Hello,
We are thrilled to announce that SonarCloud now supports the scanning of AzureResourceManager templates and Bicep files! 
Without any additional effort, SonarCloud will detect these file types and applies 12 dedicated rules specifically designed to avoid security misconfigurations. Here is the rules list:
- S6329: Allowing public network access to cloud resources is security-sensitive
- S4423: Weak SSL/TLS protocols should not be used
- S5332: Using clear-text protocols is security-sensitive
- S6385: Azure custom roles should not grant subscription Owner capabilities
- S6413: Defining a short log retention duration is security-sensitive
- S6388: Using unencrypted cloud storages is security-sensitive
- S6387: Azure role assignments that grant access to all resources of a subscription are security-sensitive
- S6383: Disabling Role-Based Access Control on Azure resources is security-sensitive
- S6382: Disabling certificate-based authentication is security-sensitive
- S6381: Assigning high privileges Azure Resource Manager built-in roles is security-sensitive
- S6364: Defining a short backup retention duration is security-sensitive
- S6321: Administration services access should be restricted to specific IP addresses
SonarQube users will get the same with the upcoming SonarQube 10.2
Enjoy
Alex