Adding sample to test pipeline

[ouldsid]

PR Checklist

Check these items before submitting a PR...

Contribution Guide

Best Practice Guide

• - Please check this box once you've submitted the PR if you've read through the Contribution Guide and best practices checklist.

Changelog

[ouldsid]

/validate

[github-actions]

🤖 Quickstart Sample Summary

Sample Summary

• This sample demonstrates how to use a deployment stack to create and manage Azure Storage Accounts.
• It deploys two storage accounts with different replication settings and a virtual network with subnets.
• The sample includes a prereq deployment stack used to prepare prerequisites.
• To deploy, run the main Bicep template after deploying the prerequisite stack.

Resources Deployed

• Microsoft.Storage/storageAccounts (defined in main.bicep): Deploys two storage accounts with types Standard_LRS and Standard_GRS. Properties include disabling shared key access.
• Microsoft.Network/virtualNetworks (defined in main.bicep): A virtual network with two subnets (Subnet-1 and Subnet-2) for network isolation.
• Prerequisites in prereqs/prereq.main.bicep - details not available due to file read error (folder unknown).

Security Findings

• High Severity:
  • AZR-000202 (Template Analyzer): Storage accounts by default allow connections from any network; recommends setting default action to deny and allowing traffic only from selected networks.
  • AZR-000200 (Template Analyzer): Minimum TLS version not set to enforce secure protocol only (recommend enforcing TLS 1.2 or higher).
  • AZR-000198 (Template Analyzer): Public blob access not explicitly disabled via allowBlobPublicAccess: recommended for privacy.
  • CKV_AZURE_35 (Checkov): Default network access rule for storage accounts should be set to deny.
  • CKV_AZURE_44 (Checkov): Storage Accounts should use the latest TLS encryption version.
• Low Severity:
  • CKV_AZURE_43 (Checkov): Storage Account names should adhere to naming rules.
  • CKV_AZURE_206 (Checkov): Storage Accounts should use replication.
• No potential secrets or hardcoded passwords were detected.
• The sample hardcodes address prefixes and disables shared key access but does not enforce network or TLS best practices fully.

Key Parameters

• resourceGroupLocation (string): Location of the resource group.
• storageAccountName (string): Name of the first storage account (with Standard_LRS SKU).
• storageAccountName2 (string): Name of the second storage account (with Standard_GRS SKU).
• vnetName (string): Name of the virtual network.

Notes for Reviewers

• Prerequisite template folder not found or accessible in PR files, limiting full resource and parameter analysis of prereqs.
• Security scan indicates multiple recommendations regarding storage account security best practices (network restrictions, TLS version, blob access).
• The sample does not appear to implement these best practices as part of the deployment and could mislead users if adopted without modification.
• Documentation is minimal; the README only states it is a sample test but lacks deployment instructions or security considerations.

Files Touched

• README.md
• main.bicep
• metadata.json
• prereqs/README.md
• prereqs/prereq.azuredeploy.parameters.json
• prereqs/prereq.main.bicep (could not be read due to unknown folder error)

---

Generated by the quickstart summarizer agent (v2 — agentic + MSDO security) · triggered by /validate

[ouldsid]

/validate

[ouldsid]

/validate

[ouldsid]

/validate

[ouldsid]

/validate

[ouldsid]

/validate

[ouldsid]

/validate