Improve IaC Pulumi and Bicep secret evidence gates by danyili2632 · Pull Request #1368 · UnitOneAI/SecuritySkills

danyili2632 · 2026-06-06T10:12:47Z

Summary

addresses [REVIEW] iac-security: add Pulumi and Bicep evidence gates #1116 by adding Pulumi- and Bicep-specific secret evidence gates to iac-security
distinguishes safe Pulumi secret-tainted values from plaintext config reads, callback/log leakage, unsafe stack outputs, and weak secrets-provider posture
distinguishes safe Bicep @secure() parameters from plaintext secure inputs, list*() output leakage, module/script re-exposure, and deployment-history exposure
updates the report template with evidence-origin fields and Pulumi/Bicep posture summary fields

git diff --check
verified required markers for Pulumi secret-taint review, Python/TypeScript examples, Bicep secure inputs, list* output leakage, evidence-origin reporting, and output summary fields
verified Markdown fence counts are balanced

Target tier: Improver Moderate ($100) if accepted
Preferred payment method: crypto, Base USDC 0x6CBF4b5cb88b8C2B7af776Bc2B073163B5d3C08A

improve iac pulumi bicep secret evidence

00c7577

danyili2632 mentioned this pull request Jun 6, 2026

[REVIEW] iac-security: add Pulumi and Bicep evidence gates #1116

Open

4 tasks