AzureResourceManager templates analysis is available on SonarCloud


We are thrilled to announce that SonarCloud now supports the scanning of AzureResourceManager templates and Bicep files! :tada:

Without any additional effort, SonarCloud will detect these file types and applies 12 dedicated rules specifically designed to avoid security misconfigurations. Here is the rules list:

  • S6329: Allowing public network access to cloud resources is security-sensitive
  • S4423: Weak SSL/TLS protocols should not be used
  • S5332: Using clear-text protocols is security-sensitive
  • S6385: Azure custom roles should not grant subscription Owner capabilities
  • S6413: Defining a short log retention duration is security-sensitive
  • S6388: Using unencrypted cloud storages is security-sensitive
  • S6387: Azure role assignments that grant access to all resources of a subscription are security-sensitive
  • S6383: Disabling Role-Based Access Control on Azure resources is security-sensitive
  • S6382: Disabling certificate-based authentication is security-sensitive
  • S6381: Assigning high privileges Azure Resource Manager built-in roles is security-sensitive
  • S6364: Defining a short backup retention duration is security-sensitive
  • S6321: Administration services access should be restricted to specific IP addresses

SonarQube users will get the same with the upcoming SonarQube 10.2



A post was split to a new topic: How to silent issues on Bicep files

A post was merged into an existing topic: How to silent issues on Bicep files