diff --git a/checkov/common/goget/github/get_git.py b/checkov/common/goget/github/get_git.py
index 29015d2dbc..0dd2652306 100644
--- a/checkov/common/goget/github/get_git.py
+++ b/checkov/common/goget/github/get_git.py
@@ -15,7 +15,7 @@
 except ImportError as e:
     git_import_error = e
 
-COMMIT_ID_PATTERN = re.compile(r"\?(ref=)(?P<commit_id>([0-9a-f]{40}))")
+COMMIT_ID_PATTERN = re.compile(r"\?(ref=)(?P<commit_id>([0-9a-f]{5,40}))")
 TAG_PATTERN = re.compile(r'\?(ref=)(?P<tag>(.*))')  # technically should be with ?ref=tags/ but this catches both
 BRANCH_PATTERN = re.compile(r'\?(ref=heads/)(?P<branch>(.*))')
 
diff --git a/tests/common/goget/test_goget_github.py b/tests/common/goget/test_goget_github.py
index 3b63e41195..8930483b5c 100644
--- a/tests/common/goget/test_goget_github.py
+++ b/tests/common/goget/test_goget_github.py
@@ -108,6 +108,17 @@ def test_parse_commit_id(self):
         self.assertEqual("aa218f56b14c9653891f9e74264a383fa43fefbd", getter.commit_id,
                          "Parsed source commit_id is wrong")
 
+    def test_parse_shortened_commit_id(self):
+        """Test parsing of shortened git commit IDs (5-39 characters)."""
+        url = "https://my-git.com/owner/repository-name?ref=aa218"
+        getter = GitGetter(url)
+        git_url = getter.extract_git_ref(url)
+
+        self.assertEqual(
+            "https://my-git.com/owner/repository-name", git_url, "Parsed source url is wrong for 5-char commit"
+        )
+        self.assertEqual("aa218", getter.commit_id, "Parsed source commit_id is wrong for 5-char commit")
+
     @patch('checkov.common.goget.github.get_git.Repo')
     @patch('shutil.copytree')
     @patch('os.makedirs')