Default policies in Checkov with an API key will now match the platform policies ⚠️

The latest release of Checkov includes an important policy update. The new default behavior when you use an API key is to only have policies that are in Bridgecrew/Code. This makes it a more consistent, integrated experience from Checkov to the platform. The previous behavior was that Checkov has more policies than the platform, leading to confusion about missing policies. You can still show all policies in Checkov scans using --include-all-checkov-policies.

Also, we’ve added the flag --include-all-checkov-policies to include all out of the box policies, including the ones that only exist in Checkov. Custom policies loaded locally will still run without this flag.

The behavior is as follows:

• if no API key, run all Checkov policies and all local custom policies
• with API key and without the --include-all-checkov-policies flag, run all policies that exist in the platform, all platform custom policies, and all local custom policies
• you can also use --check with specific check IDs to include them if they are Checkov-only, without including all Checkov policies
• with an API key and--include-all-checkov-policies, then runs all policies (same as the current behavior before this change)