Gathering detailed insights and metrics for @pulumi/azure
Gathering detailed insights and metrics for @pulumi/azure
Installations
npm install @pulumi/azureDeveloper
pulumi
Developer Guide
BETA
Module System
Unable to determine the module system for this package.
Min. Node Version
Typescript Support
Yes
Node Version
20.18.0
NPM Version
10.8.2
Statistics
134 Stars
1,694 Commits
51 Forks
32 Watching
875 Branches
111 Contributors
Updated on 28 Nov 2024
Languages
Go (88.91%)
Makefile (6.62%)
Shell (4.35%)
Dockerfile (0.12%)
Total Downloads
Cumulative downloads
Total Downloads
1,807,187
Last day
16.4%
1,178
Compared to previous day
Last week
-3.2%
7,361
Compared to previous week
Last month
-19.7%
33,063
Compared to previous month
Last year
57.6%
705,430
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
Microsoft Azure Resource Provider
NOTE: We recommend using the Azure Native provider to provision Azure infrastructure. Azure Native provides complete coverage of Azure resources and same-day access to new resources and resource updates because it’s built and automatically from the Azure Resource Manager API.
Azure Classic is based on the Terraform azurerm provider. It has fewer resources and resource options and receives new Azure features more slowly than Azure Native. However, Azure Classic remains fully-supported for existing usage.
The Azure Classic resource provider for Pulumi lets you use Azure resources in your cloud programs. To use this package, please install the Pulumi CLI first. For a streamlined Pulumi walkthrough, including language runtime installation and Azure configuration, select "Get Started" below.
Installing
This package is available in many languages in the standard packaging formats.
Node.js (Java/TypeScript)
To use from JavaScript or TypeScript in Node.js, install using either npm:
npm install @pulumi/azure
or yarn:
yarn add @pulumi/azure
Python
To use from Python, install using pip:
pip install pulumi_azure
Go
To use from Go, use go get to grab the latest version of the library
go get github.com/pulumi/pulumi-azure/sdk/v6
.NET
To use from .NET, install using dotnet add package:
dotnet add package Pulumi.Azure
Concepts
The @pulumi/azure package provides a strongly-typed means to build cloud applications that create
and interact closely with Azure resources. Resources are exposed for the entire Azure surface area,
including (but not limited to), 'appinsights', 'compute', 'cosmosdb', 'keyvault', and more.
Configuring credentials
There are a variety of ways credentials may be configured for the Azure provider, appropriate for different use cases. Refer to the Azure configuration options.
Reference
For further information, visit Azure in the Pulumi Registry or for detailed API reference documentation, visit Azure API Docs in the Pulumi Registry.
No vulnerabilities found.
Reason
30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
no dangerous workflow patterns detected
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/pulumi/.github/SECURITY.md:1
- Info: Found linked content: github.com/pulumi/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/pulumi/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/pulumi/.github/SECURITY.md:1
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
Found 14/30 approved changesets -- score normalized to 4
Reason
dependency not pinned by hash detected -- score normalized to 1
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_provider.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/build_provider.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_provider.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/build_provider.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_provider.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/build_provider.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_sdk.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/build_sdk.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build_sdk.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/build_sdk.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/build_sdk.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/build_sdk.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/command-dispatch.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/command-dispatch.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/command-dispatch.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/command-dispatch.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/community-moderation.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/community-moderation.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/community-moderation.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/community-moderation.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/community-moderation.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/community-moderation.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/community-moderation.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/community-moderation.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/license.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/license.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/license.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/license.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/lint.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/lint.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/lint.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/master.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/master.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/master.yml:65: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/master.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/master.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/master.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/master.yml:123: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/master.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/master.yml:154: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/master.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/master.yml:180: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/master.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nightly-test.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/nightly-test.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/nightly-test.yml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/nightly-test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prerelease.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/prerelease.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/prerelease.yml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/prerelease.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prerequisites.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/prerequisites.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/prerequisites.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/prerequisites.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prerequisites.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/prerequisites.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/prerequisites.yml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/prerequisites.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prerequisites.yml:114: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/prerequisites.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/publish.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/publish.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/publish.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/publish.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:120: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/publish.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:129: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/publish.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:137: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/publish.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:159: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/publish.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:180: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/publish.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yml:184: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/publish.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pull-request.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/pull-request.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pull-request.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/pull-request.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:102: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:128: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release_command.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/release_command.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release_command.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/release_command.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release_command.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/release_command.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release_command.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/release_command.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/resync-build.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/resync-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/resync-build.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/resync-build.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/resync-build.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/resync-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-acceptance-tests.yml:144: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/run-acceptance-tests.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-acceptance-tests.yml:150: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/run-acceptance-tests.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/run-acceptance-tests.yml:177: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/run-acceptance-tests.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/run-acceptance-tests.yml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/run-acceptance-tests.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-bridge.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/upgrade-bridge.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/upgrade-bridge.yml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/upgrade-bridge.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/upgrade-bridge.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/upgrade-bridge.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upgrade-provider.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/upgrade-provider.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/verify-release.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/verify-release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/verify-release.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/verify-release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/verify-release.yml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/verify-release.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/verify-release.yml:96: update your workflow using https://app.stepsecurity.io/secureworkflow/pulumi/pulumi-azure/verify-release.yml/master?enable=pin
- Warn: containerImage not pinned by hash: .devcontainer/Dockerfile:1: pin your Docker image by updating jetpackio/devbox:latest to jetpackio/devbox:latest@sha256:7e2e69b29d9e6292591e7b791160b9e02391044d5a2d71d5ce5a61774087f5a2
- Warn: containerImage not pinned by hash: examples/aci-volume-mount/node-app/Dockerfile:1: pin your Docker image by updating node:8.9.3-alpine to node:8.9.3-alpine@sha256:40201c973cf40708f06205b22067f952dd46a29cecb7a74b873ce303ad0d11a5
- Warn: npmCommand not pinned by hash: examples/aci-volume-mount/node-app/Dockerfile:5
- Warn: pipCommand not pinned by hash: .github/workflows/master.yml:175
- Warn: pipCommand not pinned by hash: .github/workflows/master.yml:176
- Warn: pipCommand not pinned by hash: .github/workflows/nightly-test.yml:92
- Warn: pipCommand not pinned by hash: .github/workflows/nightly-test.yml:93
- Warn: pipCommand not pinned by hash: .github/workflows/prerelease.yml:117
- Warn: pipCommand not pinned by hash: .github/workflows/prerelease.yml:118
- Warn: pipCommand not pinned by hash: .github/workflows/release.yml:123
- Warn: pipCommand not pinned by hash: .github/workflows/release.yml:124
- Warn: pipCommand not pinned by hash: .github/workflows/run-acceptance-tests.yml:172
- Warn: pipCommand not pinned by hash: .github/workflows/run-acceptance-tests.yml:173
- Info: 0 out of 31 GitHub-owned GitHubAction dependencies pinned
- Info: 10 out of 44 third-party GitHubAction dependencies pinned
- Info: 0 out of 2 containerImage dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
- Info: 0 out of 10 pipCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/master.yml:103
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/master.yml:140
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/nightly-test.yml:57
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/prerelease.yml:64
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/prerelease.yml:82
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release.yml:69
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/release.yml:88
- Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/run-acceptance-tests.yml:102
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/run-acceptance-tests.yml:130
- Warn: no topLevel permission defined: .github/workflows/build_provider.yml:1
- Warn: no topLevel permission defined: .github/workflows/build_sdk.yml:1
- Warn: no topLevel permission defined: .github/workflows/command-dispatch.yml:1
- Warn: no topLevel permission defined: .github/workflows/community-moderation.yml:1
- Warn: no topLevel permission defined: .github/workflows/license.yml:1
- Warn: no topLevel permission defined: .github/workflows/lint.yml:1
- Warn: no topLevel permission defined: .github/workflows/master.yml:1
- Warn: no topLevel permission defined: .github/workflows/nightly-test.yml:1
- Warn: no topLevel permission defined: .github/workflows/prerelease.yml:1
- Warn: no topLevel permission defined: .github/workflows/prerequisites.yml:1
- Warn: no topLevel permission defined: .github/workflows/publish.yml:1
- Warn: no topLevel permission defined: .github/workflows/pull-request.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Warn: no topLevel permission defined: .github/workflows/release_command.yml:1
- Warn: no topLevel permission defined: .github/workflows/resync-build.yml:1
- Warn: no topLevel permission defined: .github/workflows/run-acceptance-tests.yml:1
- Warn: no topLevel permission defined: .github/workflows/upgrade-bridge.yml:1
- Warn: no topLevel permission defined: .github/workflows/upgrade-provider.yml:1
- Warn: no topLevel permission defined: .github/workflows/verify-release.yml:1
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact v6.10.0 not signed: https://api.github.com/repos/pulumi/pulumi-azure/releases/186175360
- Warn: release artifact v6.9.0 not signed: https://api.github.com/repos/pulumi/pulumi-azure/releases/185480823
- Warn: release artifact v6.8.0 not signed: https://api.github.com/repos/pulumi/pulumi-azure/releases/183391725
- Warn: release artifact v6.7.0 not signed: https://api.github.com/repos/pulumi/pulumi-azure/releases/182783236
- Warn: release artifact v6.6.0 not signed: https://api.github.com/repos/pulumi/pulumi-azure/releases/181312015
- Warn: release artifact v6.10.0 does not have provenance: https://api.github.com/repos/pulumi/pulumi-azure/releases/186175360
- Warn: release artifact v6.9.0 does not have provenance: https://api.github.com/repos/pulumi/pulumi-azure/releases/185480823
- Warn: release artifact v6.8.0 does not have provenance: https://api.github.com/repos/pulumi/pulumi-azure/releases/183391725
- Warn: release artifact v6.7.0 does not have provenance: https://api.github.com/repos/pulumi/pulumi-azure/releases/182783236
- Warn: release artifact v6.6.0 does not have provenance: https://api.github.com/repos/pulumi/pulumi-azure/releases/181312015
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Score
5.4
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More