Hi,
We have a number of repositories in Azure DevOps which consist of Azure Bicep modules. We are using the AzureResourceManager template to scan the code. In Bicep, a resource is defined using the resource keyword is used to define a resource which is being scanned correctly in SonarCloud.
However, the existing keyword is applied to the resource block to indicate a lookup of an existing resource based on its name. These blocks of code do not have all the configuration of a resource that’s being created and yet they are scanned and Security Hotspots are getting created against them anyway. This is causing a large number of false positives and causing our Quality Gate to fail. See example below
resource keyVault 'Microsoft.KeyVault/vaults@2023-02-01' existing = {
Omitting 'enableRbacAuthorization' disables role-based access control for this resource. Make sure it is safe here.
name: keyVaultName
}
Can this be updated to not create security hotspots for existing resources?