Skip to content

bicep_linter

GitHub stars GitHub release (latest SemVer) GitHub last commit GitHub commit activity GitHub contributors

By default, Bicep linter errors are set as warnings. To customize linter settings, use a bicepconfig.json file. For more information, see the documentation for the Bicep Linter

bicep_linter documentation

bicep - GitHub

Configuration in MegaLinter

Variable Description Default value
BICEP_BICEP_LINTER_ARGUMENTS User custom arguments to add in linter CLI call
Ex: -s --foo "bar"
BICEP_BICEP_LINTER_COMMAND_REMOVE_ARGUMENTS User custom arguments to remove from command line before calling the linter
Ex: -s --foo "bar"
BICEP_BICEP_LINTER_FILTER_REGEX_INCLUDE Custom regex including filter
Ex: (src\|lib)
Include every file
BICEP_BICEP_LINTER_FILTER_REGEX_EXCLUDE Custom regex excluding filter
Ex: (test\|examples)
Exclude no file
BICEP_BICEP_LINTER_CLI_LINT_MODE Override default CLI lint mode
- file: Calls the linter for each file
- project: Call the linter from the root of the project
file
BICEP_BICEP_LINTER_FILE_EXTENSIONS Allowed file extensions. "*" matches any extension, "" matches empty extension. Empty list excludes all files
Ex: [".py", ""]
[".bicep"]
BICEP_BICEP_LINTER_FILE_NAMES_REGEX File name regex filters. Regular expression list for filtering files by their base names using regex full match. Empty list includes all files
Ex: ["Dockerfile(-.+)?", "Jenkinsfile"]
Include every file
BICEP_BICEP_LINTER_PRE_COMMANDS List of bash commands to run before the linter None
BICEP_BICEP_LINTER_POST_COMMANDS List of bash commands to run after the linter None
BICEP_BICEP_LINTER_UNSECURED_ENV_VARIABLES List of env variables explicitly not filtered before calling BICEP_BICEP_LINTER and its pre/post commands None
BICEP_BICEP_LINTER_DISABLE_ERRORS Run linter but consider errors as warnings false
BICEP_BICEP_LINTER_DISABLE_ERRORS_IF_LESS_THAN Maximum number of errors allowed 0
BICEP_BICEP_LINTER_CLI_EXECUTABLE Override CLI executable ['bicep']

IDE Integration

Use bicep_linter in your favorite IDE to catch errors before MegaLinter !

IDE Extension Name Install
Visual Studio Code VSCode Bicep Install in VSCode

MegaLinter Flavors

This linter is available in the following flavors

Flavor Description Embedded linters Info
all Default MegaLinter Flavor 125 Docker Image Size (tag) Docker Pulls
dotnet Optimized for C, C++, C# or VB based projects 61 Docker Image Size (tag) Docker Pulls
dotnetweb Optimized for C, C++, C# or VB based projects with JS/TS 70 Docker Image Size (tag) Docker Pulls

Behind the scenes

How are identified applicable files

  • File extensions: .bicep

How the linting is performed

  • bicep_linter is called one time by identified file (file CLI lint mode)

Example calls

# Bicep CLI 
bicep build infra.bicep;

# Azure CLI 
az bicep build -f infra.bicep

Help content

Bicep CLI version 0.32.4 (b326faa456)

Usage:
  bicep build [options] <file>
    Builds a .bicep file.

    Arguments:
      <file>        The input file

    Options:
      --outdir <dir>                 Saves the output at the specified directory.
      --outfile <file>               Saves the output as the specified file path.
      --stdout                       Prints the output to stdout.
      --no-restore                   Builds the bicep file without restoring external modules.
      --diagnostics-format <format>  Sets the format with which diagnostics are displayed. Valid values are ( Default | Sarif ).

    Examples:
      bicep build file.bicep
      bicep build file.bicep --stdout
      bicep build file.bicep --outdir dir1
      bicep build file.bicep --outfile file.json
      bicep build file.bicep --no-restore
      bicep build file.bicep --diagnostics-format sarif

  bicep format [options] <file>
    Formats a .bicep file.

    Arguments:
      <file>        The input file

    Options:
      --outdir <dir>        Saves the output at the specified directory.
      --outfile <file>      Saves the output as the specified file path.
      --stdout              Prints the output to stdout.
      --newline             Set newline char. Valid values are ( Auto | LF | CRLF | CR ).
      --indent-kind          Set indentation kind. Valid values are ( Space | Tab ).
      --indent-size          Number of spaces to indent with (Only valid with --indentKind set to Space).
      --insert-final-newline  Insert a final newline.

    Examples:
      bicep format file.bicep
      bicep format file.bicep --stdout
      bicep format file.bicep --outdir dir1
      bicep format file.bicep --outfile file.json
      bicep format file.bicep --indent-kind Tab

  bicep decompile [options] <file>
    Attempts to decompile a template .json file to .bicep.

    Arguments:
      <file>        The input file

    Options:
      --outdir <dir>    Saves the output at the specified directory.
      --outfile <file>  Saves the output as the specified file path.
      --stdout          Prints the output to stdout.
      --force           Allows overwriting the output file if it exists (applies only to 'bicep decompile' or 'bicep decompile-params').

    Examples:
      bicep decompile file.json
      bicep decompile file.json --stdout
      bicep decompile file.json --outdir dir1
      bicep decompile file.json --force
      bicep decompile file.json --outfile file.bicep

  bicep lint [options] <file>
    Lints a .bicep file.

