infrastructure-as-code

Describe the solution you'd like
It would be nice to have a way to control whether a VM starts on boot or not. Maybe a new autostart option to salt.states.virt.running and/or salt.states.virt.defined? Or maybe a new function?

Describe alternatives you've considered
I'll probably use salt.modules.virt.set_autostart for now.

Currently trivy can find package-lock.json and process it, looking for vulnerabilities. It would be nice if it could process pnpm-lock.yaml files too

This is to bring feature parity between LinuxBuildImage (https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-codebuild.LinuxBuildImage.html#static-fromwbrecrwbrrepositoryrepository-tag) and LinuxGpuBuildImage (https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-codebuild.LinuxGpuBuildImage.html).

Specifically, add the fromEcrRepository method in this class.

Use Ca

Version Infracost v0.9.9. We should be able to lookup the filters used in the google_container_registry resource to see what's changed, the golden test files aren't picking this up so it might be related to the region being used.

Terraform resource:

resource "google_container_registry" "registry" {
  project   = var.project_id
}

Actual output, notice the first line is showing

Describe the bug
Check: CKV2_AWS_1: "Ensure that all NACL are attached to subnets"
FAILED for resource: aws_network_acl.elasticache
File: /tfplan.json:2623-2683
Guide: https://docs.bridgecrew.io/docs/ensure-that-all-nacl-are-attached-to-subnets

2624 |               "values": {
2625 |                 "arn": "arn:aws:ec2:us-east-1:907320361432:network-acl/acl-0ed5xxxx42a675e",
2626 |

• terrascan version: 1.9.0
• terraform version: 1.0.1

Enhancement Request

Other security scanning tools (e.g. checkov and tfsec) have a --soft-fail flag or equivalent option that allows you to always exit with 0 status.

Extremely useful when running the tool without halting a pipeline for example.

I currently use a workaround, but something more concrete would be very desira

Copilot doesn't seem to have correct error behavior when I try to create a Scheduled Job with the same name as an existing service.

For example, in my app right now I have the following:

❯ copilot svc ls
Name                Type
----                ----
fe                  Load Balanced Web Service

I can see this in SSM:

❯ aws ssm get-parameter --name /copilot/applicatio

Description
For the non-deep mode, which is the default driftctl scan command, we display every time all the information about "unmanaged", "deleted", "drifted", "managed" resources, and the coverage.

It's quite unhelpful here to display the "drifted" resources since it would be ALL THE TIME equal to 0.

Example

Found 14 resource(s)
 - 21% coverage
 - 3 resource(s) managed

Garbage collection works by listing everything with the gc-tag. In a busy cluster, we really want that filter to happen server-side and ideally using an index of some sort.

That means we should use a Kubernetes label, not an annotation.

I think this will require a two-step migration plan (write both but continue to read annotation; release; drop support for annotation; release).