You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When the WAF Mode in BICEP or the ARM Template uses a conditional statement, it's flagging it as an error. Here is an example, in the development environment we set the mode to detection, but in all other environments we set to prevention.
Is this rule also flagging your template if you specify the parameters file that has the environment variable not set to dev? I believe TemplateAnalyzer should resolve the if properly
We are using the Microsoft Security DevOps extension to run the templateanalyzer tool. I'll need to research how to invoke the '-p' option via that extension. Thanks for the tip!
Please describe the feature or suggestion.
When the WAF Mode in BICEP or the ARM Template uses a conditional statement, it's flagging it as an error. Here is an example, in the development environment we set the mode to detection, but in all other environments we set to prevention.
"mode": "[if(equals(toLower(parameters('environment')), 'dev'), 'Detection', 'Prevention')]"
But, the templateanalyzer tool flags it as an error since it's not a fixed value of 'Prevention'. AZR-000302: Azure.AppGwWAF.PreventionMode.
Alternatively, if there was a way to ignore the rule I suppose that would be a stop gap.
Thanks
Additional context
No response
The text was updated successfully, but these errors were encountered: