Checkov Generating Different Results in Image and Local with the same setups

[jqlynchien713]

Describe the issue
We run the checkov in both image (ghcr.io/antonbabenko/pre-commit-terraform:latest) and local (MacOS), but got the two different result unfortunately.

We have the AWS EIP attached to the NAT gateway(CKV2_AWS_19) and not setting the default VPC's security group to restrict all traffic(CKV2_AWS_12). The test we run in the image showed these two alerts, whereas the local test showed that all of the checks were passed. The Checkov versions are both the same, which are 3.2.90, in both environments.

The way we test with docker image is to mount the local directory into image by the following command:

docker run -it --entrypoint "" -v $PWD:/app [image_hash] bash

As for the local setup, we install Checkov through HomeBrew.

Examples
The Terraform code for CKV2_AWS_19

resource "aws_eip" "this" {
  tags = {
    Name = "${var.vpc_name}-nat"
  }
}

The result generated in local:

The result generated in docker container:

Additionally, we run the tests without any customization, so there is no .checkov.yaml example file.

Desktop (please complete the following information):

• OS: MacOS 14.0 and Docker image
• Checkov Version: 3.2.90