BernieWhite
commented
1 week ago Hi @LianwMS, template analyzer is the integration tooling used by Defender for DevOp via microsoft/security-devops-action. The microsoft/security-devops-action action include a suite of tools for checking different types of Infrastructure as Code.
Template analyzer under the covers uses PSRule for most checks relating to Bicep and ARM templates, however there is an API for creating JSON based checks too.
PSRule can be used outside of Defender for DevOps as a separate open source tool, however there is some features you don't get. In GitHub this primarily includes: centralized management & alerting & security analysis with Microsoft Defender for Cloud and related tools.
I hope this answers the question.
Thanks for raising your first issue, the team appreciates the time you have taken 😉