{"id":15291071,"url":"https://github.com/azure/azqr","last_synced_at":"2026-03-10T06:17:13.118Z","repository":{"id":63183014,"uuid":"552832415","full_name":"Azure/azqr","owner":"Azure","description":"Azure Quick Review","archived":false,"fork":false,"pushed_at":"2026-03-03T07:02:13.000Z","size":31473,"stargazers_count":743,"open_issues_count":1,"forks_count":133,"subscribers_count":14,"default_branch":"main","last_synced_at":"2026-03-03T10:47:17.700Z","etag":null,"topics":["aprl","assessment","assessment-tool","azqr","azure","best-practices","hacktoberfest","hacktoberfest-accepted"],"latest_commit_sha":null,"homepage":"https://azure.github.io/azqr","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Azure.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2022-10-17T09:47:59.000Z","updated_at":"2026-03-03T07:13:21.000Z","dependencies_parsed_at":"2023-10-11T11:23:07.030Z","dependency_job_id":"e0dd2f9c-2ce0-4b77-8b8d-e89b7d0519d2","html_url":"https://github.com/Azure/azqr","commit_stats":{"total_commits":466,"total_committers":14,"mean_commits":"33.285714285714285","dds":0.1566523605150214,"last_synced_commit":"14c6c9e2a2a27d60eecbe0e3fb8afbfdca28294e"},"previous_names":["cmendible/azqr"],"tags_count":136,"template":false,"template_full_name":null,"purl":"pkg:github/Azure/azqr","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Azure%2Fazqr","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Azure%2Fazqr/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Azure%2Fazqr/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Azure%2Fazqr/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Azure","download_url":"https://codeload.github.com/Azure/azqr/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Azure%2Fazqr/sbom","scorecard":{"id":469841,"data":{"date":"2025-08-19T11:39:44Z","repo":{"name":"github.com/Azure/azqr","commit":"776467a222f7e3013f8018dd3b1a8f64278b1aa4"},"scorecard":{"version":"v5.2.1","commit":"ab2f6e92482462fe66246d9e32f642855a691dc1"},"score":6.9,"checks":[{"name":"Maintained","score":10,"reason":"30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#maintained"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#security-policy"}},{"name":"Code-Review","score":0,"reason":"Found 0/4 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#code-review"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dependency-update-tool"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dangerous-workflow"}},{"name":"Pinned-Dependencies","score":8,"reason":"dependency not pinned by hash detected -- score normalized to 8","details":["Warn: npmCommand not pinned by hash: .github/workflows/gh-pages.yml:81","Warn: npmCommand not pinned by hash: .github/workflows/gh-pages.yml:82","Warn: npmCommand not pinned by hash: .github/workflows/gh-pages.yml:83","Warn: npmCommand not pinned by hash: .github/workflows/gh-pages.yml:84","Info:  32 out of  32 GitHub-owned GitHubAction dependencies pinned","Info:  17 out of  17 third-party GitHubAction dependencies pinned","Info:   0 out of   4 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#pinned-dependencies"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: jobLevel 'contents' permission set to 'write': .github/workflows/build.yml:163","Warn: jobLevel 'packages' permission set to 'write': .github/workflows/build.yml:164","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/build.yml:210","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/build.yml:229","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/build.yml:308","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/build.yml:68","Warn: jobLevel 'packages' permission set to 'write': .github/workflows/build.yml:69","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/build.yml:117","Warn: jobLevel 'packages' permission set to 'write': .github/workflows/build.yml:118","Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:31","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:32","Info: jobLevel 'contents' permission set to 'read': .github/workflows/scorecards.yml:29","Info: jobLevel 'actions' permission set to 'read': .github/workflows/scorecards.yml:30","Info: jobLevel 'issues' permission set to 'read': .github/workflows/scorecards.yml:32","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/scorecards.yml:33","Info: jobLevel 'checks' permission set to 'read': .github/workflows/scorecards.yml:35","Info: topLevel permissions set to 'read-all': .github/workflows/build.yml:21","Info: topLevel 'contents' permission set to 'read': .github/workflows/bump-winget.yml:13","Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:24","Info: topLevel 'contents' permission set to 'read': .github/workflows/dependency-review.yml:13","Info: topLevel 'contents' permission set to 'read': .github/workflows/docker-publish.yml:14","Warn: topLevel 'packages' permission set to 'write': .github/workflows/docker-publish.yml:15","Info: topLevel 'contents' permission set to 'read': .github/workflows/gh-pages.yml:17","Info: topLevel permissions set to 'read-all': .github/workflows/scorecards.yml:18","Info: topLevel 'contents' permission set to 'read': .github/workflows/stale.yml:7"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":2,"reason":"badge detected: InProgress","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#cii-best-practices"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#fuzzing"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v.2.7.6 not signed: https://api.github.com/repos/Azure/azqr/releases/238993018","Warn: release artifact v.2.7.5 not signed: https://api.github.com/repos/Azure/azqr/releases/238813544","Warn: release artifact v.2.7.4 not signed: https://api.github.com/repos/Azure/azqr/releases/237999120","Warn: release artifact v.2.7.3 not signed: https://api.github.com/repos/Azure/azqr/releases/237184719","Warn: release artifact v.2.7.2 not signed: https://api.github.com/repos/Azure/azqr/releases/234176786","Warn: release artifact v.2.7.6 does not have provenance: https://api.github.com/repos/Azure/azqr/releases/238993018","Warn: release artifact v.2.7.5 does not have provenance: https://api.github.com/repos/Azure/azqr/releases/238813544","Warn: release artifact v.2.7.4 does not have provenance: https://api.github.com/repos/Azure/azqr/releases/237999120","Warn: release artifact v.2.7.3 does not have provenance: https://api.github.com/repos/Azure/azqr/releases/237184719","Warn: release artifact v.2.7.2 does not have provenance: https://api.github.com/repos/Azure/azqr/releases/234176786"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/docker-publish.yml:21"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#packaging"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: SAST configuration detected: CodeQL","Info: all commits (29) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#sast"}},{"name":"CI-Tests","score":10,"reason":"12 out of 12 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#ci-tests"}},{"name":"Contributors","score":10,"reason":"project has 7 contributing companies or organizations","details":["Info: found contributions from: Azure, MicrosoftDocs, dapr, dotnet-foundation, infofarm, microsoft, msmvps"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#contributors"}}]},"last_synced_at":"2025-08-19T13:35:07.369Z","repository_id":63183014,"created_at":"2025-08-19T13:35:07.369Z","updated_at":"2025-08-19T13:35:07.369Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30326884,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-10T05:25:20.737Z","status":"ssl_error","status_checked_at":"2026-03-10T05:25:17.430Z","response_time":106,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aprl","assessment","assessment-tool","azqr","azure","best-practices","hacktoberfest","hacktoberfest-accepted"],"created_at":"2024-09-30T16:10:50.508Z","updated_at":"2026-03-10T06:17:13.077Z","avatar_url":"https://github.com/Azure.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![build](https://github.com/Azure/azqr/actions/workflows/build.yml/badge.svg)](https://github.com/Azure/azqr/actions/workflows/build.yaml)\n[![CodeQL](https://github.com/Azure/azqr/actions/workflows/codeql.yml/badge.svg)](https://github.com/Azure/azqr/actions/workflows/codeql.yml)\n[![Github All Releases](https://img.shields.io/github/downloads/Azure/azqr/total.svg)]()\n[![codecov](https://codecov.io/gh/Azure/azqr/branch/main/graph/badge.svg?token=VReik9rs3l)](https://codecov.io/gh/Azure/azqr)\n[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/9896/badge)](https://www.bestpractices.dev/projects/9896)\n[![Average time to resolve an issue](http://isitmaintained.com/badge/resolution/Azure/azqr.svg)](http://isitmaintained.com/project/Azure/azqr \"Average time to resolve an issue\")\n[![Percentage of issues still open](http://isitmaintained.com/badge/open/Azure/azqr.svg)](http://isitmaintained.com/project/Azure/azqr \"Percentage of issues still open\")\n\n# Azure Quick Review\n\n[![Open in vscode.dev](https://img.shields.io/badge/Open%20in-vscode.dev-blue)](https://vscode.dev/github/Azure/azqr)\n\n![Azure Quick Review](/docs/static/logo/azqr_readme.png)\n\n**Azure Quick Review (azqr)** is a powerful command-line interface (CLI) tool that specializes in analyzing Azure resources to ensure compliance with Azure's best practices and recommendations. Its main objective is to offer users a comprehensive overview of their Azure resources, allowing them to easily identify any non-compliant configurations or areas for improvement.\n\n## Azure Quick Review Recommendations\n\n**Azure Quick Review (azqr)** scans your resources with 2 types of recommendations:\n\n* **Azure Resource Graph (ARG)** queries provided by the [Azure Proactive Resiliency Library v2 (APRL)](https://aka.ms/aprl) and the Azure Orphaned Resources (https://github.com/dolevshor/azure-orphan-resources) projects\n* **Azure Resource Manager (ARM)** rules built with the Azure Golang SDK\n\nTo learn more about the recommendations used by **Azure Quick Review (azqr)**, you can refer to the documentation available [here](https://azure.github.io/azqr/docs/recommendations/).\n\n## Scan Results\n\nThe output generated by **Azure Quick Review (azqr)** is written by default to an Excel file, which contains the following sheets:\n\n* **Recommendations**: a list with all recommendations with the number of resources that are impacted. You can use this table as an action plan to improve the compliance of your resources.\n* **ImpactedResources**: a list with all resources that are impacted. You can use this table to identify resources that have issues that need to be addressed.\n* **ResourceTypes**: a list of impacted resource types.\n* **Inventory**: a list of all resources scanned by the tool. Here you'll find details such as SKU, Tier, Kind or calculated SLA.\n* **Advisor**: a list of recommendations provided by Azure Advisor.\n* **Azure Policy**: a list of non-compliant resources based on Azure Policy states.\n* **Arc SQL**: a list of Azure Arc-enabled SQL Server instances with extension installation status, licensing, and feature enablement details.\n* **DefenderRecommendations**: a list of recommendations provided by Microsoft Defender for Cloud.\n* **OutOfScope**: a list of resources that were not scanned.\n* **Defender**: a list of Microsoft Defender for Cloud plans and their tiers.\n* **Costs**: a list of costs associated with the scanned subscription for the last 3 months.\n\n\u003e By default, Azure Quick Review (azqr) obfuscates the Subscription Ids in the output to ensure the protection of sensitive information and maintain data privacy and security. If you want to display the Subscription Ids without obfuscation, you can use the `--mask=false` flag when executing the tool.\n\n\u003e Azure Quick Review can also generate an csv files with the same information as the excel. To generate the csv files, you can use the `--csv` flag when running the tool.\n\n## Supported Azure Services\n\n**Azure Quick Review (azqr)** currently supports the following Azure services:\n\nAbbreviation  | Resource Type\n---|---\naa | Microsoft.Automation/automationAccounts\nadf | Microsoft.DataFactory/factories\nafd | Microsoft.Cdn/profiles\nafw | Microsoft.Network/azureFirewalls\nafw | Microsoft.Network/ipGroups\nagw | Microsoft.Network/applicationGateways\naif | Microsoft.CognitiveServices/accounts\naks | Microsoft.ContainerService/managedClusters\namg | Microsoft.Dashboard/grafana\napim | Microsoft.ApiManagement/service\nappcs | Microsoft.AppConfiguration/configurationStores\nappi | Microsoft.Insights/components\nappi | Microsoft.Insights/activityLogAlerts\narc | Microsoft.HybridCompute/machines\nas | Microsoft.AnalysisServices/servers\nasp | Microsoft.Web/serverFarms\nasp | Microsoft.Web/sites\nasp | Microsoft.Web/connections\nasp | Microsoft.Web/certificates\navail | Microsoft.Compute/availabilitySets\navd | Specialized.Workload/AVD\navs | Microsoft.AVS/privateClouds\navs | Specialized.Workload/AVS\nba | Microsoft.Batch/batchAccounts\nca | Microsoft.App/containerApps\ncae | Microsoft.App/managedenvironments\nci | Microsoft.ContainerInstance/containerGroups\ncon | Microsoft.Network/connections\ncosmos | Microsoft.DocumentDB/databaseAccounts\ncr | Microsoft.ContainerRegistry/registries\ndbw | Microsoft.Databricks/workspaces\ndec | Microsoft.Kusto/clusters\ndisk | Microsoft.Compute/disks\nerc | Microsoft.Network/expressRouteCircuits\nerc | Microsoft.Network/ExpressRoutePorts\nevgd | Microsoft.EventGrid/domains\nevh | Microsoft.EventHub/namespaces\nfabric | Microsoft.Fabric/capacities\nfdfp | Microsoft.Network/frontdoorWebApplicationFirewallPolicies\ngal | Microsoft.Compute/galleries\nhpc | Specialized.Workload/HPC\nhub | Microsoft.MachineLearningServices/workspaces\niot | Microsoft.Devices/IotHubs\nit | Microsoft.VirtualMachineImages/imageTemplates\nkv | Microsoft.KeyVault/vaults\nlb | Microsoft.Network/loadBalancers\nlog | Microsoft.OperationalInsights/workspaces\nlogic | Microsoft.Logic/workflows\nmaria | Microsoft.DBforMariaDB/servers\nmaria | Microsoft.DBforMariaDB/servers/databases\nmysql | Microsoft.DBforMySQL/servers\nmysql | Microsoft.DBforMySQL/flexibleServers\nnetapp | Microsoft.NetApp/netAppAccounts\nng | Microsoft.Network/natGateways\nnic | Microsoft.Network/networkInterfaces\nnsg | Microsoft.Network/networkSecurityGroups\nnw | Microsoft.Network/networkWatchers\nodb | Oracle.Database/cloudExadataInfrastructures\nodb | Oracle.Database/cloudVmClusters\npdnsz | Microsoft.Network/privateDnsZones\npep | Microsoft.Network/privateEndpoints\npip | Microsoft.Network/publicIPAddresses\npsql | Microsoft.DBforPostgreSQL/servers\npsql | Microsoft.DBforPostgreSQL/flexibleServers\nredis | Microsoft.Cache/Redis\nrg | Microsoft.Resources/resourceGroups\nrsv | Microsoft.RecoveryServices/vaults\nrt | Microsoft.Network/routeTables\nsap | Specialized.Workload/SAP\nsb | Microsoft.ServiceBus/namespaces\nsigr | Microsoft.SignalRService/SignalR\nsql | Microsoft.Sql/servers\nsql | Microsoft.Sql/servers/databases\nsql | Microsoft.Sql/servers/elasticPools\nsrch | Microsoft.Search/searchServices\nst | Microsoft.Storage/storageAccounts\nsynw | Microsoft.Synapse/workspaces\nsynw | Microsoft.Synapse workspaces/bigDataPools\nsynw | Microsoft.Synapse/workspaces/sqlPools\ntraf | Microsoft.Network/trafficManagerProfiles\nvdpool | Microsoft.DesktopVirtualization/hostPools\nvdpool | Microsoft.DesktopVirtualization/scalingPlans\nvdpool | Microsoft.DesktopVirtualization/workspaces\nvgw | Microsoft.Network/virtualNetworkGateways\nvm | Microsoft.Compute/virtualMachines\nvmss | Microsoft.Compute/virtualMachineScaleSets\nvnet | Microsoft.Network/virtualNetworks\nvnet | Microsoft.Network/virtualNetworks/subnets\nvwan | Microsoft.Network/virtualWans\nwps | Microsoft.SignalRService/webPubSub\n\n## Usage\n\n### Install on Linux or Azure Cloud Shell (Bash)\n\n```bash\nbash -c \"$(curl -fsSL https://raw.githubusercontent.com/azure/azqr/main/scripts/install.sh)\"\n```\n\n### Install on Windows\n\nUse `winget`:\n\n```console\nwinget install azqr\n```\n\nor download the executable file:\n\n```\nSet-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/azure/azqr/main/scripts/install.ps1'))\n```\n\n### Install on Mac\n\nUse `homebrew`:\n\n```console\nbrew install azqr\n```\n\nor download the latest release from [here](https://github.com/Azure/azqr/releases).\n\n### Authentication\n\n**Azure Quick Review (azqr)** supports the following authentication methods:\n\n* Service Principal. You'll need to set the following environment variables:\n  * AZURE_CLIENT_ID\n  * AZURE_CLIENT_SECRET\n  * AZURE_TENANT_ID\n* Azure Managed Identity\n* Azure CLI (Using this type of authentication will make scans run slower)\n\n### Credential Chain Configuration\n\n**Azure Quick Review (azqr)** uses the Azure SDK's `DefaultAzureCredential` which automatically selects the most appropriate credential based on your environment. You can customize the credential chain behavior by setting the `AZURE_TOKEN_CREDENTIALS` environment variable.\n\n**Development environments:**\nSet `AZURE_TOKEN_CREDENTIALS=dev` to use Azure CLI (`az`) or Azure Developer CLI (`azd`) credentials.\n\n**Production environments:** \nSet `AZURE_TOKEN_CREDENTIALS=pros` to use environment variables, workload identity, or managed identity credentials.\n\n### Authorization\n\n**Azure Quick Review (azqr)** requires the following permissions:\n\n* Reader over Subscription or Management Group scope\n\n### Cloud Configuration\n\n**Azure Quick Review (azqr)** supports scanning resources in different Azure cloud environments including Azure Public Cloud, Azure Government, Azure China, and custom cloud configurations.\n\nYou can configure the target cloud using environment variables such as `AZURE_CLOUD`, `AZURE_AUTHORITY_HOST`, `AZURE_RESOURCE_MANAGER_ENDPOINT`, and `AZURE_RESOURCE_MANAGER_AUDIENCE`.\n\n\u003e For detailed cloud configuration options and examples, see the [Usage section](https://azure.github.io/azqr/docs/usage/) in the documentation.\n\n### Running the Scan\n\nTo scan all resources in all subscription run:\n\n```bash\n./azqr scan\n```\n\nTo scan all resources in a specific management group run:\n\n```bash\n./azqr scan --management-group-id \u003cmanagement_group_id\u003e\n```\n\nTo scan all resources in a specific subscription run:\n\n```bash\n./azqr scan -s \u003csubscription_id\u003e\n```\n\nTo scan a specific resource group in a specific subscription run:\n\n```bash\n./azqr scan -s \u003csubscription_id\u003e -g \u003cresource_group_name\u003e\n```\n\nFor information on available commands and help run:\n\n```bash\n./azqr -h\n```\n\n### Interactive Dashboard (show command)\n\nYou can explore your scan results with a lightweight embedded web UI using the `show` command. The dashboard supports both Excel and JSON report formats:\n\n1. Generate a report (Excel or JSON):\n\n```bash\n# Excel format (default)\n./azqr scan -s \u003csubscription_id\u003e --output-name report\n\n# JSON format\n./azqr scan -s \u003csubscription_id\u003e --output-name report --json\n```\n\n2. Launch the dashboard:\n\n```bash\n# With Excel file\n./azqr show -f report.xlsx --open\n\n# With JSON file\n./azqr show -f report.json --open\n```\n\n### Compare Scan Reports (compare command)\n\nYou can compare two azqr scan reports to identify differences in recommendations and resources using the `compare` command:\n\n```bash\n# Compare two Excel reports\n./azqr compare --file1 scan_before.xlsx --file2 scan_after.xlsx\n\n# Save comparison results to a file\n./azqr compare --file1 scan1.xlsx --file2 scan2.xlsx --output comparison.txt\n```\n\n## Advanced Features\n\nAzure Quick Review includes optional **internal plugins** that provide advanced analytics beyond standard recommendations. Plugins can be run as standalone commands for faster execution or integrated with full scans.\n\n### OpenAI Throttling Monitor\n\nMonitors Azure OpenAI and Cognitive Services accounts for throttling (HTTP 429 errors) to identify capacity constraints.\n\n- Tracks throttling by hour, model, and deployment\n- Analyzes spillover configuration effectiveness  \n- Reports request counts by status code\n\n**Use Cases**: Capacity planning, troubleshooting throttling, optimizing deployment configuration\n\n```bash\n# Run as standalone command (fast, plugin-only mode)\n./azqr openai-throttling\n\n# Or integrate with full scan\n./azqr scan --plugin openai-throttling\n```\n\n### Carbon Emissions Tracking\n\nAnalyzes carbon emissions by Azure resource type to support sustainability reporting and optimization.\n\n- Tracks emissions by resource type\n- Calculates month-over-month trends\n- Aggregates across subscriptions\n\n**Use Cases**: Sustainability reporting, compliance, environmental impact analysis\n\n```bash\n# Run as standalone command (fast, plugin-only mode)\n./azqr carbon-emissions\n\n# Or integrate with full scan\n./azqr scan --plugin carbon-emissions\n```\n\n### Zone Mapping\n\nRetrieves logical-to-physical availability zone mappings for all Azure regions in each subscription.\n\n- Maps logical zones (1, 2, 3) to physical zone identifiers\n- Reveals subscription-specific zone mappings\n- Essential for multi-subscription architectures\n\n**Use Cases**: Multi-subscription architecture design, DR planning with zone awareness, zone alignment\n\n```bash\n# Run as standalone command (fast, plugin-only mode)\n./azqr zone-mapping\n\n# Compare mappings across subscriptions\n./azqr zone-mapping --subscription-id sub1 --subscription-id sub2\n\n# Or integrate with full scan\n./azqr scan --plugin zone-mapping\n```\n\n[📖 Full Documentation](https://azure.github.io/azqr/docs/plugins/zone-mapping/)\n\n### Combining Features\n\n```bash\n# Run multiple plugins as standalone commands (fastest)\n./azqr openai-throttling\n./azqr carbon-emissions\n./azqr zone-mapping\n\n# Or run multiple plugins with a full scan\n./azqr scan --subscription-id \u003csub-id\u003e \\\n  --plugin openai-throttling \\\n  --plugin carbon-emissions \\\n  --plugin zone-mapping \\\n  --output-name comprehensive-analysis\n```\n\nResults from all enabled plugins are included in the Excel, JSON, or CSV output.\n\n\u003e 💡 **Tip**: Plugin commands (e.g., `azqr openai-throttling`) run in optimized plugin-only mode for faster execution, skipping resource and APRL scanning. Use `azqr plugins list` to see all available plugins.\n\n[📖 Internal Plugins Documentation](https://azure.github.io/azqr/docs/plugins/internal-plugins/)\n\n## Binary Verification\n\nTo verify the authenticity of downloaded binaries, see our [Binary Verification Guide](SECURITY_VERIFICATION.md).\n\n## Filtering Recommendations and more\n\nYou can configure Azure Quick Review to include or exclude specific subscriptions or resource groups and also exclude services or recommendations. To do so, create a `yaml` file with the following format:\n\n```yaml\nazqr:\n  include:\n    subscriptions:\n      - \u003csubscription_id\u003e # format: \u003csubscription_id\u003e\n    resourceGroups:\n      - \u003cresource_group_resource_id\u003e # format: /subscriptions/\u003csubscription_id\u003e/resourceGroups/\u003cresource_group_name\u003e\n    resourceTypes:\n      - \u003cresource type abbreviation\u003e # format: Abbreviation of the resource type. For example: \"vm\" for \"Microsoft.Compute/virtualMachines\"\n  exclude:\n    subscriptions:\n      - \u003csubscription_id\u003e # format: \u003csubscription_id\u003e\n    resourceGroups:\n      - \u003cresource_group_resource_id\u003e # format: /subscriptions/\u003csubscription_id\u003e/resourceGroups/\u003cresource_group_name\u003e\n    services:\n      - \u003cservice_resource_id\u003e # format: /subscriptions/\u003csubscription_id\u003e/resourceGroups/\u003cresource_group_name\u003e/providers/\u003cservice_provider\u003e/\u003cservice_name\u003e\n    recommendations:\n      - \u003crecommendation_id\u003e # format: \u003crecommendation_id\u003e\n```\n\nThen run the scan with the `--filters` flag:\n\n```bash\n./azqr scan --filters \u003cpath_to_yaml_file\u003e\n```\n\n\u003e Check the [rules](https://azure.github.io/azqr/docs/recommendations/) to get the recommendation ids.\n\n## Troubleshooting\n\n### General Issues\n\nIf you encounter any issue while using **Azure Quick Review (azqr)**, please set the `AZURE_SDK_GO_LOGGING` environment variable to `all`, run the tool with the `--debug` flag and then share the console output with us by filing a new [issue](https://github.com/Azure/azqr/issues).\n\n### Cost Analysis Permission Issues\n\nIf you encounter an error related to cost analysis access when running `azqr scan`, such as:\n\n```\nFTL Failed to query costs error=\"POST https://management.azure.com/subscriptions/.../providers/Microsoft.CostManagement/query\nERROR CODE: AccountCostDisabled\nmessage: \"Access to cost data has been disabled for account admins...\"\n```\n\nThis occurs when your account has READER permissions but lacks access to cost analysis data. Azure Cost Management requires specific permissions beyond standard READER access.\n\n**Solution:**\n\n**Disable cost scanning** by using the `-c=false` flag:\n```bash\nazqr scan -c=false\n```\nThis will skip cost analysis and generate a complete report with all other Azure resource recommendations.\n\n**Note:** Cost analysis provides valuable insights into resource spending over the last 3 months, but it's optional for security and compliance recommendations.\n\n## Building Locally\n\nMake sure you have `Go 1.23.x` or higher installed in your environment. You can set `GOROOT=\u003cpath_to_go_libexec\u003e folder` and `GOPATH=\u003cpath_to_go_dep_folder\u003e` if you want to be specific about where to find Go binary and Go dependencies.\n\n```bash\n   git clone git@github.com:Azure/azqr.git\n   cd azqr\n   git submodule init\n   git submodule update --recursive\n   make\n ```\n\n## Support\n\nThis project uses GitHub Issues to track bugs and feature requests.\nBefore logging an issue please check our [troubleshooting](#troubleshooting) guide.\n\nPlease search the existing issues before filing new issues to avoid duplicates.\n\n- For new issues, file your bug or feature request as a new [issue](https://github.com/Azure/azqr/issues).\n- For help, discussion, and support questions about using this project, join or start a [discussion](https://github.com/Azure/azqr/discussions).\n\nSupport for this project / product is limited to the resources listed above.\n\n## Contributors\n\nThanks to everyone who has contributed!\n\n\u003ca href=\"https://github.com/Azure/azqr/graphs/contributors\"\u003e\n  \u003cimg src=\"https://contributors-img.web.app/image?repo=Azure/azqr\" /\u003e\n\u003c/a\u003e\n\n## Code of Conduct\n\nThis project has adopted the [Microsoft Open Source Code of Conduct](CODE_OF_CONDUCT.md)\n\n## Trademark Notice\n\n\u003e **Trademarks** This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft’s Trademark \u0026 Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party’s policies.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fazure%2Fazqr","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fazure%2Fazqr","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fazure%2Fazqr/lists"}