ClarifiedSecurity · AllRWeak · Jan 6, 2026 · Dec 2, 2025 · Dec 3, 2025 · Dec 6, 2025
diff --git a/.github/workflows/docker-image-staging.yml b/.github/workflows/docker-image-staging.yml
@@ -13,7 +13,7 @@ jobs:
 
     steps:
       - name: Pulling Catapult repository...
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       - name: Logging into to GitHub Container Registry...
         uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -18,7 +18,7 @@ jobs:
 
     steps:
       - name: Pulling Catapult repository...
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           fetch-depth: 0
 
@@ -65,7 +65,7 @@ jobs:
 
     steps:
       - name: Cloning the repository repo...
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           fetch-depth: 0
           fetch-tags: true

diff --git a/.yarnrc.yml b/.yarnrc.yml
diff --git a/Dockerfile b/Dockerfile
@@ -28,13 +28,10 @@ RUN echo "builder     ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/builder
 RUN groupadd builder -g ${CONTAINER_GROUP_ID} && useradd -u ${CONTAINER_USER_ID} -g builder -m -d /home/builder -s /bin/bash -c "Builder user" builder
 RUN chown -R builder:builder /srv
 
-ADD --chown=builder:builder .yarnrc.yml /srv/.yarnrc.yml
 ADD --chown=builder:builder /container/home/builder/.default_aliases /srv/container/home/builder/.default_aliases
 ADD --chown=builder:builder /scripts /srv/scripts
 ADD --chown=builder:builder ansible.cfg /srv/ansible.cfg
 ADD --chown=builder:builder defaults /srv/defaults
-ADD --chown=builder:builder package.json /srv/package.json
-ADD --chown=builder:builder yarn.lock /srv/yarn.lock
 
 # Files that need to be present when using the image in CI pipelines
 ADD --chown=builder:builder inventories/_operating_systems /srv/inventories/_operating_systems

diff --git a/README.md b/README.md
@@ -9,7 +9,20 @@
 
 # Catapult
 
-Catapult is an infrastructure **development** tool to build, deploy and (re)configure different types of environments, such as Cyber Exercises, Trainings, Labs or even Production environments. It is designed to be used by people with some experience with Ansible, but it's a force multiplier for experienced Ansible users. Catapult does the heavy lifting in dependency management, virtual machine creation or remote/cloud service configuration so the developer can focus on the actual content of the machine or service. Catapult supports VM creation and configuration on vSphere, Proxmox, AWS, Azure and Linode. Alternatively you can also use Catapult to configure an already existing virtual or physical machines created by other means.
+Catapult is an infrastructure **development** tool to build, deploy and (re)configure different types of environments, such as Cyber Exercises, Trainings, Labs or even Production environments. It is designed to be used by people with some experience with Ansible, but it's a force multiplier for experienced Ansible users. Catapult does the heavy lifting in dependency management, virtual machine creation or remote/cloud service configuration so the developer can focus on the actual content of the machine or service.
+
+Catapult supports VM creation and configuration on:
+
+- AWS EC2
+- Azure
+- Linode
+- Proxmox
+- vSphere
+- OpenStack (limited and experimental support)
+
+If Catapult does not support VM creation for a specific environment not listed above, you can write it yourself (as a separate Ansible role to include) directly into your project and still be able to use all of the other features of Catapult.
+
+Alternatively you can also use Catapult to configure an already existing virtual or physical machines created by other means.
 
 Refer to [Catapult Docs](https://clarifiedsecurity.github.io/catapult-docs/catapult/01-installation/) for full documentation.
 

diff --git a/defaults/pyproject.toml b/defaults/pyproject.toml
@@ -2,7 +2,7 @@
 name = "catapult-venv"
 version = "1.0.0"
 description = "This a Python virtual environment for Catapult"
-requires-python = ">=3.12"
+requires-python = "==3.12.12"
 dependencies = [
     "aiohttp",
     "ansible-core==2.19.4",

