Azure-Samples
diff --git a/‎.devcontainer/devcontainer.json
Lines changed: 8 additions & 2 deletions b/‎.devcontainer/devcontainer.json
Lines changed: 8 additions & 2 deletions
diff --git a/‎.github/workflows/audit-bicep.yml
Lines changed: 18 additions & 12 deletions b/‎.github/workflows/audit-bicep.yml
Lines changed: 18 additions & 12 deletions
diff --git a/‎.github/workflows/audit-terraform.yml
Lines changed: 13 additions & 12 deletions b/‎.github/workflows/audit-terraform.yml
Lines changed: 13 additions & 12 deletions
diff --git a/‎.github/workflows/azure-dev.yaml
Lines changed: 0 additions & 60 deletions b/‎.github/workflows/azure-dev.yaml
Lines changed: 0 additions & 60 deletions
diff --git a/‎.github/workflows/test-azd-deployment.yaml
Lines changed: 0 additions & 163 deletions b/‎.github/workflows/test-azd-deployment.yaml
Lines changed: 0 additions & 163 deletions
@@ -47,8 +47,14 @@
         "golang.go",
         "Vue.volar",
         "rust-lang.rust-analyzer",
-        "ms-python.python"
+        "ms-python.python",
+        "ms-kubernetes-tools.vscode-aks-tools",
+        "ms-azuretools.vscode-bicep",
+        "hashicorp.terraform",
+        "ms-playwright.playwright",
+        "redhat.vscode-yaml",
+        "ms-azuretools.vscode-azureresourcegroups"
       ]
     }
   }
-}
+}
@@ -1,35 +1,41 @@
-name: Scan Bicep code
+name: audit-bicep
 on:
   push:
-    branches: 
+    branches:
       - main
     paths:
       - "infra/bicep/**"
   pull_request:
-    branches: 
+    branches:
       - main
     paths:
       - "infra/bicep/**"
   workflow_dispatch:
 
 jobs:
-  build:
+  psrule:
     runs-on: ubuntu-latest
     permissions:
       security-events: write
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
 
-      - name: Run Microsoft Security DevOps Analysis
-        uses: microsoft/security-devops-action@preview
-        id: msdo
-        continue-on-error: true
+      - name: Run PSRule analysis
+        uses: microsoft/ps-rule@46451b8f5258c41beb5ae69ed7190ccbba84112c # v2.9.0
         with:
-          tools: templateanalyzer
+          inputPath: main.test.bicep
+          modules: PSRule.Rules.Azure
+          option: ps-rule.yaml
+          outputFormat: Sarif
+          outputPath: reports/ps-rule-results.sarif
+          path: infra/bicep
+          summary: true
+        env:
+          PSRULE_AZURE_BICEP_PATH: "/usr/local/bin/bicep"
 
       - name: Upload alerts to Security tab
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3
         if: github.repository_owner == 'Azure-Samples'
         with:
-          sarif_file: ${{ steps.msdo.outputs.sarifFile }}
+          sarif_file: infra/bicep/reports/ps-rule-results.sarif
@@ -3,16 +3,16 @@
 # separate terms of service, privacy policy, and support
 # documentation.
 
-name: Scan Terraform code
+name: audit-terraform
 
 on:
   push:
-    branches: 
+    branches:
       - main
     paths:
       - "infra/terraform/**"
   pull_request:
-    branches: 
+    branches:
       - main
     paths:
       - "infra/terraform/**"
@@ -32,18 +32,19 @@ jobs:
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
 
       - name: Run Trivy vulnerability scanner in IaC mode for Terraform
-        uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # 0.20.0
+        uses: aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5 # v0.30.0
         with:
-          scan-type: 'config'
-          scan-ref: './infra/terraform'
+          scan-type: "config"
+          scan-ref: "./infra/terraform"
           hide-progress: true
-          format: 'sarif'
-          output: 'trivy-terraform-results.sarif'
-          exit-code: '1'
+          format: "sarif"
+          output: "trivy-terraform-results.sarif"
+          exit-code: "1"
           ignore-unfixed: true
-          severity: 'CRITICAL,HIGH'
+          severity: "CRITICAL,HIGH"
+          trivyignores: "./infra/terraform/.trivyignore"
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@e14ec90e52a057614c707baecf2ed88a81b68bc9 # v2
+        uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3
         with:
-          sarif_file: 'trivy-terraform-results.sarif'
+          sarif_file: "trivy-terraform-results.sarif"
Original file line number	Diff line number	Diff line change
`@@ -47,8 +47,14 @@`
`47`	`47`	`"golang.go",`
`48`	`48`	`"Vue.volar",`
`49`	`49`	`"rust-lang.rust-analyzer",`
`50`		`- "ms-python.python"`
	`50`	`+ "ms-python.python",`
	`51`	`+ "ms-kubernetes-tools.vscode-aks-tools",`
	`52`	`+ "ms-azuretools.vscode-bicep",`
	`53`	`+ "hashicorp.terraform",`
	`54`	`+ "ms-playwright.playwright",`
	`55`	`+ "redhat.vscode-yaml",`
	`56`	`+ "ms-azuretools.vscode-azureresourcegroups"`
`51`	`57`	`]`
`52`	`58`	`}`
`53`	`59`	`}`
`54`		`-}`
	`60`	`+}`