infrastructure-as-code

Description
In log messages, salt.modules.tls uses csr_path in log messages without checking for a trailing slash, resulting in misleading log entries:

'Created Private Key: "/etc/ssl/MYCA/certsMY.HOSTNAME.key." '

(It also makes it appear that there's a trailing dot on the filename)

https://github.com/saltstack/salt/blob/v3003.3/salt/modules/tls.py#L1167 among other places. It pr

Container scanning schemas below 14.0.0 have been deprecated.

blob/main/contrib/gitlab.tpl:3 is using a deprecated version:

"version": "2.3",

The latest version of the schema is [14.1.0](https://gitlab.com/gitlab-org/gitla

Description

Currently ManagedRuleIdentifiers doesn't support identifier for s3-bucket-level-public-access-prohibited managed rule (S3_BUCKET_LEVEL_PUBLIC_ACCESS_PROHIBITED). The documentation for this rule is [here](https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-level-publi

I suggest adding MongoDB Atlas to the supported cloud as a feather.

Here are the steps to migrate a resource:

1. Pull latest changes from my refactor-migration-t1 branch.
2. Set the var SINGLE_RESOURCE_NAME in cmd/migrator/main.go to the resource filename.
3. Run go run cmd/migrator/main.go, the resource file would be edited and a new resource file will be created in internal/resources/aws
4. All things that the script was unable to migrate are chang

Is your feature request related to a problem? Please describe.
I want to be able to disable a whole level of violation. For example the low error level i want to disable but still run the checks on medium, high, critical.

Describe the solution you'd like
I would like to have this possible with a simple flag in the ci to do this. To disable the violation level : low, etc. that when yo

Describe the issue
I wouldn't expect to get the alert if not defined explicitly.

Examples
https://github.com/hashicorp/terraform-provider-google/releases/tag/v4.0.0

Version (please complete the following information):

• Checkov Version 2.0.780

• terrascan version: 1.9.0
• terraform version: 1.0.1

Enhancement Request

Other security scanning tools (e.g. checkov and tfsec) have a --soft-fail flag or equivalent option that allows you to always exit with 0 status.

Extremely useful when running the tool without halting a pipeline for example.

I currently use a workaround, but something more concrete would be very desira

I ran into a strange error message when trying to deploy a request driven web service in the Frankfurt (eu-central-1) region.

Template format error: Unrecognized resource types: [AWS::AppRunner::Service]

After some digging I found out that AppRunner isn't available in this region yet. It would be nice if copilot-cli could check whether a template is valid for the region and issue a warning

Description
For unmanaged security group rules, the json output currently shows only a hash generated based on the security group rule properties (such as from/to ports, protocol, sg ID). As far as I can tell, this makes it impossible to identify which rule is listed using the json report, and we have to run the "raw text" report to do so.

Example
Here is an example of the json output