Feature aprl (#247)

* feat: aprl #246
* removed duplicate recommendations
* new JSON output
* Added Pivot Tables
* Removed Resource Groups loop to improve performance
* Improved Advisor scanner
* Inventory Table
* New command to print all supported resource types

.devcontainer/devcontainer.json

@@ -2,7 +2,7 @@
 // README at: https://github.com/devcontainers/templates/tree/main/src/go
 {
 	"name": "Go",
-	"image": "mcr.microsoft.com/devcontainers/go:0-1.19-bullseye",
+	"image": "mcr.microsoft.com/devcontainers/go:0-1.22-bullseye",
 
 	// Features to add to the dev container. More info: https://containers.dev/features.
 	// "features": {},

.github/workflows/build.yaml

@@ -61,6 +61,7 @@ jobs:
         uses: actions/checkout@v3
         with:
           fetch-depth: 0
+          submodules: 'recursive'
 
       - name: Set up Go ${{ env.GOVER }}
         uses: actions/setup-go@v4
@@ -74,7 +75,7 @@ jobs:
 
       - name: Setup MinVer
         run: |
-          dotnet tool install --global minver-cli --version 4.2.0
+          dotnet tool install --global minver-cli --version 4.3.0
 
       - name: golangci-lint
         if: matrix.target_os == 'linux' && matrix.target_arch == 'amd64'
@@ -111,12 +112,12 @@ jobs:
 
       - name: Calculate Version
         run: |
-          echo "MINVERVERSIONOVERRIDE=$($HOME/.dotnet/tools/minver -t v. -m 0.1 -d preview)" >> $GITHUB_ENV
+          echo "MINVERVERSIONOVERRIDE=$($HOME/.dotnet/tools/minver -t v. -m 0.1 -p preview.0)" >> $GITHUB_ENV
         if: matrix.os != 'windows-latest'
 
       - name: Calculate Version Windows
         run: |
-          echo "MINVERVERSIONOVERRIDE=$(minver -t v. -m 0.1 -d preview)" >> $env:GITHUB_ENV
+          echo "MINVERVERSIONOVERRIDE=$(minver -t v. -m 0.1 -p preview.0)" >> $env:GITHUB_ENV
         if: matrix.os == 'windows-latest'
 
       - name: output folder variable linux & mac
@@ -176,7 +177,7 @@ jobs:
           release_name: ${{ env.MINVERVERSIONOVERRIDE }}
           body: ${{ env.AZQR_CHANGE_LOG }}
           draft: false
-          prerelease: false
+          prerelease: ${{ contains(env.MINVERVERSIONOVERRIDE, 'preview') }}
         env:
           GITHUB_TOKEN: ${{ github.token }}
 
@@ -295,11 +296,11 @@ jobs:
 
       - name: Setup MinVer
         run: |
-          dotnet tool install --global minver-cli --version 4.2.0
+          dotnet tool install --global minver-cli --version 4.3.0
 
       - name: Calculate Version
         run: |
-          echo "MINVERVERSIONOVERRIDE=$($HOME/.dotnet/tools/minver -t v. -m 0.1 -d preview)" >> $GITHUB_ENV
+          echo "MINVERVERSIONOVERRIDE=$($HOME/.dotnet/tools/minver -t v. -m 0.1 -p preview.0)" >> $GITHUB_ENV
 
       - name: Trigger Bump Winget
         uses: peter-evans/repository-dispatch@v2

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "internal/aprl"]
+	path = internal/aprl
+	url = https://github.com/Azure/Azure-Proactive-Resiliency-Library-v2.git

README.md

@@ -9,113 +9,114 @@
 
 [![Open in vscode.dev](https://img.shields.io/badge/Open%20in-vscode.dev-blue)](https://vscode.dev/github/Azure/azqr)
 
-**Azure Quick Review (azqr)** is a command-line interface (CLI) tool specifically designed to analyze Azure resources and identify whether they comply with Azure's best practices and recommendations. Its primary purpose is to provide users with a detailed overview of their Azure resources, enabling them to easily identify any non-compliant configurations or potential areas for improvement.
+**Azure Quick Review (azqr)** is a powerful command-line interface (CLI) tool that specializes in analyzing Azure resources to ensure compliance with Azure's best practices and recommendations. Its main objective is to offer users a comprehensive overview of their Azure resources, allowing them to easily identify any non-compliant configurations or areas for improvement.
 