diff --git a/defaults/requirements.yml b/defaults/requirements.yml
@@ -17,33 +17,33 @@ collections:
   - name: ansible.windows
     version: 3.3.0
   - name: azure.azcollection
-    version: 3.12.0
+    version: 3.13.0
   - name: chocolatey.chocolatey
     version: 1.5.3
   - name: cisco.ios
-    version: 11.1.1
+    version: 11.2.0
   - name: cloud.common
     version: 3.0.0
   - name: community.aws
     version: 10.0.0
   - name: community.crypto
-    version: 3.0.5
+    version: 3.1.0
   - name: community.docker
-    version: 5.0.3
+    version: 5.0.5
   - name: community.general
-    version: 12.1.0
+    version: 12.2.0
   - name: community.hashi_vault
     version: 7.1.0
   - name: community.library_inventory_filtering_v1
     version: 1.1.5
   - name: community.mysql
     version: 4.0.1
   - name: community.postgresql
-    version: 4.1.0
+    version: 4.2.0
   - name: community.proxmox
-    version: 1.3.0
+    version: 1.5.0
   - name: community.routeros
-    version: 3.14.0
+    version: 3.15.0
   - name: community.vmware
     version: 6.1.0
   - name: community.windows
@@ -53,7 +53,7 @@ collections:
   - name: kubernetes.core
     version: 6.2.0
   - name: linode.cloud
-    version: 0.41.1
+    version: 0.43.0
   - name: microsoft.ad
     version: 1.10.0
   - name: microsoft.iis
@@ -67,7 +67,7 @@ collections:
   - name: vmware.vmware_rest
     version: 4.9.0
   - name: vmware.vmware
-    version: 2.5.0
+    version: 2.6.0
   - name: vyos.vyos
     version: 5.0.0
   - name: https://github.com/vmware/ansible-for-nsxt.git

diff --git a/defaults/start.yml b/defaults/start.yml
@@ -63,47 +63,47 @@
 
     # Add -e single_role=role_name to the deploy command run the role and stop the play, useful for testing/development of a single role
     - role: nova.core.customization_single_role
-      become: "{{ default_ansible_become | default(omit) }}"
-      become_user: "{{ default_ansible_become_user | default(omit) }}"
+      become: "{{ default_ansible_become | default(true) }}"
+      become_user: "{{ default_ansible_become_user | default(admin_account) }}"
       when: single_role is defined
 
     - role: nova.core.accounts # Creating required accounts
-      become: "{{ default_ansible_become | default(omit) }}"
-      become_user: "{{ default_ansible_become_user | default(omit) }}"
+      become: "{{ default_ansible_become | default(true) }}"
+      become_user: "{{ default_ansible_become_user | default(admin_account) }}"
       when:
         - not role_only # Only deploys configuration under roles/vm/role_name and stops
         - not role_only_wp # wp means with pre/post_vm_role
 
     - role: nova.core.template_os_configuration # Used for configuring project or env specific templates
-      become: "{{ default_ansible_become | default(omit) }}"
-      become_user: "{{ default_ansible_become_user | default(omit) }}"
+      become: "{{ default_ansible_become | default(true) }}"
+      become_user: "{{ default_ansible_become_user | default(admin_account) }}"
       when: template
 
     - role: nova.core.os_configuration # Running OS specific configurations
-      become: "{{ default_ansible_become | default(omit) }}"
-      become_user: "{{ default_ansible_become_user | default(omit) }}"
+      become: "{{ default_ansible_become | default(true) }}"
+      become_user: "{{ default_ansible_become_user | default(admin_account) }}"
       when:
         - not role_only # Only deploys configuration under roles/vm/role_name and stops
         - not role_only_wp # wp means with pre/post_vm_role
 
     - role: nova.core.customization_pre_vm_role # Including pre_customization role if it exists
-      become: "{{ default_ansible_become | default(omit) }}"
-      become_user: "{{ default_ansible_become_user | default(omit) }}"
+      become: "{{ default_ansible_become | default(true) }}"
+      become_user: "{{ default_ansible_become_user | default(admin_account) }}"
       when:
         - not role_only
 
     - role: nova.core.customization # Including machine specific role if exists
-      become: "{{ default_ansible_become | default(omit) }}"
-      become_user: "{{ default_ansible_become_user | default(omit) }}"
+      become: "{{ default_ansible_become | default(true) }}"
+      become_user: "{{ default_ansible_become_user | default(admin_account) }}"
 
     - role: nova.core.customization_post_vm_role # Including post_customization specific role if exists
-      become: "{{ default_ansible_become | default(omit) }}"
-      become_user: "{{ default_ansible_become_user | default(omit) }}"
+      become: "{{ default_ansible_become | default(true) }}"
+      become_user: "{{ default_ansible_become_user | default(admin_account) }}"
       when:
         - not role_only
 
     - role: nova.core.finalize # Running final & cleanup tasks
-      become: "{{ default_ansible_become | default(omit) }}"
-      become_user: "{{ default_ansible_become_user | default(omit) }}"
+      become: "{{ default_ansible_become | default(true) }}"
+      become_user: "{{ default_ansible_become_user | default(admin_account) }}"
 
     - role: nova.core.get_ip