Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add WAF Security PS Rule Config #3745

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

feat: Add WAF Security PS Rule Config #3745

wants to merge 6 commits into from

Conversation

jtracey93
Copy link
Contributor

@jtracey93 jtracey93 commented Nov 7, 2024
edited
Loading

Description

Add WAF Security PS Rule Config as agreed, defined below:

  1. New PSRule custom baseline with explicit rules added based on WAF security work, prioritizing top 20 resources
  2. Run of PSRule with Azure.Pillar.Security in "audit only" mode (continue_on_error = true)

Pipeline Reference

Pipeline
avm.res.container-registry.registry - Note failure is not due to changes and is in different job
avm.res.network.firewall-policy - failing as rule is not passing as expected
avm.res.network.azure-firewall
avm.res.network.application-gateway-web-application-firewall-policy
avm.res.network.application-gateway - failing as expected
avm.res.storage.storage-account - Note failure is not due to changes and is in different job

Type of Change

  • Update to CI Environment or utilities (Non-module affecting changes)
  • Azure Verified Module updates:
    • Bugfix containing backwards-compatible bug fixes, and I have NOT bumped the MAJOR or MINOR version in version.json:
      • Someone has opened a bug report issue, and I have included "Closes #{bug_report_issue_number}" in the PR description.
      • The bug was found by the module author, and no one has opened an issue to report it yet.
    • Feature update backwards compatible feature updates, and I have bumped the MINOR version in version.json.
    • Breaking changes and I have bumped the MAJOR version in version.json.
    • Update to documentation

Checklist

  • I'm sure there are no other open Pull Requests for the same update/change
  • I have run Set-AVMModule locally to generate the supporting module files.
  • My corresponding pipelines / checks run clean and green without any errors or warnings

@jtracey93 jtracey93 changed the title Add WAF Security PS Rule Config feat: Add WAF Security PS Rule Config Nov 7, 2024
@microsoft-github-policy-service microsoft-github-policy-service bot added Needs: Triage 🔍 Maintainers need to triage still Type: AVM 🅰️ ✌️ Ⓜ️ This is an AVM related issue labels Nov 7, 2024
@jtracey93 jtracey93 added Type: CI 🚀 This issue is related to the AVM CI Needs: Core Team 🧞 This item needs the AVM Core Team to review it labels Nov 7, 2024
@jtracey93 jtracey93 marked this pull request as ready for review November 7, 2024 15:22
@jtracey93 jtracey93 requested review from a team as code owners November 7, 2024 15:22
@jtracey93 jtracey93 enabled auto-merge (squash) November 7, 2024 15:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eriqua eriqua eriqua left review comments

@rahalan rahalan rahalan approved these changes

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
Needs: Core Team 🧞 This item needs the AVM Core Team to review it Needs: Triage 🔍 Maintainers need to triage still Type: AVM 🅰️ ✌️ Ⓜ️ This is an AVM related issue Type: CI 🚀 This issue is related to the AVM CI
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jtracey93 @eriqua @rahalan