v2.5.18

Feature

• general: Adds GHA support for skip-frameworks, skip-cve-package & output-bc-ids flags - #​5619
• terraform: Ensure that the SQL database is zone-redundant - #​5540
• terraform: Ensure the Azure Event Hub Namespace is zone redundant - #​5538

Bug Fix

• bicep: enforce encryption flag to be string for CKV_AZURE_97 - #​5669
• terraform_plan: Add provisioners to TF Plan parser - #​5622

v2.5.15

Feature

• terraform: Support for merge func inside jsondecode - #​5656

Bug Fix

• sca: make the abs path to be correcnt - #​5660

v2.5.13

Feature

• arm: implement CKV_AZURE_103 for ARM - #​5527
• arm: implement CKV_AZURE_96 for ARM - #​5506
• arm: implement CKV_AZURE_97 for ARM - #​5515

Bug Fix

• terraform: Added a check to make sure dynamic "blocks" are of the expected type - #​5642
• terraform: update CKV_AWS_339 valid EKS versions - #​5652

v2.5.11

Feature

• sca: giving file path on relative the the current dir for cases there is no either specified root_folder and the is no repo scan dir - #​5654

v2.5.10

Feature

• terraform: support scanning of Terraform managed modules instead of downloading them - #​5635

Bug Fix

• terraform: Fixing issues with checks CKV_AZURE_226 & CKV_AZURE_227 - #​5638

v2.5.9

Feature

• sca: support case where there are no cves suppressions - #​5636

v2.5.8

Feature

• general: Remove code upload for on-prem integrations - #​5624

v2.5.6

Feature

• arm: implement CKV_AZURE_95 for ARM - #​5500
• general: Added source and target to edge data - #​5621

Bug Fix

• terraform_plan: add azurerm_portal_dashboard to jsonify list - #​5618
• terraform: check if the dynamic name is one of the resources block - #​5607

v2.5.3

Breaking Change

• general: remove Python 3.7 - #​5605
• graph: remove CHECKOV_CREATE_GRAPH env var to control graph creation - #​5606

Bug Fix

• dockerfile: fix Docker image scan - #​5617
• openapi: Take into account that security is at the root level of your OpenAPI specification. - #​5603
• terraform: stop CKV_GCP_43 crashing when not a string - #​5561

v2.4.61

Bug Fix

• terraform: fix upload resource_subgraph_maps - #​5615

Platform

• terraform: Upload resource subgraph map - #​5612

v2.4.59

Platform

• terraform: fix in subgraphs uploads - #​5610

v2.4.58

Platform

• terraform: upload tf sub graphs - #​5596

v2.4.57

Feature

• terraform: Ensure ephemeral disks are used for OS disks - #​5584
• terraform: Ensure that App Service plan is zone redundant - #​5577
• terraform: Ensure that the AKS cluster encrypt temp disks, caches, and data flows between Compute and Storage resources - #​5588

v2.4.55

Feature

• general: Add image referencer rustworkx support - #​5564
• general: Add rustworkx support - #​5595
• terraform: Adding 2 new AWS policies - #​5599
• terraform: simply IMDSv2 checks - #​5601

v2.4.51

Feature

• arm: CKV_AZURE_88 convert to arm check - #​5465
• arm: implement CKV_AZURE_149 for ARM - #​5496

Bug Fix

• terraform: Adding missing null checks - #​5589

v2.4.50

Feature

• general: add rustworkx (#​5511) - #​5565
• general: Revert add rustworkx (#​5565)" - #​5594

v2.4.48

Platform

• general: expose retry and timeout configuration for interaction with the platform - #​5585

v2.4.47

Feature

• sca: creating alias mapping for javascript - #​5567
• sca: creating alias mapping for javascript - #​5582
• sca: revert creating alias mapping for javascript - #​5581

Bug Fix

• general: fix print to encode in windows - #​5572
• terraform: Nested source_module_objects with missing foreach key - #​5580

v2.4.39

Feature

• arm: implement CKV2_AZURE_27 for arm - #​5534
• terraform: Add new policy for deprecated runtimes - #​5555
• terraform: Ensure Event Hub Namespace uses at least TLS 1.2 - #​5535
• terraform: Ensure that the Ledger feature is enabled on database that requires cryptographic proof and nonrepudiation of data integrity - #​5541

v2.4.36

Feature

• general: add rustworkx - #​5511

Bug Fix

• terraform: Module from_dict func to static func - #​5562

v2.4.33

Feature

• general: attempt to fix overload in loaders and add tests - #​5549
• general: remove 3.7 integ. test - #​5556
• general: remove line to force code change - #​5558
• terraform: add check Neptune DB clusters should be configured to copy tags to snapshots - #​5552
• terraform: add CKV_AWS_361 to ensure Neptune DB cluster has adequate backup retention - #​5548

Bug Fix

• terraform: Fix external_modules_source_map serialization - #​5546

v2.4.32

Feature

• terraform: add check for Neptune DB clusters IAM database auth enabled - #​5545
• terraform: add CKV_AWS_360 to ensure backup retention period on AWS Document DB - #​5547

v2.4.30

Feature

• terraform: add public network checks for Azure Function and Web Apps - #​5533

v2.4.29

Feature

• arm: Implement CKV_AZURE_111 in ARM - #​5528
• arm: implement CKV_AZURE_134 for ARM - #​5518
• arm: implement CKV_AZURE_160 for arm - #​5526
• arm: implement CKV_AZURE_89 for ARM - #​5529

Bug Fix

• terraform: CKV_AWS_208 bug fix - #​5512

v2.4.27

Feature

• general: Check module download - #​5525
• general: Check module download and quit on failure - #​5523

v2.4.25

Feature

• arm: Implement CKV_AZURE_101 for ARM - #​5516
• arm: implement CKV_AZURE_107 for arm - #​5514
• arm: implement CKV_AZURE_113 for ARM - #​5510

v2.4.22

Feature

• arm: implement CKV_AZURE_112 for arm - #​5507
• arm: implement CKV_AZURE_40 for ARM - #​5499
• arm: implement CKV_AZURE_58 for ARM - #​5497
• arm: implement CKV_AZURE_94 for arm - #​5508

Bug Fix

• helm: Changed error message to failure to better differentiate problems - #​5517
• terraform_json: correctly parse data blocks in Terraform JSON - #​5509
• terraform: continue processing of TF modules in the same file - #​5503
• terraform: fix error type - #​5513

v2.4.18

Feature

• arm: implement CKV_AZURE_100 for arm - #​5490
• arm: implement CKV_AZURE_114 for arm - #​5489
• arm: implement CKV_AZURE_130 for arm - #​5485
• arm: implement CKV_AZURE_151 for arm - #​5484

Bug Fix

• arm: correctly handle json files with comments and output parsing errors - #​5495

v2.4.14

Feature

• arm: CKV_AZURE_66 implement config logging check for arm - #​5464
• arm: convert CKV_AZURE_65 to arm - #​5467
• arm: Implement CKV_AZURE_109 in arm - #​5483
• arm: implement CKV_AZURE_63 for arm - #​5475
• arm: implement CKV_AZURE_80 in arm - #​5476
• secrets: fix resource in git history scan - #​5482

Bug Fix

• terraform: extend CKV2_AWS_5 to include aws_appstream_fleet (#​5487) - #​5491

v2.4.10

Feature

• arm: migrate check CKV_AZURE_50 to arm - #​5453
• arm: translate tf CKV_AZURE_93 check to arm - #​5450
• kubernetes: Added new endpoint for both helm and kustomize - #​5481

Bug Fix

• dockerfile: consider platform flag in CKV_DOCKER_7 - #​5468
• kustomize: support kubectl 1.28+ - #​5480

v2.4.7

Feature

• secrets: handle non iac secrets FP - #​5478

v2.4.6

Bug Fix

• terraform: Replaced / with os.pathsep to support windows better in terraform runner - #​5473

Documentation

• terraform: make jq default - #​5462

v2.4.5

Bug Fix

• terraform: Fix for-each/count updating inner for each index for every child resource - #​5463

v2.4.4

Platform

• sca: Filter IR FW upload results by supportedIrFw list - #​5448

v2.4.2

Feature

• dockerfile: Add CKV2_DOCKER_17 for chpasswd - #​5441

Bug Fix

• kustomize: Fix kustomize ignoring external policy dir command line options - #​5436

v2.4.1

Feature

• terraform: Remove old tf parser - #​5420

Bug Fix

• terraform: ensure TFModule is created properly in definition context - #​5446

v2.3.365

Feature

• terraform: Removed most usages of enable_nested_modules - #​5415

v2.3.364

Feature

• sca: update spdx-tools dep to version 0.8.0 and lower bound it - #​5431
• terraform: Add address field on vertices even if render_variables is set to False - #​5434

Bug Fix

• terraform: add new attached resource possibility to CKV2_AWS_23 #​5424 - #​5429
• terraform: fix ordering issue in CKV_AWS_358 - #​5425

v2.3.361

Bug Fix

• arm: improve CKV_AZURE_24 check - #​5427

v2.3.360

Bug Fix

• general: Fix empty credentials file issue - #​5421

v2.3.358

Feature

• secrets: Make non-entropy signatures take precedence over entropy signatures - #​5412

Bug Fix

• terraform: Remove DMS S3 check CKV_AWS_299 - #​5413

v2.3.356

Feature

• terraform: Github Actions OIDC trust policy check - #​5402

v2.3.354

Feature

• general: allow --var-file to be passed as environment variable - #​5406
• terraform: Add new policy to ensure AWS Transfer server only allows secure protocols - #​5409

Platform

• general: remove obsolete run config fallback API call - #​5404

Documentation

• gha: Update setup-python version in GitHub Actions.md - #​5393

v2.3.351

Feature

• terraform: new serialization methods for module and block - #​5391

Bug Fix

• terraform: pr for upgrade-checkov - #​5400

v2.3.349

Bug Fix

• terraform: add TFDefinitionKey to get_entity_context_and_evaluations - #​5392
• terraform: consider new domain attribute in CKV2_AWS_19 - #​5383

v2.3.347

Feature

• sca: support composer.json - #​5382
• terraform: Use new function to create multi graph instead of single graph - #​5375

Platform

• general: Implement SSO Relay State Parameter in Checkov Output Links - #​5217

v2.3.343

Feature

• sca: fix package line numbers - #​5376

Bug Fix

• terraform: Fix CKV_AWS_104 to support new values - #​5377

v2.3.340

Feature

• general: enrich terraform definitions context key - #​5350

Bug Fix

• terraform: fix get module name - foreach or count - #​5373

v2.3.338

Feature

• terraform: add new function to create module and definitions with tests - #​5362
• terraform: GCP Ensure IAM Workload identity is restricted - #​5369

Bug Fix

• general: fix inline suppression collection inside lists - #​5370

v2.3.335

Bug Fix

• terraform: leverage read_file_with_any_encoding to safely look for modules - #​5360

v2.3.334

Feature

• general: Add resource code filter to all checkov loggers - #​5356
• general: Infrastructure for custom code logger filter - #​5346

Bug Fix

• kustomize: Avoid index error when calculating file path - #​5357

v2.3.331

Feature

• openapi: Add CKV_OPENAPI_21 - #​5268

Bug Fix

• secrets: handle regex error in custom secrets gracefully - #​5355

Documentation

• general: update docs about installation guidelines - #​5352

v2.3.329

Feature

• github: Add ability for External checks with git branch - #​5337
• sca: add fix command and code for indirect deps - #​5347

Bug Fix

• kubernetes: No dups when extracting images - #​5339

v2.3.326

Feature

• sca: add fix code and command to cve report - #​5333
• sca: fix code block array structure - #​5338

Bug Fix

• general: properly encode non supported chars in SARIF uri field - #​5336

Documentation

• sca: Add SCA skip comments to docs - #​5330

v2.3.324

Bug Fix

• kustomize: Added support for case where no parents are found for the relative fie path - #​5332
• terraform: Update CKV2_AWS_12 for the new defaults - #​5203

v2.3.321

Feature

• kustomize: Support child k8s resources inside kustomize origin annotations - #​5328

v2.3.320

Bug Fix

• kustomize: Checked for existence of caller_file_path in definitions_raw - #​5324
• openapi: Fix ws for CKV_OPENAPI_20 - #​5317
• terraform: CKV_AWS_342 - managed rules have predefined actions - #​5322

v2.3.318

Feature

• general: support UTF-16 and other encodings in multiple frameworks - #​5308
• kustomize: add back reverted kustomize annotations and update build github action to use github runners - #​5316
• kustomize: Add origin annotations to calculate bases of kustomize checks - #​5298

v2.3.316

Feature

• secrets: Improve the entropy keyword combinator secret scanner - #​5307

Bug Fix

• openapi: Fix CKV_OpenAPI_20 - #​5302
• terraform: fix invalid value in CKV_AWS_304 - #​5301
• terraform: support new field in CKV2_AWS_3 - #​5304

v2.3.314

Feature

• dockerfile: add ARM build for K8s container image - #​5293
• general: Add checkov.spec to enable PyInstaller - #​5281

Bug Fix

• terraform: remove CKV2_AZURE_18 check and improve CKV2_AZURE_1 - #​5294

v2.3.312

Platform

• general: use sca inline suppressions - #​5285

v2.3.311

Feature

• openapi: New OpenAPI check CKV_OPENAPI_20 - #​5253

v2.3.310

Bug Fix

• terraform: remove deprecated check CKV_GCP_67 - #​5275

Documentation

• general: Add csv to output - #​5273

v2.3.309

Feature

• graph: add experimental debug output for graph check evaluation - #​5257

Bug Fix

• general: revert add composer files to supported package files - #​5269

Platform

• general: add composer files to supported package files - #​5263

v2.3.306

Feature

• terraform: add module check for commit hash revision usage - #​5261

Bug Fix

• openapi: add security definition type validation into CKV_OPENAPI_9 - #​5262
• secrets: fix secrets omit crash when value is not string - #​5260
• terraform: ignore local modules in CKV_TF_1 - #​5264

v2.3.303

Bug Fix

• arm: consider encryption property in CKV_AZURE_2 - #​5254

v2.3.302

Bug Fix

• terraform: add missing AWS RDS CA certificate identifiers for aws_db_instance resource - #​5247

v2.3.301

Feature

• general: remove log from parallel common - #​5244

Platform

• general: Fix local repo generated name if ends with / - #​5243

v2.3.299

Feature

• terraform: ensure kms key policy is defined - #​5235

Bug Fix

• sca: fix wrongly invoked Image Referencer scanning when scanning a single file - #​5237
• terraform_plan: add terraform plan vertices to terraform graph if not exist - #​5230

v2.3.296

Bug Fix

• dockerfile: negative is_dockerfile() lookup on .dockerignore suffix - #​5219
• terraform: fix empty value issue for CKV_GIT_4 - #​5222

Documentation

• graph: add jsonpath custom policy example - #​5221

v2.3.294

Feature

• gha: add skip_path flag to GHA and allow multiple values in var_file - #​5213
• sca: add root package name and version to csv sbom - #​5211

v2.3.292

Feature

• arm: Handle another structure for SQL retention policy - #​5210

Bug Fix

• secrets: limit line length for custom secrets - #​5208
• terraform: Update GCP checks for plan files - #​5197

v2.3.289

Feature

• sca: removing the using of the constant CHECKOV_DISPLAY_REGISTRY_URL - #​5204

v2.3.287

Feature

• general: add checkov_diff pre-commit hook for scanning all changed files - #​5192

Bug Fix

• cloudformation: fix CKV_AWS_33 to consider deny statements - #​5193

Documentation

• general: Update pre-commit.md - #​5190

v2.3.285

Feature

• arm: and bicep: Ensure that Azure Front Door uses WAF in "Detection" or "Prevention" modes CKV_AZURE_123 - #​5049

Bug Fix

• general: handle cloned checks filtered via labels - #​5188
• terraform: adjust CKV_AZURE_6 to comply with new provider version - #​5189

v2.3.283

Feature

• arm: Handle arm db servers 2021 05 01 - #​5187
• terraform: Mark unresolved tf function calls as unresolved - #​5186

Documentation

• general: Add Enforcement CLI Command - #​5185

v2.3.281

Feature

• terraform_plan: Expose field changes to python checks - #​5112

Bug Fix

• general: Check that the result is not None before extracting vars in cli multiprocess runs - #​5183
• general: Correctly handle cli graphs in case we run with multiprocessing - #​5177

v2.3.278

Bug Fix

• kubernetes: dont' fail if spec is missing and default value is set to the fix value. - #​5167

v2.3.276

Feature

• arm: ARM and bicep checks for CKV_AZURE_121 - #​5029
• terraform: Ensure Application Gateway defines secure SSL protocols CKV_AZURE_217, 218 - #​5027
• terraform: Ensure Azure firewall sets threatintelMode to Deny - #​5013
• terraform: Ensure firewall defines a policy - #​5038
• terraform: Ensure Firewall policy has IDPS mode as deny - #​5039

