Loading...

The Importance of updating Azure SDKs: performance, security, and reliability

The Importance of updating Azure SDKs: performance, security, and reliability

In this article, we will explain why it is important to keep the Azure SDKs versions up to date and what are the consequences of not doing so. We will also show you where to find the support lifecycle information of each SDK and how to automate the process with tools and custom scripts.

 

Why keeping Azure SDKs updated is important?

Azure platform is continuously changing, which is a good thing since it is constantly adding new features and improving existing services.
Also Azure SDKs needs to change to adapt to those changes. But keeping compatibility between Azure service and many Azure SDKs version is hard (or sometimes breaking changes are needed). That is why sometimes product group decides to deprecate certain versions (and therefore if not to make breaking changes, at least testing is not performed in these versions so there is no guarantee that it will work). SDKs versions are marked as deprecated in package managers, to notify developers that they must update the SDKs.

The most obvious reason to update SDKs is to avoid application issues, due to the previously mentioned breaking changes. But there are other important reasons such as performance improvement (that can optimize costs), security and reliability.

 

How to be aware of deprecated SDKs?

You can manually review the support policy, to understand the lifecycle: Policies: Support | Azure SDKs, and review Azure SDK Releases in order to check the support state of the version the application is using.

Of course, doing it manually is tedious, since you will need to review the source code, get the components used and then match it with the documentation. Also, it can be harder if we do not have easy access to source code.

 

So, the ideal solution is to automate these checks in the CI/CD phase. There are many CI/CD tools and package managers (nuget, maven, npm, etc...). In today's article we will be focusing on Azure DevOps and nuget, but we will also tackle GitHub Actions and other repositories in future articles.

The best approach would be to use existing tools, but I could not find one that looked exactly for deprecated (out of support) nuget packages. Please add in the comments if you know one that does it. Here is a list of tools I evaluated:

  • Azure DevOps Marketplace: There are useful components that can help to list nuget dependencies that are not in the latest version (although they can still be under support). Really useful to have a quick start and get to know the status of your applications. 
  • OWASP Dependency Check: Valuable tool to detect packages with known security vulnerabilities, but it does not focus on out of support versions.
  • Azure DevOps Advanced Security: Great security tool, not only to analyze package dependencies, but also source code. But, again, only focused on security, not supportability.
  • Sonar: Great Static Code Analysis tool, in the past it did not focus on Software Composition Analysis (dependencies), now they have deeper SAST that analyze dependencies, but from a security perspective.


Since it seems there is not a CI/CD tool to detect deprecated components, we can easily create a script that does it. It will be based on a dotnet command line, that already supplies a way to list used packages. Here is an article that explain this in detail: How to Scan NuGet Packages for Security Vulnerabilities - The NuGet Blog (microsoft.com)


First, we can write a PowerShell script that lists all the deprecated components (and since it is so easy) also detects packages that have more updated versions and security issues. This script will create an md file that we will use in our Azure DevOps pipeline to publish it, so anyone can read the report. The code is simple and self-explanatory, if you are not familiar with powershell, you can use GitHub Copilot to help you understand it ;)

 

 

 

