{"id":13667060,"url":"https://azure.github.io/PSRule.Rules.Azure/","last_synced_at":"2025-04-26T15:32:10.872Z","repository":{"id":37796166,"uuid":"184154668","full_name":"Azure/PSRule.Rules.Azure","owner":"Azure","description":"Rules to validate Azure resources and infrastructure as code (IaC) using PSRule.","archived":false,"fork":false,"pushed_at":"2025-04-25T05:02:27.000Z","size":433099,"stargazers_count":415,"open_issues_count":126,"forks_count":93,"subscribers_count":11,"default_branch":"main","last_synced_at":"2025-04-25T21:03:49.396Z","etag":null,"topics":["azure","azure-templates","bicep","cicd","devops","devops-tools","hacktoberfest","infrastructure-as-code","powershell","powershell-module","psrule","rule","testing-tools"],"latest_commit_sha":null,"homepage":"https://azure.github.io/PSRule.Rules.Azure/","language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Azure.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":"SUPPORT.md","governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-04-29T22:47:29.000Z","updated_at":"2025-04-25T04:54:35.000Z","dependencies_parsed_at":"2023-10-15T05:00:29.687Z","dependency_job_id":"84f65d2d-8115-48e8-a2d3-6fa68e0675cc","html_url":"https://github.com/Azure/PSRule.Rules.Azure","commit_stats":{"total_commits":1857,"total_committers":31,"mean_commits":"59.903225806451616","dds":0.3484114162627895,"last_synced_commit":"8d81817b2c2684285121ee3554dafb89705dbef4"},"previous_names":[],"tags_count":370,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Azure%2FPSRule.Rules.Azure","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Azure%2FPSRule.Rules.Azure/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Azure%2FPSRule.Rules.Azure/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Azure%2FPSRule.Rules.Azure/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Azure","download_url":"https://codeload.github.com/Azure/PSRule.Rules.Azure/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251008733,"owners_count":21522163,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["azure","azure-templates","bicep","cicd","devops","devops-tools","hacktoberfest","infrastructure-as-code","powershell","powershell-module","psrule","rule","testing-tools"],"created_at":"2024-08-02T07:00:28.057Z","updated_at":"2025-04-26T15:32:10.859Z","avatar_url":"https://github.com/Azure.png","language":"PowerShell","funding_links":[],"categories":["Microsoft Azure"],"sub_categories":[],"readme":"# PSRule for Azure\n\nA suite of rules to test Azure resources and Infrastructure as Code (IaC) using PSRule.\nThe built-in rules test the configuration of Azure resources for security, reliability, and much more.\nRules can be created to enforce your own policies and standards.\n\n[![Open in vscode.dev](https://img.shields.io/badge/Open%20in-vscode.dev-blue)][1]\n\nFeatures of PSRule for Azure include:\n\n- [Learn by example][6] - Fix issues quickly, and learn how to improve your Infrastructure as Code..\n- [Framework aligned][7] - Apply principals of Azure Well-Architected Framework to your workloads.\n- [Start day one][2] - Leverage over 450 pre-built rules to test Azure resources.\n- [DevOps integrated][3] - Test Azure infrastructure as code such as Bicep or Azure Resource Manager templates.\n- [Cross-platform][4] - Run locally or in the cloud on MacOS, Linux, and Windows.\n- [Open community][8] - Open source rules for the Azure community.