Checkov (3.2.368) crashes with KeyError: '__startline__' when scanning restructured serverless YAML file

[vish-space]

We've been using Checkov for serverless checks in our Bitbucket Pipelines CI/CD, and it has been working fine with our standard serverless configurations, scanning everything properly. However, after recently modularizing our serverless YAML files—splitting them into separate files for functions and resources, and referencing them in the main serverless.yml — Checkov started throwing errors during scans. Specifically, it seems unable to process the file references within the main YAML file. Since restructuring, Checkov consistently throws a KeyError: '__startline__' when scanning. We've validated the YAML files using yamllint, and no syntax errors are present. The issue appears to be related to how Checkov handles modular serverless resources, and it persists even after addressing all reported YAML issues.

Examples

1. Please refer this Example code to reproduce the error it contains code before and after restructuring serverless https://github.com/vish-space/test-examples
2. Run Checkov: checkov -f serverless.yml

Exception Trace
ran LOG_LEVEL=debug checkov -d .

2025-02-10 11:22:41,323 [ThreadPoolEx] [DEBUG]  Running graph check: CKV2_AZURE_10
2025-02-10 11:22:41,323 [ThreadPoolEx] [DEBUG]  Running graph check: CKV2_AZURE_48
2025-02-10 11:22:41,323 [MainThread  ] [DEBUG]  Running check: Ensure that AWS Lambda function permissions delegated to AWS services are limited by SourceArn or SourceAccount on file /ResourceCF-CustomPermission.yml
2025-02-10 11:22:41,323 [ThreadPoolEx] [DEBUG]  Running graph check: CKV2_AZURE_46
2025-02-10 11:22:41,323 [MainThread  ] [DEBUG]  File /ResourceCF-CustomPermission.yml, resource "AWS::Lambda::Permission.CustomFunctionInvokePermission" check "Ensure that AWS Lambda function permissions delegated to AWS services are limited by SourceArn or SourceAccount" Result: {'result': <CheckResult.PASSED: 'PASSED'>, 'evaluated_keys': ['Properties/Principal', 'Properties/SourceArn', 'Properties/SourceAccount']}
2025-02-10 11:22:41,323 [MainThread  ] [DEBUG]  Secret was not saved in CKV_AWS_364, can't omit
2025-02-10 11:22:41,324 [MainThread  ] [DEBUG]  Secret was not saved in CKV_AWS_364, can't omit
2025-02-10 11:22:41,325 [MainThread  ] [DEBUG]  skip_severity = None, explicit_skip = [], regex_match = False, suppressed_policies: []
2025-02-10 11:22:41,332 [ThreadPoolEx] [DEBUG]  Running graph check: CKV2_AZURE_22
2025-02-10 11:22:41,331 [ThreadPoolEx] [DEBUG]  Running graph check: CKV2_AZURE_32
2025-02-10 11:22:41,331 [ThreadPoolEx] [DEBUG]  Running graph check: CKV2_AZURE_36
2025-02-10 11:22:41,335 [MainThread  ] [DEBUG]  Searching through [] and ['__init__.cpython-311.pyc']
2025-02-10 11:22:41,336 [ThreadPoolEx] [DEBUG]  Running graph check: CKV2_AWS_71
2025-02-10 11:22:41,348 [ThreadPoolEx] [DEBUG]  Running graph check: CKV2_DOCKER_6
2025-02-10 11:22:41,349 [ThreadPoolEx] [DEBUG]  Running graph check: CKV2_DOCKER_14
2025-02-10 11:22:41,351 [ThreadPoolEx] [DEBUG]  Running graph check: CKV2_AWS_53
2025-02-10 11:22:41,352 [ThreadPoolEx] [DEBUG]  Running graph check: CKV2_AWS_14
2025-02-10 11:22:41,350 [ThreadPoolEx] [DEBUG]  Running graph check: CKV2_AWS_44
2025-02-10 11:22:41,355 [ThreadPoolEx] [DEBUG]  Running graph check: CKV2_AWS_54
2025-02-10 11:22:41,355 [ThreadPoolEx] [DEBUG]  Running graph check: CKV2_AWS_27
2025-02-10 11:22:41,353 [ThreadPoolEx] [DEBUG]  Running graph check: CKV2_AWS_46
2025-02-10 11:22:41,355 [MainThread  ] [DEBUG]  Running function /home/vish/.local/lib/python3.11/site-packages/checkov/common/runners/object_runner.<lambda> with parallelization type 'fork'
2025-02-10 11:22:41,367 [ThreadPoolEx] [DEBUG]  Running graph check: CKV2_OCI_5
2025-02-10 11:22:41,367 [ThreadPoolEx] [DEBUG]  Running graph check: CKV2_OCI_6
2025-02-10 11:22:41,367 [ThreadPoolEx] [DEBUG]  Running graph check: CKV2_OCI_2
2025-02-10 11:22:41,411 [MainThread  ] [DEBUG]  Running function /home/vish/.local/lib/python3.11/site-packages/checkov/common/runners/object_runner.<lambda> with parallelization type 'fork'
2025-02-10 11:22:41,412 [MainThread  ] [DEBUG]  Running function /home/vish/.local/lib/python3.11/site-packages/checkov/common/runners/object_runner.<lambda> with parallelization type 'fork'
2025-02-10 11:22:41,392 [MainThread  ] [ERROR]  Exception traceback:
Traceback (most recent call last):
  File "/home/vish/.local/lib/python3.11/site-packages/checkov/main.py", line 532, in run
    self.scan_reports = runner_registry.run(
                        ^^^^^^^^^^^^^^^^^^^^
  File "/home/vish/.local/lib/python3.11/site-packages/checkov/common/runners/runner_registry.py", line 177, in run
    for result in parallel_runner_results:
  File "/home/vish/.local/lib/python3.11/site-packages/checkov/common/parallelizer/parallel_runner.py", line 110, in _run_function_multiprocess_fork
    raise v.internal_exception.with_traceback(v.internal_exception.__traceback__)
KeyError: '__startline__'
2025-02-10 11:22:41,435 [MainThread  ] [DEBUG]  Running function /home/vish/.local/lib/python3.11/site-packages/checkov/common/runners/object_runner.<lambda> with parallelization type 'fork'

checkov --version 3.2.368

Desktop (please complete the following information):

• OS: Ubuntu 20.04.6
• Checkov Version 3.2.368

Additional context

• Rolling back to older Checkov versions resulted in the same behavior.

[jbabala]

I'm having the same issue (serverless checks fail with the above error). Through trial and error I have found last working version to be 3.2.332.

[Stephen-Cousins]

I'm having the same issue (serverless checks fail with the above error). Through trial and error I have found last working version to be 3.2.332.

I have made this change for another project affected by it.
https://github.com/costa-coffee/costa-digital-inventory-availability/pull/124

[vish-space]

@jbabala I tested with 3.2.332 and while it resolves the issue for either resources or functions, it doesn’t work for both at the same time. If I focus on modernizing resources, functions fail, and vice versa.