infrastructure-as-code

Describe the solution you'd like
It would be nice to have a way to control whether a VM starts on boot or not. Maybe a new autostart option to salt.states.virt.running and/or salt.states.virt.defined? Or maybe a new function?

Describe alternatives you've considered
I'll probably use salt.modules.virt.set_autostart for now.

AlmaLinux should be detected as RHEL/CentOS. Trivy should be able to detect RHEL/CentOS vulnerabilities

https://almalinux.org/

According to the documentation:

"AWS Systems Manager Agent (SSM Agent) is preinstalled, by default, on the following Amazon Machine Images (AMIs):

Windows Server 2008-2012 R2 AMIs published in November 2016 or later

Windows Server 2016 and 2019"

However, the version mentioned in the issue does not support SSM. When I create the instance us

Terraform resource: azurerm_bastion_host
Pricing page: https://azure.microsoft.com/en-us/pricing/details/azure-bastion/
Whilst Azure allows upgrades via their UI/CLI, Terraform only supports "Azure Bastion", not "Azure Bastion Standard".

Describe the bug
Check: CKV2_AWS_1: "Ensure that all NACL are attached to subnets"
FAILED for resource: aws_network_acl.elasticache
File: /tfplan.json:2623-2683
Guide: https://docs.bridgecrew.io/docs/ensure-that-all-nacl-are-attached-to-subnets

2624 |               "values": {
2625 |                 "arn": "arn:aws:ec2:us-east-1:907320361432:network-acl/acl-0ed5xxxx42a675e",
2626 |

• terrascan version: 1.9.0
• terraform version: 1.0.1

Enhancement Request

Other security scanning tools (e.g. checkov and tfsec) have a --soft-fail flag or equivalent option that allows you to always exit with 0 status.

Extremely useful when running the tool without halting a pipeline for example.

I currently use a workaround, but something more concrete would be very desira

Copilot doesn't seem to have correct error behavior when I try to create a Scheduled Job with the same name as an existing service.

For example, in my app right now I have the following:

❯ copilot svc ls
Name                Type
----                ----
fe                  Load Balanced Web Service

I can see this in SSM:

❯ aws ssm get-parameter --name /copilot/applicatio

Description
For the non-deep mode, which is the default driftctl scan command, we display every time all the information about "unmanaged", "deleted", "drifted", "managed" resources, and the coverage.

It's quite unhelpful here to display the "drifted" resources since it would be ALL THE TIME equal to 0.

Example

Found 14 resource(s)
 - 21% coverage
 - 3 resource(s) managed

Garbage collection works by listing everything with the gc-tag. In a busy cluster, we really want that filter to happen server-side and ideally using an index of some sort.

That means we should use a Kubernetes label, not an annotation.

I think this will require a two-step migration plan (write both but continue to read annotation; release; drop support for annotation; release).