rspec/rules/S6380/description.adoc

Allowing anonymous access can reduce an organization's ability to protect itself against attacks on its Azure resources.

Security incidents may include disrupting critical functions, data theft, and additional Azure subscription costs due to resource overload.

Using authentication coupled with fine-grained authorizations helps bring defense-in-depth and bring traceability to investigators of security incidents.

Depending on the affected Azure resource, multiple authentication choices are possible: Active Directory Authentication, OpenID implementations (Google, Microsoft, etc.) or native Azure mechanisms.
Create rule S6380: add language AzureResourceManager (JSON) (#2274) Specification ticket: [APPSEC-775](https://sonarsource.atlassian.net/browse/APPSEC-775) Implementation ticket: [SONARIAC-899](https://sonarsource.atlassian.net/browse/SONARIAC-899) [RSPEC Preview](https://sonarsource.github.io/rspec/#/rspec/S6378/azureresourcemanager) Bicep PR for S6380: #2298 ## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) [APPSEC-775]: https://sonarsource.atlassian.net/browse/APPSEC-775?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ [SONARIAC-899]: https://sonarsource.atlassian.net/browse/SONARIAC-899?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ --------- Co-authored-by: egon-okerman-sonarsource <egon-okerman-sonarsource@users.noreply.github.com> Co-authored-by: Egon Okerman <egon.okerman@sonarsource.com> Co-authored-by: Jamie Anderson <127742609+jamie-anderson-sonarsource@users.noreply.github.com> 2023-07-03 18:04:53 +02:00			`Allowing anonymous access can reduce an organization's ability to protect itself against attacks on its Azure resources.`

			`Security incidents may include disrupting critical functions, data theft, and additional Azure subscription costs due to resource overload.`

			`Using authentication coupled with fine-grained authorizations helps bring defense-in-depth and bring traceability to investigators of security incidents.`

			`Depending on the affected Azure resource, multiple authentication choices are possible: Active Directory Authentication, OpenID implementations (Google, Microsoft, etc.) or native Azure mechanisms.`