-## Scan Results
+## Azure Quick Review Recommendations
 
-The output generated by **Azure Quick Review (azqr)** is presented by default in four `csv` files:
-
-* **azqr-YYYY-MM-DD-HH-MM-SS.services.csv:** This file contains the details of the Azure services scanned by the tool, including:
-    * Subscription: The unique identifier for the Azure subscription under which the resource is deployed.
-    * Subscription Name: The name of the Azure subscription.
-    * Resource Group: The resource group where the resource is deployed.
-    * Location: The geographical region where the resource is deployed.
-    * Type: The specific type or category of the Azure resource.
-    * Service Name: The name assigned to the service, providing a human-readable identifier for easy reference and management.
-    * Compliant: A Boolean value indicating whether the service is compliant with Azure's best practices and recommendations.
-    * Impact: The potential impact of non-compliance on the service.
-    * Category: The category or type of recommendation.
-    * Recommendation: The specific recommendation or best practice.
-    * Result: The result or value resulting from the evaluation of the recommendation (i.e. Service SLA or SKU). 
-    * Learn: A link to additional information or documentation related to the recommendation.
-    * RId: The Recommendation Id.
-* **azqr-YYYY-MM-DD-HH-MM-SS.defender.csv:**
-    * Subscription: The unique identifier for the Azure subscription under which the resource is deployed.
-    * Subscription Name: The name of the Azure subscription.
-    * Name: Microsoft Defender for Cloud plan name.
-    * Tier: The tier of the plan.
-    * Deprecated: a Boolean value indicating whether the plan is deprecated.
-* **azqr-YYYY-MM-DD-HH-MM-SS.advisor.csv:**
-    * Subscription: The unique identifier for the Azure subscription under which the resource is deployed.
-    * Subscription Name: The name of the Azure subscription.
-    * Name: The name of the resource identified by Advisor.
-    * Type: The resource type of the resource identified by Advisor.
-    * Category: The category of the recommendation.
-    * Description: The description of the recommendation.
-    * PotentialBenefits: The potential benefits of the recommendation.
-    * Risk: Risk related to the recommendation.
-    * LearnMoreLink: A link to additional information or documentation related to the recommendation.
-* **azqr-YYYY-MM-DD-HH-MM-SS.costs.csv:**
-    * From: the start date of the cost analysis period.
-    * To: the end date of the cost analysis period.
-    * Subscription: The unique identifier for the Azure subscription under which the resource is deployed.
-    * Subscription Name: The name of the Azure subscription.
-    * ServiceName: The type of the Azure service for which the cost is calculated.
-    * Value: The cost value associated with the service.
-    * Currency: The currency in which the cost is calculated.
-
-> By default, Azure Quick Review (azqr) masks the Subscription Ids, ensuring that they are not directly visible in the output. This helps protect sensitive information and maintain data privacy and security. To unmask the Subscription Ids, you can use the `--mask=false` flag when running the tool.
-
-> Azure Quick Review can also generate an Excel file with the same information as the CSV files. To generate the Excel file, you can use the `--excel` (or `-x`) flag when running the tool.
-
-> A Power BI template is also available to help you visualize the results generated by Azure Quick Review. You can create the template running Azure Quick Review with the `pbi` command.
+**Azure Quick Review (azqr)** scans your resources with 2 types of recommendations:
 
-## Azure Quick Review Recommendations
+* **Azure Resource Graph (ARG)** queries provided by the [Azure Proactive Resiliency Library v2 (APRL)](https://aka.ms/aprl) project.
+* **Azure Resource Manager (ARM)** queries built  with the Golang SDK
 
 To learn more about the recommendations used by **Azure Quick Review (azqr)**, you can refer to the documentation available [here](https://azure.github.io/azqr/docs/recommendations/).
 
+## Scan Results
+
+The output generated by **Azure Quick Review (azqr)** is written by default to an Excel file, which contains the following sheets:
+
+* **Recommendations**: a list with all recommendations with the number of resources that are impacted. You can youse this table as an action plan to improve the compliance of your resources.
+* **ImpactedResources**: a list with all resources that are impacted. You can use this table to identify resources that have issues that need to be addressed.
+* **ResourceTypes**: a list of impacted resource types.
+* **Inventory**: a list of all resources scanned by the tool. Here you'll find details such as SKU, Tier, Kind or calculated SLA. 
+* **Advisor**: a list of recommendations provided by Azure Advisor.
+* **Defender**: a list of Microsoft Defender for Cloud plans and their tiers.
+* **Costs**: a list of costs associated with the scanned subscription for the last 3 months.
+
+> By default, Azure Quick Review (azqr) obfuscates the Subscription Ids in the output to ensure the protection of sensitive information and maintain data privacy and security. If you want to display the Subscription Ids without obfuscation, you can use the `--mask=false` flag when executing the tool.
+
+> Azure Quick Review can also generate an csv files with the same information as the excel. To generate the csv files, you can use the `--csv` flag when running the tool.
+
+> A Power BI template is also available to help you visualize the results generated by Azure Quick Review. You can create the template running Azure Quick Review with the `pbi` command and then loading the excel file generated by the tool.
+
 ## Supported Azure Services
 
