S6378, S6308, S6388: False positives for existing resources in Bicep

• What language is this for?

  • Bicep (Azure Resource Manager)

• Which rule?

  • S6378, S6308, S6388

• Why do you believe it’s a false-positive/false-negative?

  • Those rules are being triggered for an exiting resources that are imported into the file.

• Are you using

  • SonarCloud

• How can we reproduce the problem? Give us a self-contained snippet of code (formatted text, no screenshots)

//azureresourcemanager:S6378, azureresourcemanager:S6380
resource api_management 'Microsoft.ApiManagement/service@2022-04-01-preview' existing = {
  name: 'apim-${uniqueString(resourceGroup().id)}'
}

//azureresourcemanager:S6378, azureresourcemanager:S6388
resource storageAccount 'Microsoft.Storage/storageAccounts@2023-01-01' existing = {
  name: 'sa${uniqueString(resourceGroup().id)}'
}

//azureresourcemanager:S6378
resource account 'Microsoft.DocumentDB/databaseAccounts@2022-05-15' existing = {
  name: 'da-${uniqueString(resourceGroup().id)}'
}

Also, I’m aware about this [SONARIAC-1143] ARM rules should not check attributes on existing resources - Jira (atlassian.net) which seems to be closed, but the issue for APIM, Storage Accounts and database account still persists.

Hello @MWilk and welcome to community!

Thanks for raising awareness on this topic.
I investigated, and indeed, the previous ticket and code modification are not enough to avoid all FPs.
I created another ticket to take care of it and check these rules and the rules from the previous ticket.

Sorry for the inconvenience caused and thank you again for your message.
Best,
Rudy

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.