Skip to content

Replace template analyser with psrule for security audits #2

Replace template analyser with psrule for security audits

Replace template analyser with psrule for security audits #2

Triggered via pull request June 7, 2024 06:12
Status Success
Total duration 55s
Artifacts

bicep-audit.yml

on: pull_request
Fit to window
Zoom out
Zoom in

Annotations

10 errors and 3 warnings
build
AZR-000316: /home/runner/work/cosmos-aks-samples/cosmos-aks-samples/Bicep/main.test.bicep failed Azure.Deployment.SecureValue. Use secure parameters for setting properties of resources that contain sensitive information.
build
AZR-000316: main failed Azure.Deployment.SecureValue. Use secure parameters for setting properties of resources that contain sensitive information.
build
AZR-000263: aks-VNet failed Azure.VNET.UseNSGs. Virtual network (VNET) subnets should have Network Security Groups (NSGs) assigned.
build
AZR-000005: testacr failed Azure.ACR.AdminUser. Use Entra ID identities instead of using the registry admin user.
build
AZR-000009: testacr failed Azure.ACR.ContentTrust. Use container images signed by a trusted image publisher.
build
AZR-000402: testacr failed Azure.ACR.Firewall. Limit network access of container registries to only trusted clients.
build
AZR-000022: testaks failed Azure.AKS.AuditLogs. AKS clusters should collect security-based audit logs to assess and monitor the compliance status of workloads.
build
AZR-000027: testaks failed Azure.AKS.NetworkPolicy. Deploy AKS clusters with Network Policies enabled.
build
AZR-000028: testaks failed Azure.AKS.AzurePolicyAddOn. Configure Azure Kubernetes Service (AKS) clusters to use Azure Policy Add-on for Kubernetes.
build
AZR-000029: testaks failed Azure.AKS.ManagedAAD. Use AKS-managed Azure AD to simplify authorization and improve security.
build
Target object 'Bicep/main.test.bicep' has not been processed because no matching rules were found.
build
Target object '34e1cea1-2e50-2f69-4cf2-a5f7d6b43d30' has not been processed because no matching rules were found.
build
AZR-000388: testkv failed Azure.KeyVault.RBAC. Key Vaults should use Azure RBAC as the authorization system for the data plane.