This quick blog post shows how to install the Secure DevOps Kit for Azure (AzSK). The Secure DevOps for Azure kit offers tools and best practices for creating and maintaining a secure architecture in the Microsoft cloud.
Requirements:
- PowerShell 5.0 or higher.
- Windows OS
Important: If you have installed Az PowerShell using Azure SDK in your machine. You need to remove the Azure PowerShell modules installed through Azure SDK completely. You could also take back up in case if you need. The AzSK also needs Az modules but it would download from PSGallery.
Check PowerShell version installed
If you want to check the version of PowerShell running on your machine, run the following command:
1 2 3 | $PSVersionTable.PSVersion |
Install the Secure DevOps Kit for Azure
Once the checks have been made, you can start the installation of the AzSK. To do this, run the PowerShell console as an administrator and then type:
1 2 3 | Install-Module AzSK -Scope CurrentUser -AllowClobber |
Check the version of AzSK module installed
If you want to check or verify that the module is installed, use the following command:
1 2 3 4 | Get-InstalledModule -Name AzSK |
Scan an Azure Resource Group for security vulnerabilities
The use of this tool I will explain in a next post but as a check, we will use the tool to analyze the current status of an Azure resource group of my subscription.
The simplest way to get started is to sign in interactively at the command line.
1 2 3 | Connect-AzAccount |
This cmdlet will bring up a dialog box prompting you for your email address and password associated with your Azure account.
If you have more than one subscription associated with your mail account, you can choose the default subscription. To perform this task, we will use the following commands:
1 2 3 4 5 | Get-AzSubscription Select-AzSubscription -Subscription "My Subscription" |
Set the variables
First, we define the variables that we will use.
1 2 3 4 | $subscriptionID = (Get-AzSubscription).Id $resourceGroupName = "RG-DEMO" |
and then, we perform the analysis of an Azure resource group, using the Get-AzSKAzureServicesSecurityStatus cmdlet with the following syntax:
1 2 3 4 | Get-AzSKAzureServicesSecurityStatus -SubscriptionId $subscriptionID ` -ResourceGroupNames $resourceGroupName |
The duration of this process depends on the number of resources contained in the resource group.
Once the verification of the Resource Group is completed, you will see the results folder open. There you will find the following information generated by the AzSK cmdlet:
- The summary CSV file listing all applicable controls and their evaluation status.
- The folder with the name of the resource group or the subscription that has been evaluated and within it will find a log file for each type of resource evaluated.
The files and folder generated by the AzSK cmdlet are described in more depth in the ReadMe.txt file present in the root output folder.
If you want to know more about the AzSK, check out this link:https://azsk.azurewebsites.net/README.html#setting-up-secure-devops-kit-for-azure