\n\n  [1]: https://vscode.dev/github/Azure/PSRule.Rules.Azure\n  [2]: https://azure.github.io/PSRule.Rules.Azure/features/#start-day-one\n  [3]: https://azure.github.io/PSRule.Rules.Azure/features/#devops-integrated\n  [4]: https://azure.github.io/PSRule.Rules.Azure/features/#cross-platform\n  [6]: https://azure.github.io/PSRule.Rules.Azure/features/#learn-by-example\n  [7]: https://azure.github.io/PSRule.Rules.Azure/features/#framework-aligned\n  [8]: https://azure.github.io/PSRule.Rules.Azure/license-contributing/\n\n## Project objectives\n\n1. **Ready to go**:\n   - Provide a [Azure Well-Architected Framework][5] aligned suite of rules for validating Azure resources.\n   - Provide meaningful information to allow remediation.\n2. **DevOps**:\n   - Resources and Azure code can be tested before deployment within DevOps workflows.\n   - Allow pull request (PR) validation to prevent invalid configuration from being merged.\n3. **Enterprise ready**:\n   - Rules can be directly adopted and additional enterprise specific rules can be layered on.\n   - Provide regular baselines to allow progressive adoption.\n\n  [5]: https://learn.microsoft.com/azure/well-architected/\n\n## Support\n\nThis project uses GitHub Issues to track bugs and feature requests.\nBefore logging an issue please see our [troubleshooting guide].\n\nPlease search the existing issues before filing new issues to avoid duplicates.\n\n- For new issues, file your bug or feature request as a new [issue].\n- For help, discussion, and support questions about using this project, join or start a [discussion].\n\nIf you have any problems with the [PSRule][engine] engine, please check the project GitHub [issues](https://github.com/microsoft/PSRule/issues) page instead.\n\nSupport for this project/ product is limited to the resources listed above.\n\n## Getting the modules\n\nThis project requires the `PSRule` and `Az` PowerShell modules. For details on each see [install][10].\n\nYou can download and install these modules from the PowerShell Gallery.\n\nModule             | Description | Downloads / instructions\n------             | ----------- | ------------------------\nPSRule.Rules.Azure | Validate Azure resources and infrastructure as code using PSRule. | [latest][9] / [instructions][10]\n\nFor rule and integration modules see [related projects][11].\n\n  [9]: https://www.powershellgallery.com/packages/PSRule.Rules.Azure\n  [10]: https://azure.github.io/PSRule.Rules.Azure/install/\n  [11]: https://azure.github.io/PSRule.Rules.Azure/related-projects/\n\n## Getting started\n\nPSRule for Azure provides two methods for analyzing Azure resources:\n\n- _Pre-flight_ - Before resources are deployed from Azure Resource Manager templates.\n- _In-flight_ - After resources are deployed to an Azure subscription.\n\nFor specific use cases see [scenarios](#scenarios).\nFor additional details see the [FAQ][12].\n\nTo get started with a sample repository, see [PSRule for Azure Quick Start][13] on GitHub.\n\n  [12]: https://azure.github.io/PSRule.Rules.Azure/faq/\n  [13]: https://github.com/Azure/PSRule.Rules.Azure-quickstart\n\n### Using with GitHub Actions\n\nThe following example shows how to setup GitHub Actions to validate templates pre-flight.\n\n1. See [Creating a workflow file][create-workflow].\n2. Reference `microsoft/ps-rule` with `modules: 'PSRule.Rules.Azure'`.\n\nFor example:\n\n```yaml\n# Example: .github/workflows/analyze-arm.yaml\n\n#\n# STEP 1: Template validation\n#\nname: Analyze templates\non:\n  push:\n    branches:\n    - main\n  pull_request:\n    branches:\n    - main\njobs:\n  analyze_arm:\n    name: Analyze templates\n    runs-on: ubuntu-latest\n    steps:\n\n    - name: Checkout\n      uses: actions/checkout@v3\n\n    # STEP 2: Run analysis against exported data\n    - name: Analyze Azure template files\n      uses: microsoft/ps-rule@v2.9.0\n      with:\n        modules: 'PSRule.Rules.Azure'  # Analyze objects using the rules within the PSRule.Rules.Azure PowerShell module.\n```\n\n### Using with Azure Pipelines\n\nThe following example shows how to setup Azure Pipelines to validate templates pre-flight.\n\n1. Install [PSRule extension][extension] for Azure DevOps marketplace.\n2. Create a new YAML pipeline with the _Starter pipeline_ template.\n3. Add the `Install PSRule module` task.\n   - Set module to `PSRule.Rules.Azure`.\n4. Add the `PSRule analysis` task.\n   - Set input type to `repository`.\n   - Set modules to `PSRule.Rules.Azure`.\n\nFor example:\n\n```yaml\n# Example: .azure-pipelines/analyze-arm.yaml\n\n#\n# STEP 2: Template validation\n#\njobs:\n- job: 'analyze_arm'\n  displayName: 'Analyze templates'\n  pool:\n    vmImage: 'ubuntu-22.04'\n  steps:\n\n  # STEP 3: Install PSRule.Rules.Azure from the PowerShell Gallery\n  - task: ps-rule-install@2\n    displayName: Install PSRule.Rules.Azure\n    inputs:\n      module: 'PSRule.Rules.Azure'   # Install PSRule.Rules.Azure from the PowerShell Gallery.\n\n  # STEP 4: Run analysis against exported data\n  - task: ps-rule-assert@2\n    displayName: Analyze Azure template files\n    inputs:\n      modules: 'PSRule.Rules.Azure'   # Analyze objects using the rules within the PSRule.Rules.Azure PowerShell module.\n```\n\n### Using locally\n\nThe following example shows how to setup PSRule locally to validate templates pre-flight.\n\n1. Install the `PSRule.Rules.Azure` module and dependencies from the PowerShell Gallery.\n2. Run analysis against repository files.\n\nFor example:\n\n```powershell\n# STEP 1: Install PSRule.Rules.Azure from the PowerShell Gallery\nInstall-Module -Name 'PSRule.Rules.Azure' -Scope CurrentUser;\n\n# STEP 2: Run analysis against exported data\nAssert-PSRule -Module 'PSRule.Rules.Azure' -InputPath 'out/templates/' -Format File;\n```\n\n### Export in-flight resource data\n\nThe following example shows how to setup PSRule locally to validate resources running in a subscription.\n\n1. Install the `PSRule.Rules.Azure` module and dependencies from the PowerShell Gallery.\n2. Connect and set context to an Azure subscription from PowerShell.\n3. Export the resource data with the `Export-AzRuleData` cmdlet.\n4. Run analysis against exported data.\n\nFor example:\n\n```powershell\n# STEP 1: Install PSRule.Rules.Azure from the PowerShell Gallery\nInstall-Module -Name 'PSRule.Rules.Azure' -Scope CurrentUser;\n\n# STEP 2: Authenticate to Azure, only required if not currently connected\nConnect-AzAccount;\n\n# Confirm the current subscription context\nGet-AzContext;\n\n# STEP 3: Exports a resource graph stored as JSON for analysis\nExport-AzRuleData -OutputPath 'out/templates/';\n\n# STEP 4: Run analysis against exported data\nAssert-PSRule -Module 'PSRule.Rules.Azure' -InputPath 'out/templates/';\n```\n\n### Additional options\n\nBy default, resource data for the current subscription context will be exported.\n\nTo export resource data for specific subscriptions use:\n\n- `-Subscription` - to specify subscriptions by id or name.\n- `-Tenant` - to specify subscriptions within an Azure Active Directory Tenant by id.\n\nFor example:\n\n```powershell\n# Export data from two specific subscriptions\nExport-AzRuleData -Subscription 'Contoso Production', 'Contoso Non-production';\n```\n\nTo export specific resource data use:\n\n- `-ResourceGroupName` - to filter resources by Resource Group.\n- `-Tag` - to filter resources based on tag.\n\nFor example:\n\n```powershell\n# Export information from two resource groups within the current subscription context\nExport-AzRuleData -ResourceGroupName 'rg-app1-web', 'rg-app1-db';\n```\n\nTo export resource data for all subscription contexts use:\n\n- `-All` - to export resource data for all subscription contexts.\n\nFor example:\n\n```powershell\n# Export data from all subscription contexts\nExport-AzRuleData -All;\n```\n\nTo filter results to only failed rules, use `Invoke-PSRule -Outcome Fail`.\nPassed, failed and error results are shown by default.\n\nFor example:\n\n```powershell\n# Only show failed results\nInvoke-PSRule -InputPath 'out/templates/' -Module 'PSRule.Rules.Azure' -Outcome Fail;\n```\n\nThe output of this example is:\n\n```text\n   TargetName: storage\n\nRuleName                            Outcome    Recommendation\n--------                            -------    --------------\nAzure.Storage.UseReplication        Fail       Storage accounts not using GRS may be at risk\nAzure.Storage.SecureTransferRequ... Fail       Storage accounts should only accept secure traffic\nAzure.Storage.SoftDelete            Fail       Enable soft delete on Storage Accounts\n```\n\nA summary of results can be displayed by using `Invoke-PSRule -As Summary`.\n\nFor example:\n\n```powershell\n# Display as summary results\nInvoke-PSRule -InputPath 'out/templates/' -Module 'PSRule.Rules.Azure' -As Summary;\n```\n\nThe output of this example is:\n\n```text\nRuleName                            Pass  Fail  Outcome\n--------                            ----  ----  -------\nAzure.ACR.MinSku                    0     1     Fail\nAzure.AppService.PlanInstanceCount  0     1     Fail\nAzure.AppService.UseHTTPS           0     2     Fail\nAzure.Resource.UseTags              73    36    Fail\nAzure.SQL.ThreatDetection           0     1     Fail\nAzure.SQL.Auditing                  0     1     Fail\nAzure.Storage.UseReplication        1     7     Fail\nAzure.Storage.SecureTransferRequ... 2     6     Fail\nAzure.Storage.SoftDelete            0     8     Fail\n```\n\n## Scenarios\n\nFor walk through examples of PSRule for Azure module usage see:\n\n- [Validate Azure resources from templates with Azure Pipelines](docs/scenarios/azure-pipelines-ci/azure-pipelines-ci.md)\n- [Validate Azure resources from templates with continuous integration (CI)](docs/scenarios/azure-template-ci/azure-template-ci.md)\n- [Create a custom rule to enforce Resource Group tagging](https://azure.github.io/PSRule.Rules.Azure/customization/enforce-custom-tags/)\n- [Create a custom rule to enforce code ownership](https://azure.github.io/PSRule.Rules.Azure/customization/enforce-codeowners/)\n\n## Rule reference\n\nPSRule for Azure includes rules across five pillars of the [Microsoft Azure Well-Architected Framework][5].\n\n- [Rules for architecture excellence](https://azure.github.io/PSRule.Rules.Azure/en/rules/module/)\n  - [Cost Optimization](https://azure.github.io/PSRule.Rules.Azure/en/rules/module/#costoptimization)\n  - [Operational Excellence](https://azure.github.io/PSRule.Rules.Azure/en/rules/module/#operationalexcellence)\n  - [Performance Efficiency](https://azure.github.io/PSRule.Rules.Azure/en/rules/module/#performanceefficiency)\n  - [Reliability](https://azure.github.io/PSRule.Rules.Azure/en/rules/module/#reliability)\n  - [Security](https://azure.github.io/PSRule.Rules.Azure/en/rules/module/#security)\n\nTo view a list of rules by Azure resources see:\n\n- [Rules by resource](https://azure.github.io/PSRule.Rules.Azure/en/rules/resource/)\n\n## Baseline reference\n\nFor a list of baselines you can use in your configuration see [Baselines](https://azure.github.io/PSRule.Rules.Azure/en/baselines/).\n\n## Language reference\n\nPSRule for Azure extends PowerShell with the following cmdlets.\n\n### Commands\n\nPSRule for Azure included the following cmdlets:\n\n- [Export-AzRuleData](docs/commands/Export-AzRuleData.md) - Export resource configuration data from Azure subscriptions.