From 0762de84a12ab2c2856d6d113d6aa1214ef1f957 Mon Sep 17 00:00:00 2001 From: Anthony Shaw Date: Wed, 24 Apr 2024 14:58:19 +1000 Subject: [PATCH 1/2] Create bicep-audit.yml --- .github/workflows/bicep-audit.yml | 35 +++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 .github/workflows/bicep-audit.yml diff --git a/.github/workflows/bicep-audit.yml b/.github/workflows/bicep-audit.yml new file mode 100644 index 00000000..ea56eb6a --- /dev/null +++ b/.github/workflows/bicep-audit.yml @@ -0,0 +1,35 @@ +name: Analyze bicep templates +on: + push: + branches: + - main + paths: + - "infra/**" + pull_request: + branches: + - main + paths: + - "infra/**" + workflow_dispatch: + +jobs: + build: + runs-on: ubuntu-latest + permissions: + security-events: write + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Run Microsoft Security DevOps Analysis + uses: microsoft/security-devops-action@preview + id: msdo + continue-on-error: true + with: + tools: templateanalyzer + + - name: Upload alerts to Security tab + uses: github/codeql-action/upload-sarif@v3 + if: github.repository_owner == 'Azure-Samples' + with: + sarif_file: ${{ steps.msdo.outputs.sarifFile }} From 83d68e1e9da5faa5ff9ef56d16403e84e94bf6f8 Mon Sep 17 00:00:00 2001 From: Anthony Shaw Date: Wed, 24 Apr 2024 14:59:49 +1000 Subject: [PATCH 2/2] Update bicep-audit.yml --- .github/workflows/bicep-audit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/bicep-audit.yml b/.github/workflows/bicep-audit.yml index ea56eb6a..88febf67 100644 --- a/.github/workflows/bicep-audit.yml +++ b/.github/workflows/bicep-audit.yml @@ -30,6 +30,6 @@ jobs: - name: Upload alerts to Security tab uses: github/codeql-action/upload-sarif@v3 - if: github.repository_owner == 'Azure-Samples' + if: github.repository_owner == 'Azure' with: sarif_file: ${{ steps.msdo.outputs.sarifFile }}