diff --git a/.github/workflows/bicep-audit.yml b/.github/workflows/bicep-audit.yml
index eb7f66d..c795d9b 100644
--- a/.github/workflows/bicep-audit.yml
+++ b/.github/workflows/bicep-audit.yml
@@ -20,16 +20,21 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-
-      - name: Run Microsoft Security DevOps Analysis
-        uses: microsoft/security-devops-action@preview
-        id: msdo
-        continue-on-error: true
+      - name: Run PSRule analysis
+        uses: microsoft/ps-rule@v2.9.0
         with:
-          tools: templateanalyzer
-
-      - name: Upload alerts to Security tab
+          modules: PSRule.Rules.Azure
+          baseline: Azure.Pillar.Security
+          inputPath: tests/
+          outputFormat: Sarif
+          outputPath: reports/ps-rule-results.sarif
+          summary: true
+        continue-on-error: true
+        env:
+          PSRULE_CONFIGURATION_AZURE_BICEP_FILE_EXPANSION: 'true'
+          PSRULE_CONFIGURATION_AZURE_BICEP_FILE_EXPANSION_TIMEOUT: '60'
+      - name: Upload results to security tab
         uses: github/codeql-action/upload-sarif@v3
         if: github.repository_owner == 'Azure-Samples'
         with:
-          sarif_file: ${{ steps.msdo.outputs.sarifFile }}
+          sarif_file: reports/ps-rule-results.sarif
diff --git a/ps-rule.yaml b/ps-rule.yaml
new file mode 100644
index 0000000..bb4904b
--- /dev/null
+++ b/ps-rule.yaml
@@ -0,0 +1,3 @@
+# YAML: Set the AZURE_BICEP_FILE_EXPANSION configuration option to enable expansion
+configuration:
+  AZURE_BICEP_FILE_EXPANSION: true
\ No newline at end of file
diff --git a/tests/README.md b/tests/README.md
new file mode 100644
index 0000000..633eb17
--- /dev/null
+++ b/tests/README.md
@@ -0,0 +1 @@
+The files in this folder are for the purposes of running PSRule analysis for security checks.
\ No newline at end of file
diff --git a/tests/cloud-native/aks-arm64.test.bicep b/tests/cloud-native/aks-arm64.test.bicep
new file mode 100644
index 0000000..1031af0
--- /dev/null
+++ b/tests/cloud-native/aks-arm64.test.bicep
@@ -0,0 +1,10 @@
+targetScope = 'subscription'
+
+
+module main '../../cloud-native/aks-arm64/main.bicep' = {
+  name: 'aks-arm64'
+  params: {
+    name: 'test-aks-arm64'
+    location: 'westus'
+  }
+}
diff --git a/tests/cloud-native/aks-azure-linux.test.bicep b/tests/cloud-native/aks-azure-linux.test.bicep
new file mode 100644
index 0000000..6937814
--- /dev/null
+++ b/tests/cloud-native/aks-azure-linux.test.bicep
@@ -0,0 +1,9 @@
+targetScope = 'resourceGroup'
+
+
+module main '../../cloud-native/aks-azure-linux/aks.bicep' = {
+  name: 'aks-azure-linux'
+  params: {
+    location: 'westus'
+  }
+}
diff --git a/tests/cloud-native/aks-bicep-k8s.test.bicep b/tests/cloud-native/aks-bicep-k8s.test.bicep
new file mode 100644
index 0000000..1036d92
--- /dev/null
+++ b/tests/cloud-native/aks-bicep-k8s.test.bicep
@@ -0,0 +1,9 @@
+targetScope = 'resourceGroup'
+
+
+module main '../../cloud-native/aks-bicep-k8s/main.bicep' = {
+  name: 'aks-bicep'
+  params: {
+    location: 'westus'
+  }
+}
diff --git a/tests/cloud-native/aks-bicep-keda.test.bicep b/tests/cloud-native/aks-bicep-keda.test.bicep
new file mode 100644
index 0000000..13d0b66
--- /dev/null
+++ b/tests/cloud-native/aks-bicep-keda.test.bicep
@@ -0,0 +1,9 @@
+targetScope = 'subscription'
+
+
+module main01 '../../cloud-native/aks-bicep-keda/01-aks/main.bicep' = {
+  name: 'aks-01-bicep'
+  params: {
+    location: 'westus'
+  }
+}
diff --git a/tests/cloud-native/aks-bicep.test.bicep b/tests/cloud-native/aks-bicep.test.bicep