\n- [Export-AzRuleTemplateData](docs/commands/Export-AzRuleTemplateData.md) - Export resource configuration data from Azure templates.\n- [Export-AzPolicyAssignmentData](docs/commands/Export-AzPolicyAssignmentData.md) - Export policy assignment data.\n- [Export-AzPolicyAssignmentRuleData](docs/commands/Export-AzPolicyAssignmentRuleData.md) - Export JSON based rules from policy assignment data.\n- [Get-AzRuleTemplateLink](docs/commands/Get-AzRuleTemplateLink.md) - Get a metadata link to a Azure template file.\n- [Get-AzPolicyAssignmentDataSource](docs/commands/Get-AzPolicyAssignmentDataSource.md) - Get policy assignment sources.\n\n## Concepts\n\nTo find out more, look at these conceptual topics:\n\n- Getting started:\n  - [How to install PSRule for Azure](https://azure.github.io/PSRule.Rules.Azure/install/)\n  - [Creating your pipeline](https://azure.github.io/PSRule.Rules.Azure/creating-your-pipeline/)\n- Testing infrastructure as code:\n  - [Expanding source files](https://azure.github.io/PSRule.Rules.Azure/expanding-source-files/)\n  - [Using templates](https://azure.github.io/PSRule.Rules.Azure/using-templates/)\n  - [Using Bicep source](https://aka.ms/ps-rule-azure/bicep)\n  - [Working with baselines](https://azure.github.io/PSRule.Rules.Azure/working-with-baselines/)\n- Setup:\n  - [Configuring options](https://aka.ms/ps-rule-azure/options)\n  - [Configuring rule defaults](https://azure.github.io/PSRule.Rules.Azure/setup/configuring-rules/)\n  - [Configuring expansion](https://azure.github.io/PSRule.Rules.Azure/setup/configuring-expansion/)\n  - [Setup Bicep](https://azure.github.io/PSRule.Rules.Azure/setup/setup-bicep/)\n  - [Setup Azure Monitor logs](https://aka.ms/ps-rule-azure/monitor)\n\n## Related projects\n\nFor a list of projects and integrations see [Related projects][11].\n\n## Changes and versioning\n\nThis repository uses [semantic versioning](http://semver.org/) to declare breaking changes.\nFor details please see the [changes and versioning](https://azure.github.io/PSRule.Rules.Azure/versioning/).\n\n## Contributing\n\nThis project welcomes contributions and suggestions.\nIf you are ready to contribute, please visit the [contribution guide](CONTRIBUTING.md).\n\n## Code of Conduct\n\nThis project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).\nFor more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/)\nor contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.\n\n## Maintainers\n\n- [Bernie White](https://github.com/BernieWhite)\n\n## License\n\nThis project is [licensed under the MIT License](LICENSE).\n\n## Trademarks\n\nThis project may contain trademarks or logos for projects, products, or services.\nAuthorized use of Microsoft trademarks or logos is subject to and must follow [Microsoft's Trademark \u0026 Brand Guidelines](https://www.microsoft.com/legal/intellectualproperty/trademarks).\nUse of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship.\nAny use of third-party trademarks or logos are subject to those third-party's policies.\n\n[issue]: https://github.com/Azure/PSRule.Rules.Azure/issues\n[discussion]: https://github.com/Azure/PSRule.Rules.Azure/discussions\n[engine]: https://github.com/microsoft/PSRule\n[create-workflow]: https://docs.github.com/actions/using-workflows#creating-a-workflow-file\n[extension]: https://marketplace.visualstudio.com/items?itemName=bewhite.ps-rule\n[troubleshooting guide]: https://azure.github.io/PSRule.Rules.Azure/troubleshooting/\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/azure.github.io%2FPSRule.Rules.Azure%2F","html_url":"https://awesome.ecosyste.ms/projects/azure.github.io%2FPSRule.Rules.Azure%2F","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/azure.github.io%2FPSRule.Rules.Azure%2F/lists"}