infrastructure-as-code

Describe the solution you'd like
It would be nice to have a way to control whether a VM starts on boot or not. Maybe a new autostart option to salt.states.virt.running and/or salt.states.virt.defined? Or maybe a new function?

Describe alternatives you've considered
I'll probably use salt.modules.virt.set_autostart for now.

Currently, Trivy traverses all paths and looks for all Gemfile.lock in a container image. However, the image sometimes has only Gemfile.lock and doesn't install gems listed in the Gemfile.lock. I think a gem should have *.gemspec file if it is installed. e.g. rake.gemspec has the information about rake.

To avoid false positives from Gemfile.lock, we are probably able to take advantage of `*

It would be useful to have a way to list all fargate profiles associated with a fargate cluster. Currently there isn't a way to access the default profile created by the FargateCluster construct.

Use Case

My specific case is to allow new FargateCluster to create a default fargate profile, then fetch the pod execution role from that profile and reuse it later when adding further

I noticed the name/email output was doubled:

C:\infracost>infracost.exe register
Please enter your name and email address to get an API key.
See our FAQ (https://www.infracost.io/docs/faq) for more details.
Name: Txxxxr
Name: Txxxxr
Email: xxxx@gmail.com
Email: xxxx@gmail.com

Thank you Txxxxxr!
Your API key is: xxxx

Uploading the SARIF formatted output to the GH repo fails. It does not appear to be valid SARIF according to the parser. Using the github/codeql-action/upload-sarif@v1 produces an error message with invalid data.

To Reproduce
Steps to reproduce the behavior:

1. Create a GH Action with the following steps to run the checkov scan and generate a checkov.sarif results file:

- name

• terrascan version: 1.9.0
• terraform version: 1.0.1

Enhancement Request

Other security scanning tools (e.g. checkov and tfsec) have a --soft-fail flag or equivalent option that allows you to always exit with 0 status.

Extremely useful when running the tool without halting a pipeline for example.

I currently use a workaround, but something more concrete would be very desira

Copilot doesn't seem to have correct error behavior when I try to create a Scheduled Job with the same name as an existing service.

For example, in my app right now I have the following:

❯ copilot svc ls
Name                Type
----                ----
fe                  Load Balanced Web Service

I can see this in SSM:

❯ aws ssm get-parameter --name /copilot/applicatio

Description
To complete #554, it can make sense to add resource source details for missing resources

Example
Follow pull-request attached to issues #874 #875 #876 for examples of implementation

Garbage collection works by listing everything with the gc-tag. In a busy cluster, we really want that filter to happen server-side and ideally using an index of some sort.

That means we should use a Kubernetes label, not an annotation.

I think this will require a two-step migration plan (write both but continue to read annotation; release; drop support for annotation; release).