Blog Banner

Part 8: PSRule Validation

(Part 8 in a 10-part series)

PSRule is a great addition to any project with Bicep and it can be very useful to help make sure your Bicep modules are safe and secure. From the about page:

“PSRule is a rules engine geared towards testing Infrastructure as Code (IaC). Rules you write or import perform static analysis on IaC artifacts such as: templates, manifests, pipelines, and workflows.”

If they don’t meet your criteria, in the config file you can specify certain rules that you want to ignore.

Including it in your pipelines is as simple as installing the Add-in, and then referencing it in your pipelines:

As with the security scan, you may want to use the “continueOnError” flag to make sure this step does not break your build until you figure out which rules are important to you and how to remediate any issues.

Example of output

As you can see – you’ll get some warnings like the last line:

failed Azure.Storage.SoftDelete. Enable blob soft delete on Storage Accounts.


Next step: Adding Azure DevOps Security Scan


References

About PSRule


Posted

in

, ,

by

Tags:

%d bloggers like this: