audit
2 TopicsPortable Azure topology and documentation snapshots with OSIRIS JSON
Ciao everyone, I’m working on https://github.com/osirisjson/osiris, a vendor-neutral specification for describing infrastructure resources and their relationships as portable point-in-time snapshots. To proof that the specification could work in real-scenarios I already built an initial https://osirisjson.org/en/docs/producers/hyperscalers/microsoft-azure in Go. You run on-premise and it connects through the Azure CLI, reads Azure subscriptions and emits an OSIRIS JSON document that can be used for documentation, topology diagrams, audits, configuration drift analysis, CMDB/IPAM/DCIM workflows, or controlled AI/context workflows without giving those platforms/tools direct access to Azure. The producer currently covers several Azure areas, including networking, compute, storage, identity, databases, containers, integration, observability, backup, automation, management groups, and cross-resource dependency edges such as Private Endpoint to PaaS targets, App Service to Application Insights / Log Analytics, AKS to subnets and node pools, and backup vault relationships. It supports two output purposes: documentation: minimal high-level projection for diagrams, inventory dashboards, and architectural documentation audit: deeper projection with readable properties and extensions after sensitive-field redaction This is not intended to replace Azure tooling, Azure Resource Graph, IaC, Azure Policy, or any existing governance/control-plane workflow. OSIRIS JSON is simply a read-only external producer that generates a vendor-neutral snapshot of the observed Azure environment. I would really appreciate feedback from Azure architects, cloud engineers, and governance practitioners on the mapping model: Which Azure resources and relationships are the most important for documentation and topology generation? Are the current connection types useful for real-world architecture views? What should be prioritized in next releases? Would a documentation/audit split be useful in enterprise environments? You find the current Azure producer documentation here: https://osirisjson.org/en/docs/producers/hyperscalers/microsoft-azure I would really appreciate any feedback, suggestions, edge cases, or ideas from people who operate, document, audit, or govern Azure environments and I also welcome anyone who want to participate on development. Ciao from Italy, Tia51Views0likes2CommentsWe never really knew if our Azure followed CAF or Well-Architected — so we built something
For years we ran Azure environments professionally and CAF and WAF reviews were always the same story. A consultant every 12-18 months, a thick PDF, good intentions — and then nothing until the next one. The problem wasn't that we didn't care. It was that there was no lightweight way to track it continuously. Defender had some parts of CIS. WAF had the assessment tool. CAF had... a whitepaper and a spreadsheet we kept meaning to update. We couldn't answer basic questions like: are we getting better or worse? Which subscriptions are drifting? What would an auditor actually see if they looked at our CAF posture today? Eventually we got frustrated enough to build Anubion — it connects agentlessly to your Azure tenant and runs continuous checks across CIS, CAF, and WAF in one place, with findings prioritised and evidence stored over time. Happy to share more if anyone's interested. But also genuinely curious — how are other teams handling CAF and WAF tracking between formal assessments? If anyone is curious about their scores, you can sign up for at 14 day free trial. The setup is short and you only need a read-only service principal. Check out https://anubion.io/#request-access