Is your feature request related to a problem? Please describe.
It would be nice if gitleaks had a validate command that would validate examples found in the config rules. Introducing such a feature would speed up rule development and help with debugging.
Describe the solution you'd like
example entry in the rules tables
ex:
[[rules]]
id = "discord-client-secret"
des
Describe the issue
Checkov skips terraform file when it can't parse a file. When you are using checkov in gitlab ci pipeline with junitxml output, it will be better to include such erros in 'Errors' list instead of ignoring them.
Examples
resource "aws_alb" "alb" {
name = "foobar-nlb"
load_balancer_type = "network"
enable_cross_z
Other security scanning tools (e.g. checkov and tfsec) have a --soft-fail flag or equivalent option that allows you to always exit with 0 status.
Extremely useful when running the tool without halting a pipeline for example.
I currently use a workaround, but something more concrete would be very desira
As identified in #1727, there may be multiple fields of CycloneDX BOMs that we currently don't ingest or display.
Assess DT's coverage of CycloneDX v1.4 fields and add support for ingesting and displaying missing fields.
Add a description, image, and links to the devsecops topic page so that developers can more easily learn about it.
To associate your repository with the devsecops topic, visit your repo's landing page and select "manage topics."
currently we have a version selector for every git tag, which is unnecessary overhead on the user. It is not needed from documentation perspective as there aren't (shouldn't be) any docs change in patch versions, only for new/changed features.
before:
v0.27.0, v0.27.1, v0.27.2, v0.28.0
after
v0.27, v0.28