infrastructure-as-code

Description
the cmdmod functions look to all set saltenv to base instead of None and are not setting to __opts__['saltenv'] when saltenv in passed as not set. this gives the effect that cmd.script will not pull from saltenv config unless you pass saltenv directly to the module.

Setup
set saltenv in the config file of a minion to anything but base
add a file to the fileserver u

Container scanning schemas below 14.0.0 have been deprecated.

blob/main/contrib/gitlab.tpl:3 is using a deprecated version:

"version": "2.3",

The latest version of the schema is [14.1.0](https://gitlab.com/gitlab-org/gitla

Description

aws/aws-cdk#12386 introduced a requirement to add a topic name whenever a FIFO topic is created.

Do you think it's a good idea to generate a default name if it isn't provided by the user? All of the other CDK resources are named consistently using something similar to what cdk.Names.nodeUniqueId(node) does, ie MyStack2EC66409Topic.fifo, which preve

I suggest adding MongoDB Atlas to the supported cloud as a feather.

Here are the steps to migrate a resource:

1. Pull latest changes from my refactor-migration-t1 branch.
2. Set the var SINGLE_RESOURCE_NAME in cmd/migrator/main.go to the resource filename.
3. Run go run cmd/migrator/main.go, the resource file would be edited and a new resource file will be created in internal/resources/aws
4. All things that the script was unable to migrate are chang

Is your feature request related to a problem? Please describe.
I want to be able to disable a whole level of violation. For example the low error level i want to disable but still run the checks on medium, high, critical.

Describe the solution you'd like
I would like to have this possible with a simple flag in the ci to do this. To disable the violation level : low, etc. that when yo

Describe the issue
https://github.com/bridgecrewio/checkov/blob/master/checkov/dockerfile/checks/UserExists.py doesn't cover all of https://docs.bridgecrew.io/docs/ensure-that-a-user-for-the-container-has-been-created

Bridgecrew Policy ID: BC_DKR_3
Checkov Check ID: CKV_DOCKER_3

ToDo: Additionally check if gosu is executed in either CMD or ENTRYPOINT

Examples

FROM al

• terrascan version: 1.9.0
• terraform version: 1.0.1

Enhancement Request

Other security scanning tools (e.g. checkov and tfsec) have a --soft-fail flag or equivalent option that allows you to always exit with 0 status.

Extremely useful when running the tool without halting a pipeline for example.

I currently use a workaround, but something more concrete would be very desira

I ran into a strange error message when trying to deploy a request driven web service in the Frankfurt (eu-central-1) region.

Template format error: Unrecognized resource types: [AWS::AppRunner::Service]

After some digging I found out that AppRunner isn't available in this region yet. It would be nice if copilot-cli could check whether a template is valid for the region and issue a warning

Description
For unmanaged security group rules, the json output currently shows only a hash generated based on the security group rule properties (such as from/to ports, protocol, sg ID). As far as I can tell, this makes it impossible to identify which rule is listed using the json report, and we have to run the "raw text" report to do so.

Example
Here is an example of the json output