ALL_CHANGED_FILES; do
+            cfn-lint "$file" -i W
+          done
 
   mypy:
     uses: bridgecrewio/gha-reusable-workflows/.github/workflows/mypy.yaml@main
@@ -348,7 +359,6 @@ jobs:
           LOG_LEVEL: INFO
           BC_API_KEY: ${{ secrets.PRISMA_KEY_API2 }}
           PRISMA_API_URL: ${{ secrets.PRISMA_API_URL_2 }}
-          ENABLE_SAST_TYPESCRIPT: true
         if: env.BC_API_KEY != null
         run: bash -c './cdk_integration_tests/prepare_data.sh'
       - name: Run integration tests
@@ -391,7 +401,6 @@ jobs:
           LOG_LEVEL: INFO
           BC_API_KEY: ${{ secrets.PRISMA_KEY_API2 }}
           PRISMA_API_URL: ${{ secrets.PRISMA_API_URL_2 }}
-          ENABLE_SAST_TYPESCRIPT: true
         if: env.BC_API_KEY != null
         run: bash -c './cdk_integration_tests/prepare_data.sh'
       - name: Run integration tests

CONTRIBUTING.md

@@ -8,9 +8,13 @@ If you've already developed new checks we'd be happy to take a look at them and
 
 ## Open an issue
 
-Checkov is an open source project maintained by [Prisma Cloud by Palo Alto Networks](https://www.prismacloud.io/?utm_source=github&utm_medium=organic_oss&utm_campaign=checkov). We have dedicated maintainers developing 
-new content and adding more features. If you have a bug or an idea, start by opening an issue. Try to make it as 
-descriptive as possible. 
+Checkov is an open source project maintained by 
+[Prisma Cloud by Palo Alto Networks](https://www.prismacloud.io/?utm_source=github&utm_medium=organic_oss&utm_campaign=checkov). 
+Our team of maintainers continuously works on developing new features and enhancing existing features. If you encounter 
+a bug or have a suggestion, please start by opening an Issue. When reporting, provide a detailed description with examples 
+to help us understand the context and specifics. Please note that while we review every issue, non-critical or 
+non-blocking issues may be prioritized based on their popularity or frequency. We appreciate your contributions and 
+engagement in helping us improve Checkov.
 
 ## Developing and contributing code
 

Pipfile

@@ -43,7 +43,7 @@ types-colorama = "<0.5.0,>=0.4.3"
 # REMINDER: Update "install_requires" deps on setup.py when changing
 #
 bc-python-hcl2 = "==0.4.2"
-bc-detect-secrets = "==1.5.9"
+bc-detect-secrets = "==1.5.13"
 bc-jsonpath-ng = "==1.6.1"
 pycep-parser = "==0.4.1"
 tabulate = ">=0.9.0,<0.10.0"
@@ -86,6 +86,7 @@ license-expression = ">=30.1.0,<31.0.0"
 rustworkx = ">=0.13.0,<0.14.0"
 pydantic = ">=2.0.0,<3.0.0"
 botocore = "==1.34.25"
+urllib3 = "*"
 
 [requires]
 python_version = "3.8"