Skip to content

Latest commit

 

History

History

ControlCoverage

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
Feature
Feature
 
 
README.md
README.md
 
 

README.md

IMPORTANT: DevOps Kit (AzSK) is being sunset by end of FY21. More details here

Security controls covered by the Secure DevOps Kit for Azure

This page displays security controls that are automated via the devops kit and also controls that have to manually verified. Controls have a 'Severity' field to help distinguish issues by degree of risk. Apart from that the automated flag indicates whether a particular control is automated and 'Fix Script' provides the availability of a 'control fix' script that the user can review and run to apply the fixes.

Azure Services supported by AzSK

Below resource types can be checked for validating the security controls in SVT(GRS, GSS and CICD SVT task). please refer this for supported resource types in ARMChecker)

FeatureName Resource Type
Subscription
Alerts List
ARMPolicy List
AzSKCfg
APIConnection Microsoft.Web/connections
APIManagement Microsoft.ApiManagement/service
AppService Microsoft.Web/sites
ApplicationProxy NA
Automation Microsoft.Automation/automationAccounts
Batch Microsoft.Batch/batchAccounts
BotService Microsoft.BotService/botServices
CDN Microsoft.Cdn/profiles
CloudService Microsoft.ClassicCompute/domainNames
ContainerInstances Microsoft.ContainerInstance/containerGroups
ContainerRegistry Microsoft.ContainerRegistry/registries
CosmosDB Microsoft.DocumentDb/databaseAccounts
DataBricks Microsoft.Databricks/workspaces
DataFactory Microsoft.DataFactory/dataFactories
DataFactoryV2 Microsoft.DataFactory/factories
DataLakeAnalytics Microsoft.DataLakeAnalytics/accounts
DataLakeStore Microsoft.DataLakeStore/accounts
DBforPostgreSQL Microsoft.DBforPostgreSQL/servers
ERvNet Microsoft.Network/virtualNetworks
EventHub Microsoft.Eventhub/namespaces
HDInsight Microsoft.HDInsight/clusters
KeyVault Microsoft.KeyVault/vaults
KubernetesService Microsoft.ContainerService/ManagedClusters
LoadBalancer Microsoft.Network/loadBalancers
LogicApps Microsoft.Logic/Workflows
NotificationHub Microsoft.NotificationHubs/namespaces/notificationHubs
ODG Microsoft.Web/connectionGateways
RedisCache Microsoft.Cache/Redis
Search Microsoft.Search/searchServices
ServiceBus Microsoft.ServiceBus/namespaces
ServiceFabric Microsoft.ServiceFabric/clusters
SQLDatabase Microsoft.Sql/servers
Storage Microsoft.Storage/storageAccounts
StreamAnalytics Microsoft.StreamAnalytics/streamingjobs
TrafficManager Microsoft.Network/trafficmanagerprofiles
VirtualMachine Microsoft.Compute/virtualMachines
VirtualNetwork Microsoft.Network/virtualNetworks
DBForMySql Microsoft.MySql/servers