devsecops

Currently trivy can find package-lock.json and process it, looking for vulnerabilities. It would be nice if it could process pnpm-lock.yaml files too

Describe the bug
Check: CKV2_AWS_1: "Ensure that all NACL are attached to subnets"
FAILED for resource: aws_network_acl.elasticache
File: /tfplan.json:2623-2683
Guide: https://docs.bridgecrew.io/docs/ensure-that-all-nacl-are-attached-to-subnets

2624 |               "values": {
2625 |                 "arn": "arn:aws:ec2:us-east-1:907320361432:network-acl/acl-0ed5xxxx42a675e",
2626 |

• terrascan version: 1.9.0
• terraform version: 1.0.1

Enhancement Request

Other security scanning tools (e.g. checkov and tfsec) have a --soft-fail flag or equivalent option that allows you to always exit with 0 status.

Extremely useful when running the tool without halting a pipeline for example.

I currently use a workaround, but something more concrete would be very desira

Slack us first!
Hello. I write about problem here:
https://owasp.slack.com/archives/C2P5BA8MN/p1624892081234100

Be informative
As additional into slack I find the same behaviour with Risk Accepted findings. Into Metrics I see 0 Risk Accepted findings, but I have 1 Risk Accepted finding

Bug description
No error. Metrics into product, or metrics dushboard has incorrect info

The current swagger definition is autogenerated. The automatically generated definitions rely on reflection and annotations to create the documentation. The reflection capabilities are poor at best and lead to missing API parameters. Annotations can help in some cases, but the only fix for Swagger is to create individual POJOs for every possible request. This will lead to unnecessary large number

背景
管理员账号无法修改用户密码，有很多社区用户忘记密码需要进行重置

As a user of the secureCodeBox
I want to access the docs for the auto-discovery on the docs page
to be able to use configure and use it properly

• Include auto-discovery docs on the docs page
• Add a link to the docs page to the menu

Seeing the below error while installing rush.js. Probably might need a package in the base image. Any help would be appreciated.

#21 516.9 > [email protected] install /usr/local/lib/node_modules/@microsoft/rush/node_modules/keytar
#21 516.9 > prebuild-install || npm run build
#21 516.9 
#21 521.6 prebuild-install WARN install No prebuilt binaries found (target=14.16.0 runtime=node arch=arm64