Skip to content

Add demo files with intentional security vulnerabilities for GitHub A… #142

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
CalinL wants to merge 1 commit into
base: main
Choose a base branch
from

Add demo files with intentional security vulnerabilities for GitHub A…

81c56ca
Select commit
Loading
Failed to load commit list.
Open

Add demo files with intentional security vulnerabilities for GitHub A… #142

Add demo files with intentional security vulnerabilities for GitHub A…
81c56ca
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / templateanalyzer failed Feb 12, 2026 in 9s

29 new alerts including 29 errors

New alerts in code changed by this pull request

  • 29 errors

See annotations below for details.

View all branch alerts.

Annotations

Check failure on line 29 in devsecops-demo/insecure_arm-01.json

See this annotation in the file changed.

Code scanning / templateanalyzer

API app should only be accessible over HTTPS. Error

API apps should require HTTPS to ensure connections are made to the expected server and data in transit is protected from network layer eavesdropping attacks.

Check failure on line 44 in devsecops-demo/insecure_arm-01.json

See this annotation in the file changed.

Code scanning / templateanalyzer

API app should only be accessible over HTTPS. Error

API apps should require HTTPS to ensure connections are made to the expected server and data in transit is protected from network layer eavesdropping attacks.

Check failure on line 70 in devsecops-demo/insecure_arm-01.json

See this annotation in the file changed.

Code scanning / templateanalyzer

Function app should only be accessible over HTTPS. Error

Function apps should require HTTPS to ensure connections are made to the expected server and data in transit is protected from network layer eavesdropping attacks.

Check failure on line 85 in devsecops-demo/insecure_arm-01.json

See this annotation in the file changed.

Code scanning / templateanalyzer

Function app should only be accessible over HTTPS. Error

Function apps should require HTTPS to ensure connections are made to the expected server and data in transit is protected from network layer eavesdropping attacks.

Check failure on line 111 in devsecops-demo/insecure_arm-01.json

See this annotation in the file changed.

Code scanning / templateanalyzer

Web apps should only be accessible over HTTPS. Error

Web apps should require HTTPS to ensure connections are made to the expected server and data in transit is protected from network layer eavesdropping attacks.

Check failure on line 125 in devsecops-demo/insecure_arm-01.json

See this annotation in the file changed.

Code scanning / templateanalyzer

Web apps should only be accessible over HTTPS. Error

Web apps should require HTTPS to ensure connections are made to the expected server and data in transit is protected from network layer eavesdropping attacks.

Check failure on line 165 in devsecops-demo/insecure_arm-01.json

See this annotation in the file changed.

Code scanning / templateanalyzer

FTPS only should be required in your API app. Error

Enable FTPS enforcement for enhanced security.

Check failure on line 165 in devsecops-demo/insecure_arm-01.json

See this annotation in the file changed.

Code scanning / templateanalyzer

Latest TLS version should be used in your API app. Error

API apps should require the latest TLS version.

Check failure on line 179 in devsecops-demo/insecure_arm-01.json

See this annotation in the file changed.

Code scanning / templateanalyzer

Diagnostic logs in App Service should be enabled. Error

Enable auditing of diagnostic logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised.

Check failure on line 179 in devsecops-demo/insecure_arm-01.json

See this annotation in the file changed.

Code scanning / templateanalyzer

FTPS only should be required in your function app. Error

Enable FTPS enforcement for enhanced security.

Check failure on line 179 in devsecops-demo/insecure_arm-01.json

See this annotation in the file changed.

Code scanning / templateanalyzer

Latest TLS version should be used in your function app. Error

Function apps should require the latest TLS version.

Check failure on line 179 in devsecops-demo/insecure_arm-01.json

See this annotation in the file changed.

Code scanning / templateanalyzer

FTPS only should be required in your web app. Error

Enable FTPS enforcement for enhanced security.

Check failure on line 179 in devsecops-demo/insecure_arm-01.json

See this annotation in the file changed.

Code scanning / templateanalyzer

Latest TLS version should be used in your web app. Error

Web apps should require the latest TLS version.

Check failure on line 187 in devsecops-demo/insecure_arm-01.json

See this annotation in the file changed.

Code scanning / templateanalyzer

Managed identity should be used in your API app. Error

For enhanced authentication security, use a managed identity. On Azure, managed identities eliminate the need for developers to have to manage credentials by providing an identity for the Azure resource in Azure AD and using it to obtain Azure Active Directory (Azure AD) tokens.

Check failure on line 195 in devsecops-demo/insecure_arm-01.json

See this annotation in the file changed.

Code scanning / templateanalyzer

FTPS only should be required in your API app. Error

Enable FTPS enforcement for enhanced security.

Check failure on line 195 in devsecops-demo/insecure_arm-01.json

See this annotation in the file changed.

Code scanning / templateanalyzer

Latest TLS version should be used in your API app. Error

API apps should require the latest TLS version.

Check failure on line 199 in devsecops-demo/insecure_arm-01.json

See this annotation in the file changed.

Code scanning / templateanalyzer

CORS should not allow every resource to access your API app. Error

Cross-Origin Resource Sharing (CORS) should not allow all domains to access your API app. Allow only required domains to interact with your API app.

Check failure on line 218 in devsecops-demo/insecure_arm-01.json

See this annotation in the file changed.

Code scanning / templateanalyzer

CORS should not allow every resource to access your API app. Error

Cross-Origin Resource Sharing (CORS) should not allow all domains to access your API app. Allow only required domains to interact with your API app.

Check failure on line 218 in devsecops-demo/insecure_arm-01.json

See this annotation in the file changed.

Code scanning / templateanalyzer

CORS should not allow every resource to access your function app. Error

Cross-Origin Resource Sharing (CORS) should not allow all domains to access your function app. Allow only required domains to interact with your function app.

Check failure on line 218 in devsecops-demo/insecure_arm-01.json

See this annotation in the file changed.

Code scanning / templateanalyzer

CORS should not allow every resource to access your web apps. Error

Cross-Origin Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.

Check failure on line 264 in devsecops-demo/insecure_arm-01.json

See this annotation in the file changed.

Code scanning / templateanalyzer

Diagnostic logs in App Service should be enabled. Error

Enable auditing of diagnostic logs on the app. This enables you to recreate activity trails for investigation purposes if a security incident occurs or your network is compromised.

Check failure on line 264 in devsecops-demo/insecure_arm-01.json

See this annotation in the file changed.

Code scanning / templateanalyzer

FTPS only should be required in your web app. Error

Enable FTPS enforcement for enhanced security.

Check failure on line 264 in devsecops-demo/insecure_arm-01.json

See this annotation in the file changed.

Code scanning / templateanalyzer

Latest TLS version should be used in your web app. Error

Web apps should require the latest TLS version.

Check failure on line 268 in devsecops-demo/insecure_arm-01.json

See this annotation in the file changed.

Code scanning / templateanalyzer

CORS should not allow every resource to access your web apps. Error

Cross-Origin Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.

Check failure on line 274 in devsecops-demo/insecure_arm-01.json

See this annotation in the file changed.

Code scanning / templateanalyzer

Managed identity should be used in your web app. Error

For enhanced authentication security, use a managed identity. On Azure, managed identities eliminate the need for developers to have to manage credentials by providing an identity for the Azure resource in Azure AD and using it to obtain Azure Active Directory (Azure AD) tokens.