diff --git a/.github/workflows/azure-analyze.yaml b/.github/workflows/azure-analyze.yaml index ccccc77..ea2ca48 100644 --- a/.github/workflows/azure-analyze.yaml +++ b/.github/workflows/azure-analyze.yaml @@ -37,3 +37,23 @@ jobs: uses: microsoft/ps-rule@v2.9.0 with: modules: PSRule.Rules.Azure + outputFormat: Sarif + outputPath: reports/ps-rule-results.sarif + summary: true + + # If you have GitHub Advanced Security you can upload PSRule scan results. + # Uncomment the next step to use this feature. + # - name: Upload results to security tab + # uses: github/codeql-action/upload-sarif@v2 + # if: always() + # with: + # sarif_file: reports/ps-rule-results.sarif + + - name: Upload results + uses: actions/upload-artifact@v3 + if: always() + with: + name: PSRule-Sarif + path: reports/ps-rule-results.sarif + retention-days: 1 + if-no-files-found: error diff --git a/.pipelines/azure-analyze-with-monitor.yaml b/.pipelines/azure-analyze-with-monitor.yaml index abbfef9..353345b 100644 --- a/.pipelines/azure-analyze-with-monitor.yaml +++ b/.pipelines/azure-analyze-with-monitor.yaml @@ -55,3 +55,4 @@ stages: - publish: $(System.DefaultWorkingDirectory)/reports/ps-rule-results.sarif artifact: CodeAnalysisLogs displayName: Publish SARIF logs + condition: succeededOrFailed() diff --git a/.pipelines/azure-analyze.yaml b/.pipelines/azure-analyze.yaml index e085491..af996e7 100644 --- a/.pipelines/azure-analyze.yaml +++ b/.pipelines/azure-analyze.yaml @@ -41,3 +41,4 @@ stages: - publish: $(System.DefaultWorkingDirectory)/reports/ps-rule-results.sarif artifact: CodeAnalysisLogs displayName: Publish SARIF logs + condition: succeededOrFailed() diff --git a/ps-rule.yaml b/ps-rule.yaml index a69e558..23ac6cc 100644 --- a/ps-rule.yaml +++ b/ps-rule.yaml @@ -13,10 +13,13 @@ binding: - type - resourceType +execution: + unprocessedObject: Ignore + # Require minimum versions of modules. requires: PSRule: '@pre >=2.9.0' - PSRule.Rules.Azure: '@pre >=1.28.2' + PSRule.Rules.Azure: '@pre >=1.31.1' # Use PSRule for Azure. include: