-
Notifications
You must be signed in to change notification settings - Fork 31
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
09aaabf
commit aeb5a71
Showing
4 changed files
with
44 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -23,16 +23,23 @@ jobs: | |
- name: Checkout | ||
uses: actions/checkout@v4 | ||
|
||
- name: Run Microsoft Security DevOps Analysis | ||
uses: microsoft/security-devops-action@preview | ||
id: msdo | ||
continue-on-error: true | ||
- name: Run PSRule analysis | ||
uses: microsoft/[email protected] | ||
with: | ||
tools: templateanalyzer | ||
modules: PSRule.Rules.Azure | ||
baseline: Azure.Pillar.Security | ||
inputPath: infra/*.test.bicep | ||
outputFormat: Sarif | ||
outputPath: reports/ps-rule-results.sarif | ||
summary: true | ||
continue-on-error: true | ||
|
||
env: | ||
PSRULE_CONFIGURATION_AZURE_BICEP_FILE_EXPANSION: 'true' | ||
PSRULE_CONFIGURATION_AZURE_BICEP_FILE_EXPANSION_TIMEOUT: '30' | ||
|
||
- name: Upload alerts to Security tab | ||
uses: github/codeql-action/upload-sarif@v3 | ||
if: github.repository_owner == 'Azure-Samples' | ||
with: | ||
|
||
sarif_file: ${{ steps.msdo.outputs.sarifFile }} | ||
sarif_file: reports/ps-rule-results.sarif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
// This file is for doing static analysis and contains sensible defaults | ||
// for the template analyser to minimise false-positives and provide the best results. | ||
|
||
// This file is not intended to be used as a runtime configuration file. | ||
|
||
targetScope = 'subscription' | ||
|
||
param environmentName string = 'testing' | ||
param location string = 'westus2' | ||
|
||
@secure() | ||
param dbserverPassword string = newGuid() | ||
|
||
@secure() | ||
param secretKey string = newGuid() | ||
|
||
module main 'main.bicep' = { | ||
name: 'main' | ||
params: { | ||
name: environmentName | ||
location: location | ||
// These are used for static analysis and never deployed | ||
dbserverPassword: dbserverPassword | ||
secretKey: secretKey | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
# YAML: Set the AZURE_BICEP_FILE_EXPANSION configuration option to enable expansion | ||
configuration: | ||
AZURE_BICEP_FILE_EXPANSION: true |