[BUG]-Bicep issues found: Unable to restore the module with reference

[Kludon]

Describe the bug

msdo.sarif.txt
We use bicep files that has a reference to our own Container registry.
But the analyzer failed on the reference.

We use the analyzer in our pipeline in devops in a yaml file like this

- task: MicrosoftSecurityDevOps@1
    displayName: 'Microsoft Security DevOps'    
    env:
        GDN_TEMPLATEANALYZER_ANALYZEDIRECTORY: '$(Build.ArtifactStagingDirectory)/infra/bicep/'        
    inputs:      
      tools: 'templateanalyzer'

After we run the pipeline we get the following exception in the sarif file (see attachment)

Unhandled exception: Azure.Identity.CredentialUnavailableException: The ChainedTokenCredential failed to retrieve a token from the included credentials.
- Please run 'az login' to set up account
- Please run 'Connect-AzAccount' to set up account

We use our own buildagent with a service connection that has read access on the container registry.

If I use az login on a previous task in the pipeline the same error ouccered.

Expected behavior

Use the credentials from the serviceconnection or create an input parameter for the service connection and then you can read the conttainer registry templae.

Reproduction Steps

Create a container registry and put a bicep template in it.
Set read rights on the container registry for your service connection and in your repository create a bicep with module reference to the container registry. Create a yaml pipeline with that analyze our bicep.

Environment

No response

[nonik0]

Thanks for reporting this. It's likely we will need to take a look at our bicep integration to see where the auth flow is going wrong. But I should note that we have not specifically tested scenarios like this with the bicep integration yet, where bicep templates depend on modules in private registries, so for now I would consider these scenarios as unsupported in template-analyzer.