new file mode 100644
index 0000000..a63be7c
--- /dev/null
+++ b/tests/cloud-native/aks-bicep.test.bicep
@@ -0,0 +1,9 @@
+targetScope = 'subscription'
+
+
+module main '../../cloud-native/aks-bicep/01-aks/main.bicep' = {
+  name: 'aks-bicep'
+  params: {
+    location: 'westus'
+  }
+}
diff --git a/tests/cloud-native/aks-open-service-mesh.test.bicep b/tests/cloud-native/aks-open-service-mesh.test.bicep
new file mode 100644
index 0000000..61dac06
--- /dev/null
+++ b/tests/cloud-native/aks-open-service-mesh.test.bicep
@@ -0,0 +1,11 @@
+targetScope = 'subscription'
+
+
+module main '../../cloud-native/aks-open-service-mesh/main.bicep' = {
+  name: 'aks-open-service-mesh'
+  params: {
+    name: 'testing'
+    userObjectId: '00000000-0000-0000-0000-000000000000'
+    location: 'westus'
+  }
+}
diff --git a/tests/cloud-native/aks-webapp-routing.test.bicep b/tests/cloud-native/aks-webapp-routing.test.bicep
new file mode 100644
index 0000000..6bff46d
--- /dev/null
+++ b/tests/cloud-native/aks-webapp-routing.test.bicep
@@ -0,0 +1,12 @@
+targetScope = 'subscription'
+
+
+module main '../../cloud-native/aks-webapp-routing/main.bicep' = {
+  name: 'aks-webapp-routing'
+  params: {
+    name: 'testing'
+    userObjectId: '00000000-0000-0000-0000-000000000000'
+    location: 'westus'
+    dnsName: 'testing.com'
+  }
+}
diff --git a/tests/cloud-native/containerapps.test.bicep b/tests/cloud-native/containerapps.test.bicep
new file mode 100644
index 0000000..3a93c4b
--- /dev/null
+++ b/tests/cloud-native/containerapps.test.bicep
@@ -0,0 +1,9 @@
+targetScope = 'subscription'
+
+
+module main '../../cloud-native/containerapps-bicep/main.bicep' = {
+  name: 'containerapps-bicep'
+  params: {
+    location: 'westus'
+  }
+}
diff --git a/tests/linux/vm-flatcar-postgres.test.bicep b/tests/linux/vm-flatcar-postgres.test.bicep
new file mode 100644
index 0000000..c2a863b
--- /dev/null
+++ b/tests/linux/vm-flatcar-postgres.test.bicep
@@ -0,0 +1,10 @@
+targetScope = 'subscription'
+
+
+module main '../../linux/vm-flatcar-postgres/main.bicep' = {
+  name: 'vm-flatcar-postgres'
+  params: {
+    location: 'westus'
+    sshKey: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD'
+  }
+}
diff --git a/tests/linux/vm-mariner.test.bicep b/tests/linux/vm-mariner.test.bicep
new file mode 100644
index 0000000..7ea2e49
--- /dev/null
+++ b/tests/linux/vm-mariner.test.bicep
@@ -0,0 +1,10 @@
+targetScope = 'resourceGroup'
+
+
+module main '../../linux/vm-mariner/vm.bicep' = {
+  name: 'vm-mariner'
+  params: {
+    location: 'westus'
+    sshKey: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD'
+  }
+}
diff --git a/tests/linux/vm-mastodon.test.bicep b/tests/linux/vm-mastodon.test.bicep
new file mode 100644
index 0000000..9f1c382
--- /dev/null
+++ b/tests/linux/vm-mastodon.test.bicep
@@ -0,0 +1,8 @@
+targetScope = 'resourceGroup'
+
+
+module main '../../linux/vm-mastodon/vm.bicep' = {
+  name: 'vm-mastodon'
+  params: {
+  }
+}
diff --git a/tests/linux/vm.test.bicep b/tests/linux/vm.test.bicep
new file mode 100644
index 0000000..e50a46d
--- /dev/null
+++ b/tests/linux/vm.test.bicep
@@ -0,0 +1,9 @@
+targetScope = 'resourceGroup'
+
+
+module main '../../linux/vm/vm.bicep' = {
+  name: 'linux-vm'
+  params: {
+    location: 'westus'
+  }
+}
diff --git a/tests/linux/vmss.test.bicep b/tests/linux/vmss.test.bicep
new file mode 100644
index 0000000..f4b2734
--- /dev/null
+++ b/tests/linux/vmss.test.bicep
@@ -0,0 +1,8 @@
+targetScope = 'resourceGroup'
+
+
+module main '../../linux/vmss/vmss.bicep' = {
+  name: 'vmss'
+  params: {
+  }
+}