We have interest in your remediation content. This would be in support of simplifying our current policyfile driven effortless infrastructure. We have a very large list of exceptions that correlate directly between each remediation cookbook and CIS inspec profile.
While currently engaged with PS, we're looking at how we could convert to this model. We noticed that the current remediation content is using independent scripts for each remediation action. This is not idempotent and does not follow chef's current best practices as we understand. (It seems like taking a step backwards) This also makes it a bit harder to guard against bad code. We would like to be able to use traditional cookbook logic to support both idempotence as well as proper guarding. Also, a way to manipulate the exceptions via a gui would be great! Automate would be a great place. The ability to add our own content or edit the cookbook resources would be nice as well.