We are building an Open Source GitOps tool for Terraform (https://github.com/diggerhq/digger) and are looking for what’s missing. We also read & asked around. We found the following pain points already, curious for more:<p>1. In Atlantis,anyone who can run a plan, can exfiltrate your root credentials(https://www.youtube.com/watch?v=H9KvPe09f5A). This was talked about by others (https://alex.kaskaso.li/post/terraform-plan-rce) and was highlighted at the Defcon 2021 conference(https://www.youtube.com/watch?v=3ODhxYY9-9U). (CloudPosse)<p>2. “Atlantis shows plan output, if it's too long it splits it to different comments in the PR which is not horrible, just need to get used to it.” (User feedback)<p>3. Anyone that stumbles upon your Atlantis instance can disable apply commands, i.e. stopping production infrastructure changes. This isn’t obvious at all, and it would be a real head scratcher to work out why Atlantis suddenly stopped working! (Loveholidays blog - https://tech.loveholidays.com/enforcing-best-practice-on-self-serve-infrastructure-with-terraform-atlantis-and-policy-as-code-911f4f8c3e00)<p>4. “Atlantis does not have Drift Detection.” (Multiple users)<p>5. “The OPA support in atlantis is very basic.” (Multiple users)<p>As CloudPosse themselves explain (https://cloudposse.com/faqs/why-do-you-recommend-spacelift/) - “Atlantis was the first project to define a GitOps workflow for Terraform, but it's been left in the dust compared to newer alternatives.” The problem though is that none of the newer alternatives are Open Source, and this is what we want to change. Would be super grateful for any thoughts/insights and pain points you have faced.