Closed tonybaloney closed 1 month ago
Hello @tonybaloney, and thanks for the PR - looks interesting. I'm curious to understand what type of validation of the bicep files the action does - is it syntax, security, something else?
Almost entirely security. Some of the rules are here https://github.com/Azure/template-analyzer/blob/main/docs/built-in-rules.md I ran it by hand for this repository and it highlighted 13 issues. 2 of those are very easy to fix, but this gives a baseline
For those issues that you don't want to fix, you can close them in GitHub security with a reason. IF someone submits a PR with changes to the bicep that introduces a new security issue, it will add that to the PR review automatically.
Adds bicep audits to the GitHub workflows and uploads results to github security.
This pull request introduces a new GitHub Actions workflow that validates bicep templates. The workflow is triggered on push and pull request events to the
main
branch, specifically for changes to.bicep
files. It runs on the latest Ubuntu environment and uses themicrosoft/security-devops-action@preview
action to analyze the templates. If the repository owner is 'Azure-Samples', it uploads the analysis results to the Security tab using thegithub/codeql-action/upload-sarif@v3
action..github/workflows/bicep-audit.yml
: Added a new GitHub Actions workflow that validates bicep templates on push and pull request events to themain
branch. The workflow uses themicrosoft/security-devops-action@preview
action for analysis and thegithub/codeql-action/upload-sarif@v3
action to upload the analysis results to the Security tab if the repository owner is 'Azure-Samples'.