Configure Bicep linter by environment variable

[BernieWhite]

Is your feature request related to a problem? Please describe.

Currently you can configure the severity of Bicep linter rules by bicepconfig.json.

However when customers that have controlled pipelines for software development lifecycle they might want to enforce security related linting rules to improve security or enforce non-security rules for consistency.

Setting linter rules by environment variable is the easiest option because this is easily controlled by pipeline.

Setting these linter rules by environment variable should override any preference within bicepconfig.json.

Describe the solution you'd like

Add support for overriding the default or the current preference of Bicep linter rules by environment variable.

For example:

export BICEP_ANALYZER_RULES_SECURE_SECRETS_IN_PARAMS = 'error'
export BICEP_ANALYZER_RULES_SECURE_PARAMS_IN_NESTED_DEPLOY = 'error'

[StephenWeatherford]

@BernieWhite I wonder if #5013 would be a better approach to handling this scenario?

[BernieWhite]

@StephenWeatherford Specifying an alternative config file is a good idea.

In terms of a controlled DevSecOps pipeline it might be harder to adopt though. Often the management of security controls is defined centrally.

For this to work I'd think you would need to:

• Recursively scan for any Bicep config files through a directory tree.
• Integrate any settings that are not related to the specific linting rules you want to override.
• Run the Bicep build against the new config file.

But also if a specific repository uses a bespoke build command line you'd need to find that and change the command-line. Instead of:

• Setting environment variables once for the pipeline. Environment variables then apply to any build and deployments.