File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 11name : Scan Bicep code
22on :
33 push :
4- branches :
4+ branches :
55 - main
66 paths :
77 - " infra/bicep/**"
88 pull_request :
9- branches :
9+ branches :
1010 - main
1111 paths :
1212 - " infra/bicep/**"
@@ -19,17 +19,31 @@ jobs:
1919 security-events : write
2020 steps :
2121 - name : Checkout
22- uses : actions/checkout@v4
22+ uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
2323
24- - name : Run Microsoft Security DevOps Analysis
25- uses : microsoft/security-devops-action@preview
26- id : msdo
27- continue-on-error : true
24+ - name : Bicep Build
25+ uses : Azure/bicep-build-action@v1.0.0
26+ with :
27+ bicepFilePath : ./infra/bicep/main.bicep
28+ outputFilePath : ./azuredeploy.json
29+
30+ - name : Run PSRule analysis
31+ uses : microsoft/ps-rule@46451b8f5258c41beb5ae69ed7190ccbba84112c # v2.9.0
2832 with :
29- tools : templateanalyzer
33+ modules : PSRule.Rules.Azure
34+ baseline : Azure.Pillar.Security
35+ inputPath : ./azuredeploy.json
36+ outputFormat : Sarif
37+ outputPath : reports/ps-rule-results.sarif
38+ summary : true
39+ continue-on-error : true
40+
41+ env :
42+ PSRULE_CONFIGURATION_AZURE_BICEP_FILE_EXPANSION : " true"
43+ PSRULE_CONFIGURATION_AZURE_BICEP_FILE_EXPANSION_TIMEOUT : " 30"
3044
3145 - name : Upload alerts to Security tab
32- uses : github/codeql-action/upload-sarif@v3
46+ uses : github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3
3347 if : github.repository_owner == 'Azure-Samples'
3448 with :
3549 sarif_file : ${{ steps.msdo.outputs.sarifFile }}
You can’t perform that action at this time.
0 commit comments