diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 09f27a127a..09d2ca52d2 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -97,7 +97,7 @@ jobs: strategy: fail-fast: true matrix: - python: ["3.8", "3.9"] + python: ["3.9"] os: [ubuntu-latest, windows-latest] runs-on: ${{ matrix.os }} steps: @@ -149,7 +149,7 @@ jobs: prisma-tests: runs-on: [ self-hosted, public, linux, x64 ] env: - PYTHON_VERSION: "3.8" + PYTHON_VERSION: "3.9" steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v3 - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v4 @@ -220,7 +220,7 @@ jobs: strategy: fail-fast: true matrix: - python: ["3.8", "3.9"] + python: ["3.9"] os: [ubuntu-latest] runs-on: ${{ matrix.os }} continue-on-error: true # for now it is ok to fail @@ -260,7 +260,7 @@ jobs: timeout-minutes: 30 runs-on: ubuntu-latest env: - PYTHON_VERSION: "3.8" + PYTHON_VERSION: "3.9" steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v3 - name: Set up Python ${{ env.PYTHON_VERSION }} @@ -298,7 +298,7 @@ jobs: id-token: write timeout-minutes: 30 env: - PYTHON_VERSION: "3.8" + PYTHON_VERSION: "3.9" steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v3 with: diff --git a/.github/workflows/coverage.yaml b/.github/workflows/coverage.yaml index e0bd89c5c2..0d2512b874 100644 --- a/.github/workflows/coverage.yaml +++ b/.github/workflows/coverage.yaml @@ -15,7 +15,7 @@ jobs: contents: write environment: release env: - PYTHON_VERSION: "3.8" + PYTHON_VERSION: "3.9" steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v3 with: diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index b5177b63bf..5d8064df46 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -88,7 +88,7 @@ jobs: permissions: contents: write env: - PYTHON_VERSION: "3.8" + PYTHON_VERSION: "3.9" steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v3 with: @@ -135,7 +135,7 @@ jobs: if: needs.github-release.outputs.upload_url != '' runs-on: [self-hosted, public, linux, arm64] container: - image: arm64v8/python:3.8 + image: arm64v8/python:3.9 permissions: contents: write steps: diff --git a/.github/workflows/pr-test.yml b/.github/workflows/pr-test.yml index 1d80fc999d..28f4e320f6 100644 --- a/.github/workflows/pr-test.yml +++ b/.github/workflows/pr-test.yml @@ -46,8 +46,12 @@ jobs: - name: Filter YAML and JSON files if: steps.changed-files-specific.outputs.any_changed == 'true' id: filter-files - run: | - YAML_JSON_FILES=$(echo ${{ steps.changed-files-specific.outputs.all_changed_files }} | tr ' ' '\n' | grep -E '\.ya?ml$|\.json$' | tr '\n' ' ') + run: | + YAML_JSON_FILES=$(echo ${{ steps.changed-files-specific.outputs.all_changed_files }} \ + | tr ' ' '\n' \ + | grep -E '\.ya?ml$|\.json$' \ + | grep -v 'sam\.yaml$' \ + | tr '\n' ' ') if [ -n "$YAML_JSON_FILES" ]; then echo "YAML_JSON_FILES=$YAML_JSON_FILES" >> "$GITHUB_ENV" fi @@ -222,7 +226,7 @@ jobs: PRISMA_API_URL: ${{ secrets.PRISMA_API_URL_2 }} run: | # Just making sure the API key tests don't run on PRs - bash -c './integration_tests/prepare_data.sh ${{ matrix.os }} 3.8' + bash -c './integration_tests/prepare_data.sh ${{ matrix.os }} 3.9' - name: Run integration tests run: | pipenv run pytest integration_tests -k 'not api_key' diff --git a/cdk_integration_tests/src/python/LambdaEnvironmentCredentials/fail__2__.py b/cdk_integration_tests/src/python/LambdaEnvironmentCredentials/fail__2__.py index 287342a3a5..b04327a42d 100644 --- a/cdk_integration_tests/src/python/LambdaEnvironmentCredentials/fail__2__.py +++ b/cdk_integration_tests/src/python/LambdaEnvironmentCredentials/fail__2__.py @@ -31,7 +31,7 @@ def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: self, 'MyServerlessFunction', code_uri='lambda/', # Replace 'lambda/' with your function code directory handler='index.handler', - runtime='python3.8', + runtime='python3.9', environment={ 'MY_VARIABLE': 'pass' } diff --git a/cdk_integration_tests/src/python/LambdaEnvironmentCredentials/pass.py b/cdk_integration_tests/src/python/LambdaEnvironmentCredentials/pass.py index e98771811d..0959972e82 100644 --- a/cdk_integration_tests/src/python/LambdaEnvironmentCredentials/pass.py +++ b/cdk_integration_tests/src/python/LambdaEnvironmentCredentials/pass.py @@ -31,7 +31,7 @@ def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: self, 'MyServerlessFunction', code_uri='lambda/', # Replace 'lambda/' with your function code directory handler='index.handler', - runtime='python3.8', + runtime='python3.9', environment={ 'MY_VARIABLE': {'a':'b'} } diff --git a/cdk_integration_tests/src/python/LambdaEnvironmentEncryptionSettings/fail__2__.py b/cdk_integration_tests/src/python/LambdaEnvironmentEncryptionSettings/fail__2__.py index 92a0395f7f..bd1d21cb3f 100644 --- a/cdk_integration_tests/src/python/LambdaEnvironmentEncryptionSettings/fail__2__.py +++ b/cdk_integration_tests/src/python/LambdaEnvironmentEncryptionSettings/fail__2__.py @@ -30,7 +30,7 @@ def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: my_sam_function = sam.CfnFunction( self, 'MySAMFunction', handler='index.handler', - runtime='python3.8', + runtime='python3.9', code_uri='./path/to/your/function/code', environment={ 'MY_VARIABLE_1': 'Value1', diff --git a/cdk_integration_tests/src/python/LambdaEnvironmentEncryptionSettings/pass.py b/cdk_integration_tests/src/python/LambdaEnvironmentEncryptionSettings/pass.py index 4c62f94496..c6efa60e72 100644 --- a/cdk_integration_tests/src/python/LambdaEnvironmentEncryptionSettings/pass.py +++ b/cdk_integration_tests/src/python/LambdaEnvironmentEncryptionSettings/pass.py @@ -31,7 +31,7 @@ def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: my_sam_function = sam.CfnFunction( self, 'MySAMFunction', handler='index.handler', - runtime='python3.8', + runtime='python3.9', code_uri='./path/to/your/function/code', environment={ 'MY_VARIABLE_1': 'Value1', diff --git a/checkov/cloudformation/checks/resource/aws/DeprecatedLambdaRuntime.py b/checkov/cloudformation/checks/resource/aws/DeprecatedLambdaRuntime.py index abbb7c2c0c..7f25650c40 100644 --- a/checkov/cloudformation/checks/resource/aws/DeprecatedLambdaRuntime.py +++ b/checkov/cloudformation/checks/resource/aws/DeprecatedLambdaRuntime.py @@ -20,7 +20,7 @@ def get_forbidden_values(self) -> List[Any]: return ["dotnetcore3.1", "nodejs12.x", "python3.6", "python2.7", "dotnet5.0", "dotnetcore2.1", "ruby2.5", "nodejs10.x", "nodejs8.10", "nodejs4.3", "nodejs6.10", "dotnetcore1.0", "dotnetcore2.0", "nodejs4.3-edge", "nodejs", "java8", "python3.7", "go1.x", "provided", "ruby2.7", "nodejs14.x", - "nodejs16.x", "python3.8", "dotnet7", "dotnet6" + "nodejs16.x", "python3.9", "dotnet7", "dotnet6" # , "nodejs18.x" # Uncomment on Sept 1, 2025 # , "provided.al2" # Uncomment on Jun 30, 2026 # , "python3.9" # Uncomment on Nov 3, 2025 diff --git a/checkov/common/variables/context.py b/checkov/common/variables/context.py index cee0666bde..cb3f71aea5 100644 --- a/checkov/common/variables/context.py +++ b/checkov/common/variables/context.py @@ -4,9 +4,6 @@ from typing import Any -# NOTE: These would be better as TypedDict, but that requires python 3.8 :-( - - @dataclass class VarReference: definition_name: str # Example: 'region' diff --git a/checkov/terraform/checks/resource/aws/DeprecatedLambdaRuntime.py b/checkov/terraform/checks/resource/aws/DeprecatedLambdaRuntime.py index b9aa3df880..b2114a6ff3 100644 --- a/checkov/terraform/checks/resource/aws/DeprecatedLambdaRuntime.py +++ b/checkov/terraform/checks/resource/aws/DeprecatedLambdaRuntime.py @@ -20,7 +20,7 @@ def get_forbidden_values(self) -> List[Any]: return ["dotnetcore3.1", "nodejs12.x", "python3.6", "python2.7", "dotnet5.0", "dotnetcore2.1", "ruby2.5", "nodejs10.x", "nodejs8.10", "nodejs4.3", "nodejs6.10", "dotnetcore1.0", "dotnetcore2.0", "nodejs4.3-edge", "nodejs", "java8", "python3.7", "go1.x", "provided", "ruby2.7", "nodejs14.x", - "nodejs16.x", "python3.8", "dotnet7", "dotnet6" + "nodejs16.x", "python3.9", "dotnet7", "dotnet6" # , "nodejs18.x" # Uncomment on Sept 1, 2025 # , "provided.al2" # Uncomment on Jun 30, 2026 # , "python3.9" # Uncomment on Nov 3, 2025 diff --git a/integration_tests/prepare_data.sh b/integration_tests/prepare_data.sh index 4b8ef8dde6..30b57e7e63 100755 --- a/integration_tests/prepare_data.sh +++ b/integration_tests/prepare_data.sh @@ -29,7 +29,7 @@ else fi -if [[ "$2" == "3.8" && "$1" == "ubuntu-latest" ]] +if [[ "$2" == "3.9" && "$1" == "ubuntu-latest" ]] then pipenv run checkov -s -f terragoat/terraform/aws/s3.tf --repo-id checkov/integration_test --bc-api-key $BC_KEY > checkov_report_s3_singlefile_api_key_terragoat.txt pipenv run checkov -s -d terragoat/terraform/azure/ --repo-id checkov/integration_test --bc-api-key $BC_KEY > checkov_report_azuredir_api_key_terragoat.txt diff --git a/tests/cloudformation/checks/resource/aws/example_IAMRoleAllowAssumeFromAccount/example_IAMRoleAllowAssumeFromAccount-PASSED-2.yml b/tests/cloudformation/checks/resource/aws/example_IAMRoleAllowAssumeFromAccount/example_IAMRoleAllowAssumeFromAccount-PASSED-2.yml index 07347fd348..494bc6593e 100644 --- a/tests/cloudformation/checks/resource/aws/example_IAMRoleAllowAssumeFromAccount/example_IAMRoleAllowAssumeFromAccount-PASSED-2.yml +++ b/tests/cloudformation/checks/resource/aws/example_IAMRoleAllowAssumeFromAccount/example_IAMRoleAllowAssumeFromAccount-PASSED-2.yml @@ -756,5 +756,5 @@ Resources: Handler: index.lambda_handler Role: !GetAtt ScalingLambdaRole.Arn - Runtime: python3.8 + Runtime: python3.9 Timeout: 10 \ No newline at end of file diff --git a/tests/cloudformation/checks/resource/aws/example_LambdaDLQConfigured/FAIL.yaml b/tests/cloudformation/checks/resource/aws/example_LambdaDLQConfigured/FAIL.yaml index e75458a988..5c935618c9 100644 --- a/tests/cloudformation/checks/resource/aws/example_LambdaDLQConfigured/FAIL.yaml +++ b/tests/cloudformation/checks/resource/aws/example_LambdaDLQConfigured/FAIL.yaml @@ -8,4 +8,4 @@ Resources: Code: S3Bucket: my-bucket S3Key: function.zip - Runtime: python3.8 + Runtime: python3.9 diff --git a/tests/cloudformation/checks/resource/aws/example_LambdaDLQConfigured/PASS.yaml b/tests/cloudformation/checks/resource/aws/example_LambdaDLQConfigured/PASS.yaml index 567ab2e6b6..139994a478 100644 --- a/tests/cloudformation/checks/resource/aws/example_LambdaDLQConfigured/PASS.yaml +++ b/tests/cloudformation/checks/resource/aws/example_LambdaDLQConfigured/PASS.yaml @@ -8,6 +8,6 @@ Resources: Code: S3Bucket: my-bucket S3Key: function.zip - Runtime: python3.8 + Runtime: python3.9 DeadLetterConfig: TargetArn: arn:aws:sqs:eu-central-1:123456789012:dlq diff --git a/tests/cloudformation/checks/resource/aws/example_LambdaDLQConfigured/sam.yaml b/tests/cloudformation/checks/resource/aws/example_LambdaDLQConfigured/sam.yaml index 14fd591bff..7dec370c4a 100644 --- a/tests/cloudformation/checks/resource/aws/example_LambdaDLQConfigured/sam.yaml +++ b/tests/cloudformation/checks/resource/aws/example_LambdaDLQConfigured/sam.yaml @@ -6,7 +6,7 @@ Resources: Type: AWS::Serverless::Function Properties: Handler: app.lambdaHandler - Runtime: python3.8 + Runtime: python3.9 DeadLetterQueue: TargetArn: arn:aws:sqs:eu-central-1:123456789012:dlq Type: SQS @@ -15,4 +15,4 @@ Resources: Type: AWS::Serverless::Function Properties: Handler: app.lambdaHandler - Runtime: python3.8 + Runtime: python3.9 diff --git a/tests/cloudformation/checks/resource/aws/example_LambdaEnvironmentCredentials/sam.yaml b/tests/cloudformation/checks/resource/aws/example_LambdaEnvironmentCredentials/sam.yaml index f0eea84607..cb3a7edd6c 100644 --- a/tests/cloudformation/checks/resource/aws/example_LambdaEnvironmentCredentials/sam.yaml +++ b/tests/cloudformation/checks/resource/aws/example_LambdaEnvironmentCredentials/sam.yaml @@ -4,14 +4,14 @@ Transform: AWS::Serverless-2016-10-31 Globals: Function: Handler: app.lambdaHandler - Runtime: python3.8 + Runtime: python3.9 Resources: NoSecret: Type: AWS::Serverless::Function Properties: Handler: app.lambdaHandler - Runtime: python3.8 + Runtime: python3.9 Environment: Variables: key: value @@ -20,7 +20,7 @@ Resources: Type: AWS::Serverless::Function Properties: Handler: app.lambdaHandler - Runtime: python3.8 + Runtime: python3.9 NoProperties: Type: AWS::Serverless::Function @@ -29,7 +29,7 @@ Resources: Type: AWS::Serverless::Function Properties: Handler: app.lambdaHandler - Runtime: python3.8 + Runtime: python3.9 Environment: Variables: key: value diff --git a/tests/cloudformation/checks/resource/aws/example_LambdaEnvironmentEncryptionSettings/sam.yaml b/tests/cloudformation/checks/resource/aws/example_LambdaEnvironmentEncryptionSettings/sam.yaml index 0b14523b40..6134a5d4c5 100644 --- a/tests/cloudformation/checks/resource/aws/example_LambdaEnvironmentEncryptionSettings/sam.yaml +++ b/tests/cloudformation/checks/resource/aws/example_LambdaEnvironmentEncryptionSettings/sam.yaml @@ -6,7 +6,7 @@ Resources: Type: AWS::Serverless::Function Properties: Handler: app.lambdaHandler - Runtime: python3.8 + Runtime: python3.9 Environment: Variables: key: value @@ -16,13 +16,13 @@ Resources: Type: AWS::Serverless::Function Properties: Handler: app.lambdaHandler - Runtime: python3.8 + Runtime: python3.9 EnvAndNoKey: Type: AWS::Serverless::Function Properties: Handler: app.lambdaHandler - Runtime: python3.8 + Runtime: python3.9 Environment: Variables: key: value diff --git a/tests/cloudformation/checks/resource/aws/example_LambdaFunctionLevelConcurrentExecutionLimit/FAIL.yaml b/tests/cloudformation/checks/resource/aws/example_LambdaFunctionLevelConcurrentExecutionLimit/FAIL.yaml index e75458a988..5c935618c9 100644 --- a/tests/cloudformation/checks/resource/aws/example_LambdaFunctionLevelConcurrentExecutionLimit/FAIL.yaml +++ b/tests/cloudformation/checks/resource/aws/example_LambdaFunctionLevelConcurrentExecutionLimit/FAIL.yaml @@ -8,4 +8,4 @@ Resources: Code: S3Bucket: my-bucket S3Key: function.zip - Runtime: python3.8 + Runtime: python3.9 diff --git a/tests/cloudformation/checks/resource/aws/example_LambdaFunctionLevelConcurrentExecutionLimit/PASS.yaml b/tests/cloudformation/checks/resource/aws/example_LambdaFunctionLevelConcurrentExecutionLimit/PASS.yaml index 974998c67a..4be9435f03 100644 --- a/tests/cloudformation/checks/resource/aws/example_LambdaFunctionLevelConcurrentExecutionLimit/PASS.yaml +++ b/tests/cloudformation/checks/resource/aws/example_LambdaFunctionLevelConcurrentExecutionLimit/PASS.yaml @@ -8,5 +8,5 @@ Resources: Code: S3Bucket: my-bucket S3Key: function.zip - Runtime: python3.8 + Runtime: python3.9 ReservedConcurrentExecutions: 100 diff --git a/tests/cloudformation/checks/resource/aws/example_LambdaFunctionLevelConcurrentExecutionLimit/sam.yaml b/tests/cloudformation/checks/resource/aws/example_LambdaFunctionLevelConcurrentExecutionLimit/sam.yaml index 1f35d2104f..80297af49f 100644 --- a/tests/cloudformation/checks/resource/aws/example_LambdaFunctionLevelConcurrentExecutionLimit/sam.yaml +++ b/tests/cloudformation/checks/resource/aws/example_LambdaFunctionLevelConcurrentExecutionLimit/sam.yaml @@ -6,11 +6,11 @@ Resources: Type: AWS::Serverless::Function Properties: Handler: app.lambdaHandler - Runtime: python3.8 + Runtime: python3.9 ReservedConcurrentExecutions: 100 Default: Type: AWS::Serverless::Function Properties: Handler: app.lambdaHandler - Runtime: python3.8 + Runtime: python3.9 diff --git a/tests/cloudformation/checks/resource/aws/example_LambdaInVPC/FAIL.yaml b/tests/cloudformation/checks/resource/aws/example_LambdaInVPC/FAIL.yaml index e75458a988..5c935618c9 100644 --- a/tests/cloudformation/checks/resource/aws/example_LambdaInVPC/FAIL.yaml +++ b/tests/cloudformation/checks/resource/aws/example_LambdaInVPC/FAIL.yaml @@ -8,4 +8,4 @@ Resources: Code: S3Bucket: my-bucket S3Key: function.zip - Runtime: python3.8 + Runtime: python3.9 diff --git a/tests/cloudformation/checks/resource/aws/example_LambdaInVPC/PASS.yaml b/tests/cloudformation/checks/resource/aws/example_LambdaInVPC/PASS.yaml index d4c5347e39..9309e33ac4 100644 --- a/tests/cloudformation/checks/resource/aws/example_LambdaInVPC/PASS.yaml +++ b/tests/cloudformation/checks/resource/aws/example_LambdaInVPC/PASS.yaml @@ -8,10 +8,10 @@ Resources: Code: S3Bucket: my-bucket S3Key: function.zip - Runtime: python3.8 + Runtime: python3.9 VpcConfig: SecurityGroupIds: - - sg-12345 + - sg-01234567 SubnetIds: - - subnet-12345 - - subnet-67890 + - subnet-01234567 + - subnet-34567890 diff --git a/tests/cloudformation/checks/resource/aws/example_LambdaInVPC/sam.yaml b/tests/cloudformation/checks/resource/aws/example_LambdaInVPC/sam.yaml index 8f5b3b7654..de7dce105c 100644 --- a/tests/cloudformation/checks/resource/aws/example_LambdaInVPC/sam.yaml +++ b/tests/cloudformation/checks/resource/aws/example_LambdaInVPC/sam.yaml @@ -6,7 +6,7 @@ Resources: Type: AWS::Serverless::Function Properties: Handler: app.lambdaHandler - Runtime: python3.8 + Runtime: python3.9 VpcConfig: SecurityGroupIds: - sg-12345 @@ -18,4 +18,4 @@ Resources: Type: AWS::Serverless::Function Properties: Handler: app.lambdaHandler - Runtime: python3.8 + Runtime: python3. diff --git a/tests/cloudformation/graph/graph_builder/resources/sam/template.yaml b/tests/cloudformation/graph/graph_builder/resources/sam/template.yaml index 50e482ddf4..019f65b427 100644 --- a/tests/cloudformation/graph/graph_builder/resources/sam/template.yaml +++ b/tests/cloudformation/graph/graph_builder/resources/sam/template.yaml @@ -17,7 +17,7 @@ Globals: Function: Timeout: 5 CodeUri: src/ - Runtime: python3.8 + Runtime: python3.9 Tracing: Active Environment: Variables: diff --git a/tests/cloudformation/graph/graph_builder/test_local_graph.py b/tests/cloudformation/graph/graph_builder/test_local_graph.py index 51bdd0ea2d..bc7e3b8a1e 100644 --- a/tests/cloudformation/graph/graph_builder/test_local_graph.py +++ b/tests/cloudformation/graph/graph_builder/test_local_graph.py @@ -199,7 +199,7 @@ def test_build_graph_with_sam_resource(self): self.assertEqual(['subnet-123', 'subnet-456'], function_1_vertex.attributes["VpcConfig"]["SubnetIds"]) self.assertEqual("src/", function_2_vertex.attributes["CodeUri"]) - self.assertEqual("python3.8", function_2_vertex.attributes["Runtime"]) + self.assertEqual("python3.9", function_2_vertex.attributes["Runtime"]) self.assertEqual(5, function_2_vertex.attributes["Timeout"]) self.assertEqual("Active", function_2_vertex.attributes["Tracing"]) self.assertEqual("Production", function_2_vertex.attributes["Environment"]["Variables"]["STAGE"]) diff --git a/tests/github_actions/test_graph_manager.py b/tests/github_actions/test_graph_manager.py index 68399007ac..31e3d8ffaf 100644 --- a/tests/github_actions/test_graph_manager.py +++ b/tests/github_actions/test_graph_manager.py @@ -247,7 +247,7 @@ def test_build_def_context_1(): { "name": "Setup Python", "uses": "actions/setup-python@v3", - "with": {"python-version": "3.8", "__startline__": 14, "__endline__": 15}, + "with": {"python-version": "3.9", "__startline__": 14, "__endline__": 15}, "__startline__": 11, "__endline__": 15, }, @@ -315,7 +315,7 @@ def test_build_def_context_1(): (11, " - name: Setup Python\n"), (12, " uses: actions/setup-python@v3\n"), (13, " with:\n"), - (14, " python-version: '3.8'\n"), + (14, " python-version: '3.9'\n"), (15, " - name: Setup Poetry\n"), (16, " uses: Green/setup-poetry@v7\n"), (17, " - name: Install Python Dependencies\n"), @@ -360,7 +360,7 @@ def test_build_def_context_1(): (11, " - name: Setup Python\n"), (12, " uses: actions/setup-python@v3\n"), (13, " with:\n"), - (14, " python-version: '3.8'\n"), + (14, " python-version: '3.9'\n"), (15, " - name: Setup Poetry\n"), (16, " uses: Green/setup-poetry@v7\n"), (17, " - name: Install Python Dependencies\n"), diff --git a/tests/sca_image/examples/.github/workflows/vulnerable_container.yaml b/tests/sca_image/examples/.github/workflows/vulnerable_container.yaml index 76538c043c..45444980be 100644 --- a/tests/sca_image/examples/.github/workflows/vulnerable_container.yaml +++ b/tests/sca_image/examples/.github/workflows/vulnerable_container.yaml @@ -5,7 +5,7 @@ name: unsecure-worfklow jobs: my_job: container: - image: python:3.8-alpine + image: python:3.9-alpine env: NODE_ENV: development ports: diff --git a/tests/terraform/checks/resource/aws/example_LambdaCodeSigningConfigured/main.tf b/tests/terraform/checks/resource/aws/example_LambdaCodeSigningConfigured/main.tf index 88abaf1648..a06f696e06 100644 --- a/tests/terraform/checks/resource/aws/example_LambdaCodeSigningConfigured/main.tf +++ b/tests/terraform/checks/resource/aws/example_LambdaCodeSigningConfigured/main.tf @@ -3,7 +3,7 @@ resource "aws_lambda_function" "pass" { function_name = "test-env" role = "" - runtime = "python3.8" + runtime = "python3.9" code_signing_config_arn = "123123123" } @@ -12,5 +12,5 @@ resource "aws_lambda_function" "pass" { resource "aws_lambda_function" "fail" { function_name = "stest-env" role = "" - runtime = "python3.8" + runtime = "python3.9" } diff --git a/tests/terraform/checks/resource/aws/example_LambdaEnvironmentCredentials/main.tf b/tests/terraform/checks/resource/aws/example_LambdaEnvironmentCredentials/main.tf index d5bf76554f..58eab5b8b1 100644 --- a/tests/terraform/checks/resource/aws/example_LambdaEnvironmentCredentials/main.tf +++ b/tests/terraform/checks/resource/aws/example_LambdaEnvironmentCredentials/main.tf @@ -3,7 +3,7 @@ resource "aws_lambda_function" "pass" { function_name = "test-env" role = "" - runtime = "python3.8" + runtime = "python3.9" environment { variables = { @@ -15,7 +15,7 @@ resource "aws_lambda_function" "pass" { resource "aws_lambda_function" "no_env" { function_name = "test-env" role = "" - runtime = "python3.8" + runtime = "python3.9" } # fail @@ -23,7 +23,7 @@ resource "aws_lambda_function" "no_env" { resource "aws_lambda_function" "fail" { function_name = "stest-env" role = "" - runtime = "python3.8" + runtime = "python3.9" environment { variables = { diff --git a/tests/terraform/checks/resource/aws/example_LambdaXrayEnabled/main.tf b/tests/terraform/checks/resource/aws/example_LambdaXrayEnabled/main.tf index c487b00824..1303747576 100644 --- a/tests/terraform/checks/resource/aws/example_LambdaXrayEnabled/main.tf +++ b/tests/terraform/checks/resource/aws/example_LambdaXrayEnabled/main.tf @@ -3,7 +3,7 @@ resource "aws_lambda_function" "active" { function_name = "test-env" role = "" - runtime = "python3.8" + runtime = "python3.9" tracing_config { mode = "Active" @@ -13,7 +13,7 @@ resource "aws_lambda_function" "active" { resource "aws_lambda_function" "pass_through" { function_name = "test-env" role = "" - runtime = "python3.8" + runtime = "python3.9" tracing_config { mode = "PassThrough" @@ -25,5 +25,5 @@ resource "aws_lambda_function" "pass_through" { resource "aws_lambda_function" "default" { function_name = "test-env" role = "" - runtime = "python3.8" + runtime = "python3.9" } diff --git a/tests/terraform/graph/checks/resources/SGAttachedToResource/main.tf b/tests/terraform/graph/checks/resources/SGAttachedToResource/main.tf index f929258685..f2933637a3 100644 --- a/tests/terraform/graph/checks/resources/SGAttachedToResource/main.tf +++ b/tests/terraform/graph/checks/resources/SGAttachedToResource/main.tf @@ -645,7 +645,7 @@ resource "aws_lambda_function" "pass_lambda" { function_name = "lambda" handler = "lambda.handler" role = "aws_iam_role.lambda.arn" - runtime = "python3.8" + runtime = "python3.9" vpc_config { security_group_ids = [aws_security_group.pass_lambda.id] diff --git a/tests/terraform/graph/resources/modules/linked_modules/external_modules/terraform-aws-modules/s3-bucket/examples/notification/main.tf b/tests/terraform/graph/resources/modules/linked_modules/external_modules/terraform-aws-modules/s3-bucket/examples/notification/main.tf index b728f0c119..4b62246ef3 100644 --- a/tests/terraform/graph/resources/modules/linked_modules/external_modules/terraform-aws-modules/s3-bucket/examples/notification/main.tf +++ b/tests/terraform/graph/resources/modules/linked_modules/external_modules/terraform-aws-modules/s3-bucket/examples/notification/main.tf @@ -18,7 +18,7 @@ module "s3_bucket" { ############################################# locals { - package_url = "https://raw.githubusercontent.com/terraform-aws-modules/terraform-aws-lambda/master/examples/fixtures/python3.8-zip/existing_package.zip" + package_url = "https://raw.githubusercontent.com/terraform-aws-modules/terraform-aws-lambda/master/examples/fixtures/python3.9-zip/existing_package.zip" downloaded = "downloaded_package_${md5(local.package_url)}.zip" } @@ -45,7 +45,7 @@ module "lambda_function1" { function_name = "${random_pet.this.id}-lambda1" handler = "index.lambda_handler" - runtime = "python3.8" + runtime = "python3.9" create_package = false local_existing_package = data.null_data_source.downloaded_package.outputs["filename"]