This version of checkov is flagging nuget-built files #130
Comments
|
I've since realized that this is the repository for the build task that wraps the tool - you guys probably just download the most recent release of the collection of tools, and I need to take this issue up with the repo behind the CLI tool itself? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Please see bridgecrewio/checkov#6984 (comment)
Looking at the gdnconfig, it appears that checkov is using 3.2.199, whereas it's currently on 3.2.362.
Can we convince y'all to update to that newer version of checkov? Or can we override it ourselves with our own gdnconfig?
Every repo we have is flagging sha512 checksums as high vulnerabilities.
Further information:
the version that we are getting with the MicrosoftSecurityDevOps@1 task is version 3.2.358, and this version is flagging these checksums. Checkov is currently on version 3.6.362, and the issue appears to have been fixed by 3.6.36. We cannot be the only user whose nuget-build projects are getting flagged by this - any fix or guidance is very much appreciated.
The text was updated successfully, but these errors were encountered: