Security Center checks & other static analysis #3890
Comments
ghost
added
the
alex-frankel
changed the title
|
We'd love to have as many check as possible in the Bicep linter and Security Center checks definitely make sense. My understanding is that security center checks are implemented via Azure Policy. If that's true, then we need to figure out a way to run policies "locally" against bicep code inside of the linter as a dedicated analyzer. |
|
@Tiberriver256 Check out PSRule for Azure. https://aka.ms/ps-rule-azure. It extends on the Bicep linters by adding rules that are less structure and syntax which Bicep already does great and focusses of Azure Well-Architected Framework (WAF) alignment. Currently it does not directly import policies, but that is planned work. Currently there are over 250 WAF rules, which is a lot of the policies that are detected via Security Center. We'd love to hear your feedback. |
Describe the solution you'd like
I would love to see something similar to tfsec for Bicep except linked up with Azure Security Center somehow. There are so many rules that could be running against our IoC instead of after a deployment. It would be super helpful to catch issues before a PR even gets merged.
The text was updated successfully, but these errors were encountered: