PowerShell 技能连载 - 无服务器环境下的零信任检测
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
| function Invoke-ServerlessHealthCheck {
[CmdletBinding()]
param(
[Parameter(Mandatory=$true)]
[string]$ResourceGroup
)
$context = Get-AzContext
$functions = Get-AzFunctionApp -ResourceGroupName $ResourceGroup
$report = [PSCustomObject]@{
Timestamp = Get-Date -Format 'yyyy-MM-dd HH:mm:ss'
FunctionApps = @()
SecurityFindings = @()
}
$functions | ForEach-Object {
$config = Get-AzFunctionAppSetting -Name $_.Name -ResourceGroupName $ResourceGroup
$appReport = [PSCustomObject]@{
AppName = $_.Name
RuntimeVersion = $_.Config.NetFrameworkVersion
HTTPSOnly = $_.Config.HttpsOnly
MinTLSVersion = $config['minTlsVersion']
}
$report.FunctionApps += $appReport
if ($appReport.MinTLSVersion -lt '1.2') {
$report.SecurityFindings += [PSCustomObject]@{
Severity = 'High'
Description = "函数应用 $($_.Name) 使用不安全的TLS版本: $($appReport.MinTLSVersion)"
Recommendation = '在应用设置中将minTlsVersion更新为1.2'
}
}
}
$report | Export-Clixml -Path "$env:TEMP/ServerlessSecurityReport_$(Get-Date -Format yyyyMMdd).xml"
return $report
}
|
核心功能:
- Azure Functions运行环境自动检测
- TLS安全配置合规检查
- 零信任架构下的安全基线验证
- 自动化XML报告生成
典型应用场景:
- 无服务器架构安全审计
- 云环境合规自动化核查
- 持续安全监控(CSM)实现
- DevOps流水线安全卡点集成
