This version of checkov is flagging nuget-built files

[llourensenvision]

Please see this issue in the repo that provides an azure devops task wrapper, I believe I filed it in the incorrect project:
microsoft/security-devops-azdevops#130

Please see bridgecrewio/checkov#6984 (comment) as well, I've been trying to bring attention to this for a week or so..

Can we convince y'all to update to that newer version of checkov? Or can we override it ourselves somehow?

Every repo we have is flagging sha512 checksums as high vulnerabilities.

Further information:
the version of checkov that we are getting with the MicrosoftSecurityDevOps@1 task is version 3.2.358, and this version is flagging these checksums. Checkov is currently on version 3.6.362, and the issue appears to have been fixed by 3.6.360. We cannot be the only user whose nuget-build projects are getting flagged by this - any fix or guidance is very much appreciated.

[jbrotsos]

Hello @llourensenvision , I'm the Product Manager for this GH Action. While we wait response from the dev team, I'm hoping you can help me gather some feedback on your experience using this action. If you don't mind taking this 3 minute anonymous survey, it would be greatly appreciated!

https://forms.microsoft.com/r/tciV74znSh

James Brotsos - jamesbrotsos@microsoft.com