AzSK version 4.12 Security Status Report does not create SecurityEvaluationData json #1201
Description
AzSK version 4.12 Security Status Report does not create SecurityEvaluationData json
Description
Up to version 4.11 AzSK creates SecurityEvaluationData-xxxxx.json file which contains audited environment description together with audit results. This file was a useful part of our automated pipeline and we used it to normalize audit-result: it had tags, the full azure-identifier of the resource, etc. Based on this file we were able to map results to exact azure components and get required metadata without additional requests to the Azure API.
In version 4.12 AzSK still writes Report in csv, but does not create SecurityEvaluationData json file.
Is it intentional behavior? Is it possible to keep this file generation in further version?
Steps to reproduce
- Run:
### Run Subscription Security check Get-AzSKSubscriptionSecurityStatus -SubscriptionId $SubscriptionId -DoNotOpenOutputFolder ### Run Components Security check Get-AzSKAzureServicesSecurityStatus -SubscriptionId $SubscriptionId -DoNotOpenOutputFolder
- Check output folders
\AzSKLogs\Sub_SUBSCRIPTION_NAME\****_GSS\Etcand\AzSKLogs\Sub_SUBSCRIPTION_NAME\****_GRS\EtcifSecurityEvaluationData-xxxxx.jsonwas created.
Expected behavior
SecurityEvaluationData-xxxxx.json exists
Actual behavior
SecurityEvaluationData-xxxxx.json does not exist
Thanks for your work ;)