MVP - noelbundick/config-analyzer GitHub Wiki

The goal of the project is to prototype a tool that can

  • examine an Azure configuration
  • identify potential issues, starting with items related to Azure + VNETs
  • generate a report such that operators can improve their infrastructure


  • Read the details for VNETs and resources that are currently deployed in an Azure subscription / resource group
  • Identify known potential issues


  • Read the details for VNETs and resources that are defined in an ARM template or Terraform configuration
  • When possible, propose specific code changes and/or provide documentation links for issues found


  • New configuration issues can be identified without the need to change code, recompile, or redownload the entire application

  • CI via GitHub Actions
    • Test framework TBD
    • CLI framework TBD
  • CLI app written in TypeScript
  • Connect to the Azure REST API and pull down a list of resources via the JS SDK
  • Define rules that represent a potential configuration issue
    • First rule: Storage account w/ private endpoint, but the public endpoint is still enabled
  • Parse the resources and determine if any of them match our rules