Dependency trees in Checkov 🌲

Checkov software composition analysis (SCA) scans now build out a full dependency tree for supported package manager files. Before, only the root package was analyzed in the CLI, whereas full dependency trees were built in the platform. This lets users know about vulnerabilities in indirect dependencies locally and in CI/CD integrations.

The results are grouped by root package and include the package with the vulnerability, the CVE, the severity, the current version of the impacted package, the fix version of the root package, and the version of the root package that resolves all CVEs.

1600