infrastructure-as-code

Description
In log messages, salt.modules.tls uses csr_path in log messages without checking for a trailing slash, resulting in misleading log entries:

'Created Private Key: "/etc/ssl/MYCA/certsMY.HOSTNAME.key." '

(It also makes it appear that there's a trailing dot on the filename)

https://github.com/saltstack/salt/blob/v3003.3/salt/modules/tls.py#L1167 among other places. It pr

Background:
The official Trivy images are labeled following the org.label-schema Label Schema. That schema has been deprecated in favor of the superseeding OCI image spec annotations.

The first tools rely on the org.opencontainers.image and ignore `

General Issue

Users are unable to specify transit gateway as a routertype when specifying a route for vpc subnets. As well as a variety of other types available through the AWS console.

The Question

I want to be able to provision routes to my transit gateway. As it stands, not all of the router_type are available via CDK.

The console allows users to specify a variety of o

I suggest adding MongoDB Atlas to the supported cloud as a feather.

Add a monthly_replicated_write usage parameters to AWS [RDS Cluster] (https://github.com/infracost/infracost/blob/master/internal/resources/aws/rds_cluster.go) to track charges for Replicated Write I/Os (see https://aws.amazon.com/rds/aurora/pricing/#Database_Storage_and_IOs)

Is your feature request related to a problem? Please describe.
I want to be able to disable a whole level of violation. For example the low error level i want to disable but still run the checks on medium, high, critical.

Describe the solution you'd like
I would like to have this possible with a simple flag in the ci to do this. To disable the violation level : low, etc. that when yo

Describe the issue
I wouldn't expect to get the alert if not defined explicitly.

Examples
https://github.com/hashicorp/terraform-provider-google/releases/tag/v4.0.0

Version (please complete the following information):

• Checkov Version 2.0.780

• terrascan version: 1.9.0
• terraform version: 1.0.1

Enhancement Request

Other security scanning tools (e.g. checkov and tfsec) have a --soft-fail flag or equivalent option that allows you to always exit with 0 status.

Extremely useful when running the tool without halting a pipeline for example.

I currently use a workaround, but something more concrete would be very desira

Currently, if I want to check for the logs of exited tasks, I need to go to AWS console, navigate to ECS, find the cluster, then the service, than switch to stopped tasks, then search for the logs there.

It would be helpful to have a copilot svg logs -p where -p stands for "previous task" (like k8s), that dumps the logs of the most recent stopped task.

Besides that, an `copilot svc logs

Description
For unmanaged security group rules, the json output currently shows only a hash generated based on the security group rule properties (such as from/to ports, protocol, sg ID). As far as I can tell, this makes it impossible to identify which rule is listed using the json report, and we have to run the "raw text" report to do so.

Example
Here is an example of the json output