 **Azure Quick Review (azqr)** currently supports the following Azure services:
 
-* Azure Analysis Service
-* Azure API Management
-* Azure App Configuration
-* Azure App Services
-* Azure Application Gateway
-* Azure Application Insights
-* Azure Cache for Redis
-* Azure Cognitive Services Account
-* Azure Container Apps Environment
-* Azure Container Apps
-* Azure Container Instances
-* Azure Container Registry
-* Azure Cosmos DB
-* Azure Databricks
-* Azure Data Explorer
-* Azure Data Factory
-* Azure Database for MariaDB
-* Azure Database for MySQL Flexible Server
-* Azure Database for MySQL Single Server
-* Azure Database for PostgreSQL Flexible Server
-* Azure Database for PostgreSQL Single Server
-* Azure Event Grid
-* Azure Event Hub
-* Azure ExpressRoute Gateway
-* Azure Firewall
-* Azure Front Door
-* Azure Functions
-* Azure Key Vault
-* Azure Kubernetes Service
-* Azure Load Balancer
-* Azure Local Gateway
-* Azure Logic Apps
-* Azure Managed Grafana
-* Azure Service Bus
-* Azure SignalR Service
-* Azure SQL Server
-* Azure SQL Elastic Pool
-* Azure SQL Database
-* Azure Storage Account
-* Azure Synapse Analytics Workspace
-* Azure Synapse Spark Pool
-* Azure Synapse Dedicated SQL Pool
-* Azure Traffic Manager
-* Azure Virtual Machine
-* Azure Virtual Network
-* Azure Virtual WAN
-* Azure VPN Gateway
-* Azure Web PubSub
+* Microsoft.AVS/privateClouds
+* Microsoft.AnalysisServices/servers
+* Microsoft.ApiManagement/service
+* Microsoft.App/containerApps
+* Microsoft.App/managedenvironments
+* Microsoft.AppConfiguration/configurationStores
+* Microsoft.Automation/automationAccounts
+* Microsoft.Batch/batchAccounts
+* Microsoft.Cache/Redis
+* Microsoft.Cdn/profiles
+* Microsoft.CognitiveServices/accounts
+* Microsoft.Compute/galleries
+* Microsoft.Compute/virtualMachineScaleSets
+* Microsoft.Compute/virtualMachines
+* Microsoft.ContainerInstance/containerGroups
+* Microsoft.ContainerRegistry/registries
+* Microsoft.ContainerService/managedClusters
+* Microsoft.DBforMariaDB/servers
+* Microsoft.DBforMariaDB/servers/databases
+* Microsoft.DBforMySQL/flexibleServers
+* Microsoft.DBforMySQL/servers
+* Microsoft.DBforPostgreSQL/flexibleServers
+* Microsoft.DBforPostgreSQL/servers
+* Microsoft.Dashboard/grafana
+* Microsoft.DataFactory/factories
+* Microsoft.Databricks/workspaces
+* Microsoft.DesktopVirtualization/hostPools
+* Microsoft.DesktopVirtualization/scalingPlans
+* Microsoft.DesktopVirtualization/workspaces
+* Microsoft.Devices/IotHubs
+* Microsoft.DocumentDB/databaseAccounts
+* Microsoft.EventGrid/domains
+* Microsoft.EventHub/namespaces
+* Microsoft.Insights/activityLogAlerts
+* Microsoft.Insights/components
+* Microsoft.KeyVault/vaults
+* Microsoft.Kusto/clusters
+* Microsoft.Logic/workflows
+* Microsoft.NetApp/netAppAccounts
+* Microsoft.Network/ExpressRoutePorts
+* Microsoft.Network/applicationGateways
+* Microsoft.Network/azureFirewalls
+* Microsoft.Network/connections
+* Microsoft.Network/expressRouteCircuits
+* Microsoft.Network/frontdoorWebApplicationFirewallPolicies
+* Microsoft.Network/loadBalancers
+* Microsoft.Network/natGateways
+* Microsoft.Network/networkSecurityGroups
+* Microsoft.Network/networkWatcherScanners
+* Microsoft.Network/privateDnsZones
+* Microsoft.Network/privateEndpoints
+* Microsoft.Network/publicIPAddresses
+* Microsoft.Network/routeTables
+* Microsoft.Network/trafficManagerProfiles
+* Microsoft.Network/virtualNetworkGateways
+* Microsoft.Network/virtualNetworks
+* Microsoft.OperationalInsights/workspaces
+* Microsoft.RecoveryServices/vaults
+* Microsoft.ServiceBus/namespaces
+* Microsoft.SignalRService/SignalR
+* Microsoft.SignalRService/webPubSub
+* Microsoft.Sql/servers
+* Microsoft.Sql/servers/databases
+* Microsoft.Sql/servers/elasticPools
+* Microsoft.Storage/storageAccounts
+* Microsoft.Synapse workspaces/bigDataPools
+* Microsoft.Synapse/workspaces
+* Microsoft.Synapse/workspaces/sqlPools
+* Microsoft.VirtualMachineImages/imageTemplates
+* Microsoft.Web/serverFarms
+* Microsoft.Web/sites
+* Specialized.Workload/AVD
+* Specialized.Workload/AVS
+* Specialized.Workload/HPC
+* Specialized.Workload/SAP
 
 ## Usage
 
@@ -150,11 +151,12 @@ Download the latest release from [here](https://github.com/Azure/azqr/releases).
 
 **Azure Quick Review (azqr)** supports the following authentication methods:
 
-* Azure CLI
 * Service Principal. You'll need to set the following environment variables:
   * AZURE_CLIENT_ID
   * AZURE_CLIENT_SECRET
   * AZURE_TENANT_ID
+* Azure Managed Identity
+* Azure CLI (Using this type of authentication will make scans run slower)
 
 ### Authorization
 

cmd/azqr/aa.go

@@ -0,0 +1,28 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+package azqr
+
+import (
+	"github.com/Azure/azqr/internal/azqr"
+	"github.com/Azure/azqr/internal/scanners/aa"
+	"github.com/spf13/cobra"
+)
+
+func init() {
+	scanCmd.AddCommand(aaCmd)
+}
+
+var aaCmd = &cobra.Command{
+	Use:   "aa",
+	Short: "Scan Azure Automation Account",
+	Long:  "Scan Azure Automation Account",
+	Args:  cobra.NoArgs,
+	Run: func(cmd *cobra.Command, args []string) {
+		serviceScanners := []azqr.IAzureScanner{
+			&aa.AutomationAccountScanner{},
+		}
+
+		scan(cmd, serviceScanners)
+	},
+}

cmd/azqr/adf.go

@@ -4,7 +4,7 @@
 package azqr
 
 import (
-	"github.com/Azure/azqr/internal/scanners"
+	"github.com/Azure/azqr/internal/azqr"
 	"github.com/Azure/azqr/internal/scanners/adf"
 	"github.com/spf13/cobra"
 )
@@ -19,7 +19,7 @@ var adfCmd = &cobra.Command{
 	Long:  "Scan Azure Data Factory",
 	Args:  cobra.NoArgs,
 	Run: func(cmd *cobra.Command, args []string) {
-		serviceScanners := []scanners.IAzureScanner{
+		serviceScanners := []azqr.IAzureScanner{
 			&adf.DataFactoryScanner{},
 		}
 

cmd/azqr/afd.go

@@ -4,7 +4,7 @@
 package azqr
 
 import (
-	"github.com/Azure/azqr/internal/scanners"
+	"github.com/Azure/azqr/internal/azqr"
 	"github.com/Azure/azqr/internal/scanners/afd"
 	"github.com/spf13/cobra"
 )
@@ -19,7 +19,7 @@ var afdCmd = &cobra.Command{
 	Long:  "Scan Azure Front Door",
 	Args:  cobra.NoArgs,
 	Run: func(cmd *cobra.Command, args []string) {
-		serviceScanners := []scanners.IAzureScanner{
+		serviceScanners := []azqr.IAzureScanner{
 			&afd.FrontDoorScanner{},
 		}
 

cmd/azqr/afw.go

@@ -4,7 +4,7 @@
 package azqr
 
 import (
-	"github.com/Azure/azqr/internal/scanners"
+	"github.com/Azure/azqr/internal/azqr"
 	"github.com/Azure/azqr/internal/scanners/afw"
 	"github.com/spf13/cobra"
 )
@@ -19,7 +19,7 @@ var afwCmd = &cobra.Command{
 	Long:  "Scan Azure Firewall",
 	Args:  cobra.NoArgs,
 	Run: func(cmd *cobra.Command, args []string) {
-		serviceScanners := []scanners.IAzureScanner{
+		serviceScanners := []azqr.IAzureScanner{
 			&afw.FirewallScanner{},
 		}
 

cmd/azqr/agw.go

@@ -4,7 +4,7 @@
 package azqr
 
 import (
-	"github.com/Azure/azqr/internal/scanners"
+	"github.com/Azure/azqr/internal/azqr"
 	"github.com/Azure/azqr/internal/scanners/agw"
 	"github.com/spf13/cobra"
 )
@@ -19,7 +19,7 @@ var agwCmd = &cobra.Command{
 	Long:  "Scan Azure Application Gateway",
 	Args:  cobra.NoArgs,
 	Run: func(cmd *cobra.Command, args []string) {
-		serviceScanners := []scanners.IAzureScanner{
+		serviceScanners := []azqr.IAzureScanner{
 			&agw.ApplicationGatewayScanner{},
 		}