Skip to content

April 2025 (version 1.43)#

Install with: GitHub Actions | Azure Pipelines | PowerShell

Welcome to the April 2025 release of PSRule for Azure. This release includes new features and improvements to existing rules.

Unified with CAF#

Previously we maintained a dedicated rules module for the Cloud Adoption Framework (CAF) called PSRule for CAF. The module focussed on providing configurable rules to enforce naming and tagging conventions for Azure resources. There was a number of challenges with this approach that created confusion and complexity for users.

OE:04 Tools and processes of the Well-Architected Framework (WAF), calls out the importance of implementing standards for naming and tagging resources.

As a result, we have consolidated the features from PSRule for CAF into PSRule for Azure, and are deprecating the PSRule for CAF module.

Along with this consolidation, we have made the following improvements:

  • Uplifted the rules to meet the quality your can expect from PSRule for Azure. All rules now have improved documentation with examples and references.
  • The recommendations for naming prefixes that were out of date have been updated to the latest guidance from Microsoft. New baselines have been created to reflect the latest guidance. Additionally, the old naming conventions are available as a separate baseline for those that need to maintain them.
  • Naming convention and tag value formats are implemented as regular expressions to allow matching of more complex patterns, instead of just simple prefixes.

If you are currently using PSRule for CAF and want to migrate to PSRule for Azure, you can do so by following the migration details here.

We also renamed the Azure.ResourceGroup.Name rule to Azure.Group.Name to better aligned to related rules.

Improved secret leak detection#

Checking for cases where sensitive values are passed insecurely is a key part of the secure development lifecycle. This release improves the detection of sensitive values in ARM templates and Bicep files.

One new rule Azure.Deployment.SecretLeak has been added to detect cases when a sensitive value is passed to a parameter that is not marked as secure.

Additionally, the existing rule Azure.Deployment.SecureValue has been updated to support new resource types and properties. This rule checks for cases when a non-secure value is assigned to a resource property that contains sensitive information.

Thank you#

Thanks for your continued support and feedback. We are always looking for ways to improve the experience of using PSRule for Azure.

If you have any feedback or suggestions, please reach out to us on GitHub Discussions or GitHub Issues.

If you'd like to contribute to the project, please check out our contributing guide. We welcome contributions of all kinds, from rules, code, documentation, and samples.