PSRule.Rules.Azure issues

Limit connectivity to Redis instances with firewall rules

# Rule request ## Suggested rule change By default when a Redis Cache is not VNET integrated access from an IP address is permitted. Network access to the cache should...

BernieWhite

help wanted

good first issue

rule: redis

Add rule for setting assignment non-compliance message

# Rule request ## Suggested rule change Policy assignments can configure a non-compliance message. The default non-compliance message should be set to provide a human readable reason for any denies...

BernieWhite

help wanted

good first issue

rule: policy

pillar: operational-execellence

Check for outer scope deployments using secure parameters

1

# Rule request ## Suggested rule change Deployments using an outer scope should not use any `secureObject` or `secureString` parameters. ## Applies to the following The rule applies to the...

BernieWhite

help wanted

rule: deployment

integration: template-analyzer

Check that usernames are not literals

# Rule request ## Suggested rule change Ensures that all properties within a template named adminUsername are expressions, not literal strings ## Applies to the following The rule applies to...

BernieWhite

help wanted

rule: deployment

integration: template-analyzer

Check for custom script extension usage that might expose a secret

# Rule request ## Suggested rule change Check for custom script cases that might expose a secret. Ensures that all `commandsToExecute` are within `protectedSettings` if the command contains a secure...

BernieWhite

help wanted

rule: deployment

integration: template-analyzer

Check outputs potentially containing secure values

# Rule request ## Suggested rule change Check for outputs that are likely to contain secure values such as `accountPassword`. ## Applies to the following The rule applies to the...

BernieWhite

rule: deployment

integration: defender-for-devops

pillar: security

Check parameters potentially containing secure values

# Rule request ## Suggested rule change Check that parameters that are likely to contain secure values use `secureString` or `secureObject`. For example parameters called `adminPassword` or `accountKey`. ## Applies...

BernieWhite

rule: deployment

integration: template-analyzer

pillar: security

Add resourceType validation for Bicep

Experimental support for strong typing of modules supports a `resourceType` metadata property on parameters and outputs. We currently provide similar support via `strongType` metadata but `resourceType` should be added. ##...

BernieWhite

enhancement

feature: bicep-language

Add rules for separate WAF policy

# Rule request ## Suggested rule change Azure Front Door, Application Gateway and Azure CDN support linking of WAF policies. We should ensure any WAF policy rules are added for...

BernieWhite

rule: network

ms-hack-2022

Expand field() expressions for Azure Policy

6

In Azure Policy, we can have field expressions like `field('type')`. We should be able to expand these expressions when emitting JSON rules. Related to #181

ArmaanMcleod

bug

.NET

feature: policy-as-rules

long-term

PSRule.Rules.Azure
PSRule.Rules.Azure copied to clipboard

Metadata

Limit connectivity to Redis instances with firewall rules

Add rule for setting assignment non-compliance message

Check for outer scope deployments using secure parameters

Check that usernames are not literals

Check for custom script extension usage that might expose a secret

Check outputs potentially containing secure values

Check parameters potentially containing secure values

Add resourceType validation for Bicep

Add rules for separate WAF policy

Expand field() expressions for Azure Policy

← Metadata

Owner

Metadata

PSRule.Rules.Azure PSRule.Rules.Azure copied to clipboard

Metadata

← Metadata

Owner

Metadata

PSRule.Rules.Azure
PSRule.Rules.Azure copied to clipboard