bridgecrewio · gruebel · Sep 4, 2022 · Sep 2, 2022 · Sep 2, 2022
diff --git a/README.md b/README.md
@@ -270,7 +270,7 @@ Run an SCA scan of packages in a repo:
 checkov -d . --framework sca_package --bc-api-key ... --repo-id <repo_id(arbitrary)>
 ```
 
-Run a scan of a directory with environment variables removing buffering, adding info level logs, turning on image referencer:
+Run a scan of a directory with environment variables removing buffering, adding debug level logs, turning on image referencer:
 ```sh
 PYTHONUNBUFFERED=1 LOG_LEVEL=DEBUG CHECKOV_EXPERIMENTAL_IMAGE_REFERENCING=TRUE checkov -d .
 ```

diff --git a/docs/3.Custom Policies/Python Custom Policies.md b/docs/3.Custom Policies/Python Custom Policies.md
@@ -16,13 +16,13 @@ Read also how to [create custom YAML Policies for attribute and composite scanni
 
 Specify a `name`, `ID`, `relevant resources` and `categories`.
 
-| Parameter | Description | Example/Comments |
-| -------- | -------- | -------- |
-| ``name`` | A new policy's unique purpose. It should ideally specify the positive desired outcome of the policy. |  |
-| ``id`` | A mandatory unique identifier of a policy. Native policies written by Bridgecrew contributors will follow the following convention:
-``CKV_providerType_serialNumber`` | `CKV_AWS_9` , `CKV_GCP_12` |
-| ``supported_resources`` | Infrastructure objects, as described in the scanned IaC's language. This usually contains one specific resource block. If you support multiple resources, you can use `*` to match any type of entity in that specific domain. | `*` use depends on which check base class you extend; see note below table. `?ws_*` will match anything where the second character is a `'w'`, the third is a `'s'` and the fourth is a `'_'`. |
-| ``categories`` | Categorization of a scan. Usually used to produce compliance reports, pipeline analytics and infrastructure health metrics, etc. |  |
+| Parameter                         | Description                                                                                                                                                                                                                    | Example/Comments                                                                                                                                                                               |
+|-----------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| ``name``                          | A new policy's unique purpose. It should ideally specify the positive desired outcome of the policy.                                                                                                                           |                                                                                                                                                                                                |
+| ``id``                            | A mandatory unique identifier of a policy. Native policies written by Bridgecrew contributors will follow the following convention: ``CKV_providerType_serialNumber``                                                          | `CKV_AWS_9` , `CKV_GCP_12`                                                                                                                                                                                                     |
+| ``supported_resources``           | Infrastructure objects, as described in the scanned IaC's language. This usually contains one specific resource block. If you support multiple resources, you can use `*` to match any type of entity in that specific domain. | `*` use depends on which check base class you extend; see note below table. `?ws_*` will match anything where the second character is a `'w'`, the third is a `'s'` and the fourth is a `'_'`. |
+| ``categories``                    | Categorization of a scan. Usually used to produce compliance reports, pipeline analytics and infrastructure health metrics, etc.                                                                                               |                                                                                                                                                                                                |
+| ``guideline``                     | (Optional) Add extra info to help the user to solve the issue.                                                                                                                                                                 | This is not needed                                                                                                                                                                             |
 
 **Note for Supported Resources Parameter:** If you extend `checkov.terraform.checks.resource.base_resource_check.BaseResourceCheck`, the check is registered for all Terraform resources.
 
@@ -243,7 +243,8 @@ class S3PCIPrivateACL(BaseResourceCheck):
         supported_resources = ['aws_s3_bucket']
         # CheckCategories are defined in models/enums.py
         categories = [CheckCategories.BACKUP_AND_RECOVERY]
-        super().__init__(name=name, id=id, categories=categories, supported_resources=supported_resources)
+        guideline = "Follow the link to get more info https://docs.bridgecrew.io/docs"
+        super().__init__(name=name, id=id, categories=categories, supported_resources=supported_resources, guideline=guideline)
 
     def scan_resource_conf(self, conf):
         """
@@ -278,21 +279,22 @@ checkov -d . --external-checks-dir my_extra_checks
 ```
 Verify the results:
 
-```python
+```shell
 Check: "Ensure PCI Scope buckets has private ACL (enable public ACL for non-pci buckets)"
 	FAILED for resource: aws_s3_bucket.credit_cards_bucket
 	File: /main.tf:80-90
+	Guide: Follow the link to get more info https://docs.bridgecrew.io/docs
 
 		80 | resource "aws_s3_bucket" "credit_cards_bucket" {
-		81 | region        = var.region
-		82 | bucket        = local.bucket_name
-		83 | acl           = "public-read"
-		84 | force_destroy = true
-		85 | 
-		86 | tags = {
-		87 | Scope = "PCI",
-		88 | 
-		89 | }
+		81 |   region        = var.region
+		82 |   bucket        = local.bucket_name
+		83 |   acl           = "public-read"
+		84 |   force_destroy = true
+		85 |
+		86 |   tags = {
+		87 |     Scope = "PCI",
+		88 |
+		89 |   }
 		90 | }
 ```
 

diff --git a/docs/8.Outputs/JUnit XML.md b/docs/8.Outputs/JUnit XML.md
@@ -126,7 +126,10 @@ SCA
     Base Score: 7.5
     Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
     Risk Factors: ["Has fix", "High severity", "Attack complexity: low", "Attack vector: network", "DoS"]
-
+    Fix Details:
+      Status: fixed in 2.8.1 
+      Fixed Version: 2.8.1
+
     Resource: package-lock.json.connect
     File: /package-lock.json: 0-0
 
@@ -141,6 +144,9 @@ SCA
   Link: <CVE link>
   Vector: <CVSS vector string>
   Risk Factors: <list of risk factors>
+  Fix Details:
+    Status: <status of possible fixed versions>
+    Fixed Version: <lowest fixed version>
   
   Resource: <resource ID>
   File: <file path>
@@ -223,7 +229,10 @@ SCA
                 Base Score: 7.5
                 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                 Risk Factors: ["Has fix", "High severity", "Attack complexity: low", "Attack vector: network", "DoS"]
-
+                Fix Details:
+                  Status: fixed in 2.8.1 
+                  Fixed Version: 2.8.1
+
                 Resource: package-lock.json.connect
                 File: /package-lock.json: 0-0