    Arguments:
      <file>        The input file

    Options:
      --no-restore                   Skips restoring external modules.
      --diagnostics-format <format>  Sets the format with which diagnostics are displayed. Valid values are ( Default | Sarif ).

    Examples:
      bicep lint file.bicep
      bicep lint file.bicep --no-restore
      bicep lint file.bicep --diagnostics-format sarif

  bicep decompile-params [options] <file>
    Attempts to decompile a parameters .json file to .bicepparam.

    Arguments:
      <file>        The input file

    Options:
      --outdir <dir>    Saves the output at the specified directory.
      --outfile <file>  Saves the output as the specified file path.
      --stdout          Prints the output to stdout.
      --force           Allows overwriting the output file if it exists (applies only to 'bicep decompile' or 'bicep decompile-params').
      --bicep-file      Path to the bicep template file that will be referenced in the using declaration

    Examples:
      bicep decompile-params file.json
      bicep decompile-params file.json --bicep-file ./dir/main.bicep
      bicep decompile-params file.json --stdout
      bicep decompile-params file.json --outdir dir1
      bicep decompile-params file.json --force
      bicep decompile-params file.json --outfile file.bicepparam

  bicep generate-params [options] <file>
    Builds parameters file from the given bicep file, updates if there is an existing parameters file.

    Arguments:
      <file>        The input file

    Options:
      --no-restore      Generates the parameters file without restoring external modules.
      --outdir <dir>    Saves the output at the specified directory.
      --outfile <file>  Saves the output as the specified file path.
      --stdout          Prints the output to stdout.
      --output-format   Selects the output format {json, bicepparam}
      --include-params  Selects which parameters to include into output {requiredonly, all}

    Examples:
      bicep generate-params file.bicep
      bicep generate-params file.bicep --no-restore
      bicep generate-params file.bicep --stdout
      bicep generate-params file.bicep --outdir dir1
      bicep generate-params file.bicep --outfile file.parameters.json
      bicep generate-params file.bicep --output-format bicepparam --include-params all

  bicep publish <file> --target <ref>
    Publishes the .bicep file to the module registry.

    Arguments:
      <file>        The input file (can be a Bicep file or an ARM template file)
      <ref>         The module reference

    Options:
      --documentation-uri  Module documentation uri
      --with-source       [Experimental] Publish source code with the module
      --force             Overwrite existing published module or file

    Examples:
      bicep publish file.bicep --target br:example.azurecr.io/hello/world:v1
      bicep publish file.bicep --target br:example.azurecr.io/hello/world:v1 --force
      bicep publish file.bicep --target br:example.azurecr.io/hello/world:v1 --documentation-uri https://github.com/hello-world/README.md --with-source
      bicep publish file.json --target br:example.azurecr.io/hello/world:v1 --documentation-uri https://github.com/hello-world/README.md

  bicep restore <file>
    Restores external modules from the specified Bicep file to the local module cache.

    Arguments:
      <file>        The input file

  bicep [options]
    Options:
      --version              -v   Shows bicep version information
      --help                 -h   Shows this usage information
      --license                   Prints license information
      --third-party-notices       Prints third-party notices

  bicep build-params <file>
    Builds a .json file from a .bicepparam file.

    Arguments:
      <file>        The input Bicepparam file

    Options:
      --bicep-file <file>            Verifies if the specified bicep file path matches the one provided in the params file using declaration
      --outdir <dir>                 Saves the output of building the parameter file only (.bicepparam) as json to the specified directory.
      --outfile <file>               Saves the output of building the parameter file only (.bicepparam) as json to the specified file path.
      --stdout                       Prints the output of building both the parameter file (.bicepparam) and the template it points to (.bicep) as json to stdout.
      --no-restore                   Builds the bicep file (referenced in using declaration) without restoring external modules.
      --diagnostics-format <format>  Sets the format with which diagnostics are displayed. Valid values are ( Default | Sarif ).

    Examples:
      bicep build-params params.bicepparam
      bicep build-params params.bicepparam --stdout
      bicep build-params params.bicepparam --outdir dir1
      bicep build-params params.bicepparam --outfile otherParams.json
      bicep build-params params.bicepparam --no-restore
      bicep build-params params.bicepparam --diagnostics-format sarif

  bicep jsonrpc [options]
    Runs a JSONRPC server for interacting with Bicep programmatically.

    Options:
      --pipe <name>   Runs the JSONRPC server using a named pipe.
      --socket <dir>  Runs the JSONRPC server on a specific port.
      --stdio         Runs the JSONRPC server over stdin/stdout.

    Examples:
      bicep jsonrpc --pipe /path/to/pipe.sock
      bicep jsonrpc --stdio

Installation on mega-linter Docker image

  • Dockerfile commands :
# renovate: datasource=github-tags depName=Azure/bicep
ARG BICEP_VERSION=0.32.4
ARG BICEP_EXE='bicep'
ARG BICEP_DIR='/usr/local/bin'
RUN curl --retry 5 --retry-delay 5 -sLo ${BICEP_EXE} "https://github.com/Azure/bicep/releases/download/v${BICEP_VERSION}/bicep-linux-musl-x64" \
    && chmod +x "${BICEP_EXE}" \
    && mv "${BICEP_EXE}" "${BICEP_DIR}"