https://github.com/noelbundick/config-analyzer
Azure Configuration Analyzer
https://github.com/noelbundick/config-analyzer
Last synced: 3 months ago
JSON representation
Azure Configuration Analyzer
- Host: GitHub
- URL: https://github.com/noelbundick/config-analyzer
- Owner: noelbundick
- License: mit
- Created: 2021-01-27T18:37:29.000Z (about 4 years ago)
- Default Branch: main
- Last Pushed: 2023-01-10T04:52:19.000Z (about 2 years ago)
- Last Synced: 2024-08-13T07:17:48.259Z (6 months ago)
- Language: TypeScript
- Size: 523 KB
- Stars: 4
- Watchers: 2
- Forks: 1
- Open Issues: 15
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- jimsghstars - noelbundick/config-analyzer - Azure Configuration Analyzer (TypeScript)
README
# config-analyzer
Azure Configuration Analyzer
# Overview
`azca` is a console app that evaluates rules against an Azure configuration to perform semantic analysis. It is capable of analyzing complex configurations that span multiple resources and helps developers with remediation by providing direct links to product documentation.
- Rule types:
- [ARM Template](/docs/rules-armTemplate.md)
- [Resource Graph](/docs/rules-resourceGraph.md)
# Usage
```sh-session
$ npm install -g azca
$ azca COMMAND
running command...
$ azca (-v|--version|version)
azca/0.0.0 linux-x64 node-v14.15.5
$ azca --help [COMMAND]
USAGE
$ azca COMMAND
...
```
# Commands
- [`azca scan`](#azca-scan)
- [`azca scan:arm`](#azca-scanarm)
- [`azca scan:rg`](#azca-scanrg)
- [`azca scan:tf`](#azca-scantf)
## `azca scan`
Command to scan Azure Resources for potential configuration issues
```
USAGE
$ azca scan
OPTIONS
-d, --debug prints debugging logs
-f, --file=file JSON rules file path
-v, --verbose prints all results
EXAMPLE
$ azca scan:rg --subscription
$ azca scan:arm --subscription --group
```
## `azca scan:arm`
Scans exported ARM Templates for potential configuration issues
```
USAGE
$ azca scan:arm
OPTIONS
-d, --debug prints debugging logs
-f, --file=file JSON rules file path
-g, --group=group Azure resource groups to scan
-s, --subscription=subscription Azure subscription id to scan
-v, --verbose prints all results
EXAMPLE
$ azca scan:arm --subscription --group
[rule-name]
[✓ | ❌][rule-description]
Resources:
[resource-ids]
[total-passing]
[total-failing]
[total-rules-scanned]
```
## `azca scan:rg`
Uses Resource Graph queries to scan Azure resources for potential configuration issues
```
USAGE
$ azca scan:rg
OPTIONS
-d, --debug prints debugging logs
-f, --file=file JSON rules file path
-g, --group=group Azure resource groups to scan
-s, --subscription=subscription (required) Azure subscription id to scan
-v, --verbose prints all results
EXAMPLE
$ azca scan:rg --subscription
[rule-name]
[✓ | ❌][rule-description]
Resources:
[resource-ids]
[total-passing]
[total-failing]
[total-rules-scanned]
```
## `azca scan:tf`
Scans Terrform JSON plan file for potential configuration issues
```
USAGE
$ azca scan:tf
OPTIONS
-d, --debug prints debugging logs
-f, --file=file JSON rules file path
-p, --plan=plan JSON terraform plan file to evaluate
-v, --verbose prints all results
EXAMPLE
$ azca scan:tf --plan
[rule-name]
[✓ | ❌][rule-description]
Resources:
[resource-address]
[total-passing]
[total-failing]
[total-rules-scanned]
```
# Development
To run the integration tests:
- Copy `.env.template` to `.env` and fill with your desired values
- `npm test`