infrastructure-as-code

Description

let's say I have an apache process group I want to control.

• when using supervisord.running, the name must be apache:* (which is the same notation used by supervisor)
• when using supervisord.dead, the name must be apache: (without the *)

As both states mirror each other, I expect them to use the same convention for name, the one from running since it

Currently, Trivy traverses all paths and looks for all Gemfile.lock in a container image. However, the image sometimes has only Gemfile.lock and doesn't install gems listed in the Gemfile.lock. I think a gem should have *.gemspec file if it is installed. e.g. rake.gemspec has the information about rake.

To avoid false positives from Gemfile.lock, we are probably able to take advantage of `*

We have two CDK applications:

• Application A bootstrapped with CDK v1.80 or so, with newStyleStackSynthesis manually set to true, eventually upgraded to CDK version 1.108.0 (template version 6)
• Application B, created using cdk init app shell command (cdk version 1.117.0), newStyleStackSynthesis flag is missing from automatically generated cdk.json file.

The bootstrapping process fro

Running infracost breakdown --config-file infracost.yml --terraform-workspace=ali-test correctly shows:

Error: --config-file flag cannot be used with the following flags: --path, --terraform-*, --usage-file

Our help text mentions the same thing:
      --config-file string            Path to Infracost config file. Cannot be used with path, terraform* or usage-file flags

However,

Uploading the SARIF formatted output to the GH repo fails. It does not appear to be valid SARIF according to the parser. Using the github/codeql-action/upload-sarif@v1 produces an error message with invalid data.

To Reproduce
Steps to reproduce the behavior:

1. Create a GH Action with the following steps to run the checkov scan and generate a checkov.sarif results file:

- name

• terrascan version: 1.9.0
• terraform version: 1.0.1

Enhancement Request

Other security scanning tools (e.g. checkov and tfsec) have a --soft-fail flag or equivalent option that allows you to always exit with 0 status.

Extremely useful when running the tool without halting a pipeline for example.

I currently use a workaround, but something more concrete would be very desira

Copilot doesn't seem to have correct error behavior when I try to create a Scheduled Job with the same name as an existing service.

For example, in my app right now I have the following:

❯ copilot svc ls
Name                Type
----                ----
fe                  Load Balanced Web Service

I can see this in SSM:

❯ aws ssm get-parameter --name /copilot/applicatio

Description
To complete #554, it can make sense to add resource source details for missing resources

Example
Follow pull-request attached to issues #874 #875 #876 for examples of implementation

Garbage collection works by listing everything with the gc-tag. In a busy cluster, we really want that filter to happen server-side and ideally using an index of some sort.

That means we should use a Kubernetes label, not an annotation.

I think this will require a two-step migration plan (write both but continue to read annotation; release; drop support for annotation; release).