Bug Fix

• dockerfile: support platform flag in CKV_DOCKER_11 - #​5170
• terraform: support condition in IAM policy data blocks - #​5171
• terraform: Unable to download Terraform modules from JFrog Artifactory - #​5155

v2.3.273

Feature

• ansible: add support of inline suppression for Ansible graph checks - #​5143
• terraform: Use just AWS regex to check EC2Credentials - #​5159

Bug Fix

• cloudformation: fix evaluate_default_refs func in cfn - #​5164
• general: fix SARIF output related to security-severity field - #​5160
• terraform: adjust CKV_AWS_85 to only look for one log type to pass - #​5162
• terraform: update latest major version of Postgres to v15 - #​5163

Platform

• general: Add no upload flag and report contributors for all API key runs - #​5052

v2.3.271

v2.3.267

Bug Fix

• kubernetes: fix extracting k8s nested resources - #​5146
• sca: suppression - fix unit testing - #​5158
• sca: suppression is not working on SCA packages - #​5156

v2.3.264

Feature

• terraform: don't fail CKV_AWS_2 on un-rendered value - #​5147
• terraform: Foreach support resources edges - #​5145

Bug Fix

• terraform: exclude unrestrictable actions in CKV_AWS_355 and CKV_AWS_356 - #​5135

Documentation

• general: Update operators with examples - #​5137

v2.3.261

Feature

• general: Added computation of git_root_path to igraph serialization - #​5107
• sca: adding validation for the file_line_number - #​5132
• terraform: foreach remove error from info log. - #​5139

Bug Fix

• terraform: Should use UNKNOWN rather than skipped - #​5136

v2.3.259

Feature

• terraform: extend CKV2_AWS_5 with new resources - #​5129
• terraform: IAM limit resource access - #​5015

Bug Fix

• kustomize: fix empty kustomize file crash - #​5131

Platform

• general: SBOM lines numbers adjusting - #​5127

v2.3.257

Feature

• sca: adding the risk factor v2 to the vulnerability details - #​5108
• sca: dockerfile image-referencer fixes - #​5120
• secrets: Add new pre-commit hook for secrets - #​5103
• terraform: add check to look at star resources - #​4996

Bug Fix

• gitlab: Skipping image blocks without name attribute - #​5126
• terraform: fix terraform variable rendering for provider alias - #​5124

Platform

• general: Enhancing Sarif output with Security Severity Level - #​5074

v2.3.251

Feature

• secrets: add jwt detector to the secret runner - #​5116
• terraform: Adding yaml based build time policies for corresponding PC runtime policies - #​5089
• terraform: AWS Ensure RDS performance insights uses a CMK - #​4985
• terraform: NACL should restrict port ingress - #​4976
• terraform: RDS Enable Performance insights - #​4983

Bug Fix

• dockerfile: improve update searching in CKV_DOCKER_5 - #​5115

Documentation

• general: Update CLI Command Reference.md - #​5114

v2.3.247

Feature

• general: add SPDX output - #​5104
• kubernetes: seperate service acoount builder to improve performance - #​5093
• sca: showing line numbers in the cli output for csv - #​5096
• sca: showing line numbers in the cli output for licenses - #​5098

v2.3.245

Feature

• dockerfile: Support docker graph check skips - #​5085
• sca: using the lines in the directly in the record, rather than in the "vulnerability_details" + having it in ExtraResources - #​5092

v2.3.243

Feature

• kubernetes: Improve k8s perf - #​5083
• terraform: EMR - At rest local disk, EBS and in transit encryption checks - #​4968

Bug Fix

• kubernetes: add mini k8s parser for invalid templates - #​5088
• terraform: handle false-positives for Route53ZoneEnableDNSSECSigning - #​5084

