bicep_skill
- Python
0
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill yldgio/codereview-skills --skill bicep- SKILL.md3.4 KB
Overview
This skill encapsulates Azure Bicep Infrastructure-as-Code patterns focused on secure parameterization, modular design, naming and tagging conventions, and auditing best practices. It helps reviewers and authors apply consistent, policy-aligned templates and avoid common security and deployment pitfalls. The guidance is practical and ready to apply in CI/CD pipelines and code reviews.
How this skill works
The skill inspects Bicep templates for security issues (secrets, network exposure, diagnostic settings), parameter design (descriptions, constraints, secure markers), naming and tagging consistency, module boundaries, and API version usage. It reports deviations from recommended patterns and offers concrete fixes: parameter annotations, Key Vault references, proper use of existing resources, and modular refactors. It also suggests policy and auditing controls to enforce governance.
When to use it
- During Bicep template code reviews to catch security and governance issues early
- When authoring new IaC modules to apply consistent naming, tagging, and parameter patterns
- Before merging changes to infrastructure repositories or generating ARM outputs
- While integrating templates into CI/CD to enforce policy and validation gates
- When migrating ARM templates to Bicep or modularizing large templates
Best practices
- Never hardcode secrets; use Key Vault references and mark sensitive params with @secure()
- Provide @description() and @allowed() for parameters and apply sensible min/max constraints
- Use consistent naming conventions with environment, region, workload and uniqueString() for global names
- Tag all resources with standard governance tags (owner, environment, cost center, compliance)
- Break templates into single-responsibility modules and pass values via outputs
- Enable diagnostic settings, prefer private endpoints, and enforce encryption at rest
Example use cases
- Validate a storage account template: ensure TLS1_2, supportsHttpsTrafficOnly, and Key Vault integration
- Refactor a monolithic template into modules: network, compute, and storage with clear outputs
- Harden deployment parameters by adding @secure(), descriptions, allowed values and lengths
- Audit templates for deprecated API versions and justify any preview usage
- Ensure resource tags and naming meet organizational policy for cost allocation and compliance
FAQ
Never hardcode secrets; declare parameters with @secure() and reference secrets from Azure Key Vault.
When should I use modules?
Use modules to encapsulate logical resource groups, make templates reusable, and simplify testing and maintenance.