azure-policy
shellharden
Our great sponsors
azure-policy | shellharden | |
---|---|---|
9 | 16 | |
1,430 | 4,537 | |
2.0% | - | |
8.1 | 4.7 | |
9 days ago | about 1 month ago | |
Open Policy Agent | Rust | |
MIT License | Mozilla Public License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
azure-policy
- VMSS Azure Policy Compliance
-
Automation as key to cloud adoption success
Reference: https://github.com/Azure/azure-policy
-
Favorite cloud provider governance tips and tricks?
I just came across this post over in the Azure subreddit and it gave me a good idea on one way to deal with rogue Azure subscriptions - just have them default into a Management Group where a policy is in-place that basically denies use of any and all services.
-
How can we stop random users in our on-prem AD from creating new Azure subscriptions?
Oooo, that's a nice trick for the use of the root management group which usually has best practice to leave empty. I like that a lot! Could maybe pair that with the "deny all resource types" policy sample, and then even if someone does create a new subscription it's pretty much 100% neutered until someone pulls it out of the root management group and places it somewhere else.
-
Architecture on Decommission huge list of old Azure servers
Found a 2018 Github article - https://github.com/Azure/azure-policy/issues/102
-
Public assets
MS Repo https://github.com/Azure/azure-policy/tree/master/built-in-policies/policyDefinitions
-
How can I resolve this Security center recommendation: "Replace a process level token"
I can see here that is expecting azure-policy/AzureWindowsBaseline.mof at master · Azure/azure-policy · GitHub: "LOCAL SERVICE, NETWORK SERVICE". However, that would exclude the web app pools.
-
Iron Dome = 'Security Policies' at scale for your Multi-Cloud accounts
Azure shared with us a GitHub repository contains built-in samples of Azure Policies that can be used as reference for creating and assigning policies to your subscriptions and resource groups.
-
Compliance with policy or blueprints?
The only real way you'll be able to do this is via an Azure Policy, alongside a deny effect - where your policy would restrict based on the type field, with the values passed in via an array parameter (example)
shellharden
-
Shellcheck finds bugs in your shell scripts
Everytime I see Shellcheck coming up, I have to mention shellharden[0] written by a colleague of mine. It is basically shellcheck but it applies the suggested changes automatically.
0: https://github.com/anordal/shellharden
-
similar to shellcheck?
Also worth mentioning shellharden
-
Bash Pitfalls
See also:
* https://www.shellcheck.net/ — linting tool to avoid common mistakes and improve your script
* Bash Practices: https://mywiki.wooledge.org/BashGuide/Practices
* Bash Pitfalls: https://mywiki.wooledge.org/BashPitfalls
* safe ways to do things in bash: https://github.com/anordal/shellharden/blob/master/how_to_do...
* better scripting: https://robertmuth.blogspot.in/2012/08/better-bash-scripting...
* robust scripting: https://www.davidpashley.com/articles/writing-robust-shell-s...
-
Code formatter, linters, etc. Recommendations?
There is shellcheck, and shellharden which is a strict version of it. There are similar stuff here, some that also help with your editor. You can also use a docker version of shfmt. See here for a quick tutorial on shfmt.
-
What is best Method of Submitting Bash Script, short Python ignorance confession (lament.)
Regarding linters, there are several of them in most languages.For bash, there is Shellcheck or a more strict (and sometimes confusing) Shellharden to do exactly what you want.
-
Awesome Rewrite It In Rust - A curated list of replacements for existing software written in Rust
For example, shellharden looks awesome.
- anordal/shellharden Safe ways to do things in bash
- How to do things safely in Bash
- How to do things safely in Bash (2018)
What are some alternatives?
OPA (Open Policy Agent) - Open Policy Agent (OPA) is an open source, general-purpose policy engine.
ShellCheck - ShellCheck, a static analysis tool for shell scripts
balanced-employee-ip-agreement - GitHub's employee intellectual property agreement, open sourced and reusable
shfmt - Dockernized shfmt. This formats shell script.
opal - Fork of https://github.com/permitio/opal
shfmt - A shell formatter (sh/bash/mksh)
Community-Policy - This repo is for Microsoft Azure customers and Microsoft teams to collaborate in making custom policies.
sh - A shell parser, formatter, and interpreter with bash support; includes shfmt
Certified-Kubernetes-Security-Specialist - Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam. Please provide feedback or requests by raising issues, or making a pull request. All feedback for improvements are welcome. thank you.
rust_cmd_lib - Common rust command-line macros and utilities, to write shell-script like tasks in a clean, natural and rusty way
AKS - Azure Kubernetes Service
bats-core - Bash Automated Testing System