Switch to PSRule for security testing

Azure-Samples / azure-search-openai-demo

A sample app for the Retrieval-Augmented Generation pattern running in Azure, using Azure AI Search for retrieval and Azure OpenAI large language models to power ChatGPT-style and Q&A experiences.

https://azure.microsoft.com/products/search

MIT License

5.57k stars 3.74k forks source link

Switch to PSRule for security testing #1687

Closed tonybaloney closed 2 weeks ago

tonybaloney commented 3 weeks ago

This PR replaces MSDO/template analyser with the PSRule GitHub Action.

template analyser recurses over all the bicep files in the folder and raises lots of false positives
PSRule is more configurable
We can test a specific set of parameters which works with AZD
template analyser doesn't work with conditional modules

Downsides:

The errors don't match to the source address of the bicep in the SARIF report

The main.test.bicep file is the set of parameters that we want to test, in our case which is the private network, isolated network environment.

github-advanced-security[bot] commented 3 weeks ago

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.