File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 11name : Scan Bicep code
22on :
33 push :
4- branches :
4+ branches :
55 - main
66 paths :
77 - " infra/bicep/**"
88 pull_request :
9- branches :
9+ branches :
1010 - main
1111 paths :
1212 - " infra/bicep/**"
@@ -19,17 +19,25 @@ jobs:
1919 security-events : write
2020 steps :
2121 - name : Checkout
22- uses : actions/checkout@v4
22+ uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
2323
24- - name : Run Microsoft Security DevOps Analysis
25- uses : microsoft/security-devops-action@preview
26- id : msdo
27- continue-on-error : true
24+ - name : Run PSRule analysis
25+ uses : microsoft/ps-rule@46451b8f5258c41beb5ae69ed7190ccbba84112c # v2.9.0
2826 with :
29- tools : templateanalyzer
27+ modules : PSRule.Rules.Azure
28+ baseline : Azure.Pillar.Security
29+ inputPath : infra/bicep/main.bicep
30+ outputFormat : Sarif
31+ outputPath : reports/ps-rule-results.sarif
32+ summary : true
33+ continue-on-error : true
34+
35+ env :
36+ PSRULE_CONFIGURATION_AZURE_BICEP_FILE_EXPANSION : " true"
37+ PSRULE_CONFIGURATION_AZURE_BICEP_FILE_EXPANSION_TIMEOUT : " 30"
3038
3139 - name : Upload alerts to Security tab
32- uses : github/codeql-action/upload-sarif@v3
40+ uses : github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3
3341 if : github.repository_owner == 'Azure-Samples'
3442 with :
3543 sarif_file : ${{ steps.msdo.outputs.sarifFile }}
You can’t perform that action at this time.
0 commit comments