Platform

• general: Add lines to SBOM - #​5078
• graph: upload graphs to the platform - #​5073

v2.3.240

Bug Fix

• terraform: skip invalid multiple modules names - #​5079

v2.3.239

Bug Fix

• sca: only run image referencer with sca_image framework - #​5081

v2.3.238

Feature

• kustomize: Support inline skips for Kubernetes graph checks - #​5070

v2.3.237

Bug Fix

• secrets: add filter for suppressed custom secret checks - #​5068
• secrets: exclude Kubernetes secretName from secret scanning - #​5071
• secrets: omit the code line - #​5075

v2.3.234

Feature

• terraform: Added caller_file_path and caller_file_line_range to reduced report - #​5062
• terraform: AWS IAM don't generate root credentials 348 - #​4966
• terraform: Ensure Neptune cluster is encrypted with a CMK CKV_AWS_347 - #​4965

Bug Fix

• terraform: fix SQS encryption check CKV_AWS_27 - #​5065

Documentation

• general: Fix some links - #​5064
• general: update Python custom checks docs - #​5054

v2.3.231

Feature

• terraform: aws ensure delete protection for firewalls 344 - #​4870
• terraform: check that WAF rules have an action 342 - #​4806
• terraform: Ensure encryption for firewall uses a CMK CKV_AWS_345 - #​4871
• terraform: Ensure Network firewall policy defines a encryption configuration that uses a CMK - CKV_AWS_346 - #​4877

Bug Fix

• kubernetes: Update ckv_k8s_31 - #​4991

v2.3.227

Feature

• general: include missing files in save repository - #​5056
• terraform: launch config/template Ensure metadata hop =1 341 - #​4817
• terraform: Update CKV_AZURE_43 StorageAccountName.py VARIABLE_REFS - #​5045

Bug Fix

• arm: enabled is not true - #​5051
• cloudformation: Enable ALB to support tls1.3 policies #​4962 - #​5035
• secrets: add handling of unicode error - #​5055

v2.3.224

Platform

• general: Catch None responses from BE - #​5033

v2.3.223

Feature

• terraform: Elastic beanstalk uses managed updates and fixes the EB check while i… 340 - #​4816

Bug Fix

• secrets: don't scan images in git history - #​5040
• terraform: fix foreach render value for lookup - #​5037
• terraform: Handle entity context for for_each resources - #​5036

v2.3.220

Feature

• secrets: open the feature - scan git history - #​5022
• terraform: Set TF Modules for_each env var to true - #​5021
• terraform: Set TF modules for_each env vars as True - #​4794

Bug Fix

• secrets: add filter for suppressed custom secret checks - #​5016
• terraform: improve attribute performance - #​5014
• terraform: Update CKV_AWS_338 message and retention check for 0 - #​5018
• terraform: Update CKV2_AZURE_33 to remove checks on unrelated conditions - #​5020

v2.3.214

Bug Fix

• secrets: Adding quote to required secret in case needed - #​5008
• secrets: change color of invalid secret message - #​5007

Platform

• general: upload checks code_block to report - #​5001

v2.3.212

Feature

• kubernetes: support suppressing custom K8s policies - #​4990
• terraform: AWS EKS Use only platform supported versions 339 - #​4810
• terraform: Azure APIm backend uses only HTTPS - #​4811
• terraform: Ensure Cloudwatch retention is a year or more 338 - #​4799
• terraform: remove redundant foreach deepcopy - #​4982

Bug Fix

• secrets: fix missing history results when history store is used - #​4992
• terraform: secret- also check user data in launch config and template - #​4969

v2.3.205

Bug Fix

• gitlab: fix resource id parsing recursive - #​4987

Documentation

• terraform: fix docs formatting - #​4988

v2.3.204

Feature

• terraform: add support for private terraform registries - #​4964
• terraform: remove cross varaibles bad list comprehension - #​4948

Bug Fix

• general: log all returned enforcement rules for debugging - #​4989
• general: remove invalid URLs in GitLab SAST output - #​4960
• secrets: change default value of secret values to empty strings - #​4973
• terraform: Added a condition to not override source module object for old parser - #​4975

v2.3.199

Feature

• terraform: Ensure container defines a readonly root drive 336 - #​4788
• terraform: ensure pidmode is not set to host 335 - #​4786
• terraform: Ensure SSM params are encrypted using a CMK 337 - #​4789
• terraform: Network firewall must define a logging configuration CKV2_AWS_63 - #​4872
• terraform: Reduce module loading in TF Parser - #​4959

Bug Fix

• kustomize: fix image_referencer paths - #​4898
• terraform: support TF provider v3 for lifecycle existence check - [#​4952](https://redirect.github.com/bridgecrewio/ch