This quick blog post shows how to install the Secure DevOps Kit for Azure (AzSK). The Secure DevOps for Azure kit offers tools and best practices for creating and maintaining a secure architecture in the Microsoft cloud. Requirements:
- PowerShell 5.0 or higher.
- Windows OS
Important: If you have installed Az PowerShell using Azure SDK on your machine. You need to remove the Azure PowerShell modules installed through Azure SDK completely. You could also take backup in case you need it. The AzSK also needs Az modules but it would download from PSGallery.
Check the PowerShell version installed #
If you want to check the version of PowerShell running on your machine, run the following command:
Install the Secure DevOps Kit for Azure #
Once the checks have been made, you can start the installation of the AzSK. To do this, run the PowerShell console as an administrator and then type:
Install-Module AzSK ` -Scope CurrentUser ` -AllowClobber
Check the version of the AzSK module installed #
If you want to check or verify that the module is installed, use the following command:
Get-InstalledModule ` -Name AzSK
Scan an Azure Resource Group for security vulnerabilities #
The use of this tool I will explain in the next post but as a check, we will use the tool to analyze the current status of an Azure resource group of my subscription. The simplest way to get started is to sign in interactively at the command line.
This cmdlet will bring up a dialog box prompting you for your email address and password associated with your Azure account. If you have more than one subscription associated with your mail account, you can choose the default subscription. To perform this task, we will use the following commands:
Get-AzSubscription Select-AzSubscription ` -Subscription "My Subscription"
Set the variables First, we define the variables that we will use.
$subscriptionID = (Get-AzSubscription).Id $resourceGroupName = "RG-DEMO"
and then, we perform the analysis of an Azure resource group, using the Get-AzSKAzureServicesSecurityStatus cmdlet with the following syntax:
Get-AzSKAzureServicesSecurityStatus ` -SubscriptionId $subscriptionID ` -ResourceGroupNames $resourceGroupName
The duration of this process depends on the number of resources contained in the resource group. Once the verification of the Resource Group is completed, you will see the results folder open. There you will find the following information generated by the AzSK cmdlet:
- The summary CSV file listing all applicable controls and their evaluation status.
- The folder with the name of the resource group or the subscription that has been evaluated and within it will find a log file for each type of resource evaluated.
Thanks for reading my post. I hope you find it useful.
If you want to know more about the Secure DevOps Kit for Azure, check out this link.