You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This directory contains Bicep templates for deploying Azure infrastructure and is scanned for compliance using PSRule.
4
+
5
+
## PSRule for Azure
6
+
7
+
PSRule is a tool for validating Azure resources against best practices and compliance rules. It can be used to ensure that your Bicep templates adhere to organizational standards.
8
+
9
+
To manually run PSRule against the Bicep templates in this directory, you can use the following command:
Some rules have been suppressed due to known issues or specific requirements. You can find the list of suppressed rules in the [ps-rule.yaml](./ps-rule.yaml) file.
18
+
19
+
## Resources
20
+
21
+
-[PSRule for Azure](https://azure.github.io/PSRule.Rules.Azure/)
22
+
-[PSRules for Azure Rule Reference](https://azure.github.io/PSRule.Rules.Azure/en/rules/)
- Azure.AKS.PoolScaleSet # run on a single node pool
10
+
- Azure.AKS.NodeMinPods # run on a single node pool
11
+
- Azure.AKS.AuditLogs # log storage would be too expensive
12
+
- Azure.AKS.PlatformLogs # log storage would be too expensive
13
+
- Azure.AKS.NetworkPolicy # using cilium instead which is recommended but not in the allowlist in this rule
14
+
- Azure.AKS.DefenderProfile # log storage would be too expensive
15
+
- Azure.Deployment.SecureParameter # uniqueKeyPolicyKeys needs to be secured here https://github.com/Azure/bicep-registry-modules/blob/main/avm/res/document-db/database-account/main.bicep
0 commit comments