-
Notifications
You must be signed in to change notification settings - Fork 84
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] Multiple <env>.bicepparam
creates multiple issues for findings in main.bicep
#2882
Comments
Hi @o-l-a-v, thanks for reporting the issue. Let me try to understand the issues here as it seems there may be more then one.
If this correct? or have I missed any key points here? For (1), this is expected because the For (2), this is expected because PSRule for Azure operates based on what resources would deployed. Since test and prod are each individual cases they should each flag issues. I agree however that a we could do better identifying the lines from For (3), that is not intended behaviour from the sounds of it. Can confirm you are exporting to SARIF and using GitHub Advanced Security? or is this reported in the pipeline output? If you are exporting to SARIF can you scan please save the .sarif file with an artifact upload, then download and manually verify if the issues are still reported in the .sarif file after the pipeline completes/ fails. |
I can only confidently confirm 2) for now. After I created the issue I saw PSRule reported that Bicep failed to compile some environment, that might've impacted 3). We changed the inputPath input parameter to point to the prod bicepparam file, instead of providing no value, and thus scanning the whole repo. It seems to behave as expected now. Would like to not get spammed with three code scanning alerts for dev, stage and prod bicepparam using the same main.bicep in the future. And pointing to the problematic file (main.bicep) with correct line and character, would also be helpful. Looking forward to improvements here. 😊 |
Existing rule
Azure.AppService.WebSecureFtp
Description of the issue
This happens with multiple rules, but let's take
Azure.AppService.WebSecureFtp
as an example.We have a
main.bicep
that creates abr/public:avm/res/web/site:0.3.5
withsiteConfig: {}
that takes no parameters, sobicepparam
should not affect this. In other works: AllsiteConfig: {}
settings and values are defined insidemain.bicep
.We then have multiple
<env>.bicepparam
, let's saytest.bicepparam
andprod.bicepparam
.Events:
<env>.bicepparam
.siteConfig: {ftpsState: 'FtpsOnly'}
tomain.bicep
and trigger a new PSRule scan.prod.bicepparam
gets closed.Error messages
None
Reproduction
See description.
Version of PSRule
2.9.0
Version of PSRule for Azure
1.36.0
Additional context
No response
The text was updated successfully, but these errors were encountered: