← Back to projects
AzAudit
bash
$ git clone https://github.com/MosesUgwulo/AzAudit.git$ cd AzAudit$ python -m venv .venv && source .venv/bin/activate$ pip install -r requirements.txt# optional: provision one compliant and one non-compliant test resource$ terraform -chdir=terraform init$ terraform -chdir=terraform apply$ python cli.py --subscription-id <subscription-id># results print to the console and a report.csv is written
Example output: a scan of two test storage accounts (one compliant, one not).
| Storage Account Name | Result | Compliance rule checked | Description of rule checked |
|---|---|---|---|
| stazaudittest001 | Passed | Check HTTPS | Checking to see if HTTPS is enabled on the storage account |
| stazaudittest001 | Passed | Check TLS Version | Checks the TLS version and making sure it matches TLS1_2 |
| stazaudittest002 | Failed | Check HTTPS | Checking to see if HTTPS is enabled on the storage account |
| stazaudittest002 | Failed | Check TLS Version | Checks the TLS version and making sure it matches TLS1_2 |
AzAudit connects to an Azure subscription, retrieves resource configurations, and evaluates them against compliance rules defined in YAML. Results are printed to the console and exported as a CSV report. It currently focuses on storage account checks, with more resource types planned.
Highlights
- Configurable YAML rule engine: add new compliance checks by editing YAML, with no code changes.
- Prints the results to the console and writes a CSV audit report.
- Dockerised, with a service-principal mode for running in CI pipelines.
- GitHub Actions CI runs the test suite and only builds the image if the tests pass.
- Terraform provisions compliant and non-compliant test resources to verify detection.