# DEPRECATED PACKAGES REPORT dotnet list package --deprecated --format json > report.json # load report.json file into a variable $report = Get-Content -Raw -Path report.json | ConvertFrom-Json " # &#128128; Deprecated packages" | Set-Content -Path nugetreport.md "<br/>" | Add-Content -Path nugetreport.md " " | Add-Content -Path nugetreport.md # Loop over the projects foreach ($project in $report.projects) { # Print the project file path " " | Add-Content -Path nugetreport.md " ## Project file: $($project.path)" | Add-Content -Path nugetreport.md " <br/>" | Add-Content -Path nugetreport.md " " | Add-Content -Path nugetreport.md " &nbsp; | Package name | used version " | Add-Content -Path nugetreport.md " ---| :--- | :--- " | Add-Content -Path nugetreport.md # Loop over the top level packages and print their IDs foreach ($package in $project.frameworks.topLevelPackages) { " &#128128; | $($package.id) | $($package.requestedVersion)" | Add-Content -Path nugetreport.md } " <br/>" | Add-Content -Path nugetreport.md " " | Add-Content -Path nugetreport.md } # OUTDATED PACKAGES REPORT dotnet list package --outdated --format json > reportoutdatedpackages.json # load report.json file into a variable $report = Get-Content -Raw -Path reportoutdatedpackages.json | ConvertFrom-Json " <br/><br/>" | Add-Content -Path nugetreport.md " # &#128276; Outdated packages" | Add-Content -Path nugetreport.md " <br/>" | Add-Content -Path nugetreport.md " " | Add-Content -Path nugetreport.md # Loop over the projects foreach ($project in $report.projects) { # Print the project file path " " | Add-Content -Path nugetreport.md " ## Project file: $($project.path)" | Add-Content -Path nugetreport.md " <br/>" | Add-Content -Path nugetreport.md " " | Add-Content -Path nugetreport.md " &nbsp; | Package name | used version | latest version " | Add-Content -Path nugetreport.md " ---| :--- | :--- | :--- " | Add-Content -Path nugetreport.md # Loop over the top level packages and print their IDs foreach ($package in $project.frameworks.topLevelPackages) { " &#128276; | $($package.id) | $($package.requestedVersion) | $($package.latestVersion)" | Add-Content -Path nugetreport.md } " <br/>" | Add-Content -Path nugetreport.md " " | Add-Content -Path nugetreport.md } # VULNERABLE PACKAGES REPORT dotnet list package --vulnerable --format json > reportvulnerablepackages.json # load report.json file into a variable $report = Get-Content -Raw -Path reportvulnerablepackages.json | ConvertFrom-Json " <br/><br/>" | Add-Content -Path nugetreport.md " # &#128165; Vulnerable packages" | Add-Content -Path nugetreport.md " <br/>" | Add-Content -Path nugetreport.md " " | Add-Content -Path nugetreport.md # Loop over the projects foreach ($project in $report.projects) { # Print the project file path " " | Add-Content -Path nugetreport.md " ## Project file: $($project.path)" | Add-Content -Path nugetreport.md " <br/>" | Add-Content -Path nugetreport.md " " | Add-Content -Path nugetreport.md " &nbsp; | Package name | used version | advisory url " | Add-Content -Path nugetreport.md " ---| :--- | :--- | :--- " | Add-Content -Path nugetreport.md # Loop over the top level packages and print their IDs foreach ($package in $project.frameworks.topLevelPackages) { " &#128165; | $($package.id) | $($package.requestedVersion) | $($package.vulnerabilities.advisoryurl)" | Add-Content -Path nugetreport.md } " <br/>" | Add-Content -Path nugetreport.md " " | Add-Content -Path nugetreport.md }

 

 

 

Then we only need to call that powershell in our Azure DevOps pipeline and call the "vso[task.addattachment" command to upload the report to the result of the pipeline run.

 

 

 

trigger: - main pool: vmImage: windows-latest # This pipeline also works in linux: ubuntu-latest steps: # No need to compile # perform a dotnet restore, since under certain circumstances dotnet list package fails - task: DotNetCoreCLI@2 inputs: command: 'restore' feedsToUse: 'select' - task: PowerShell@2 inputs: filePath: '$(System.DefaultWorkingDirectory)/generatereport.ps1' errorActionPreference: 'silentlyContinue' warningPreference: 'silentlyContinue' showWarnings: true ignoreLASTEXITCODE: true - bash: | echo "##vso[task.addattachment type=Distributedtask.Core.Summary;name=Dependency Analyzer;]$(System.DefaultWorkingDirectory)/nugetreport.md"

 

 

 

 

 


The result of the pipeline run, will display a report of the issues found, in the Extensions tab.

 

DevOpsDeprecatedNuget.jpg

 

You can find the source code in this public Azure DevOps project: https://dev.azure.com/davihern/PublicSampleProject 

Here is the output of the CI/CD pipeline: Pipelines - Run 20231201.6 (azure.com)

 

This simple script can be used as a kick start and can be easily adapted to perform more custom tasks, such as break builds in case of deprecated components, detect multiple versions of the same package, etc...

Published on:

Learn more
Azure Developer Community Blog articles
Azure Developer Community Blog articles

Azure Developer Community Blog articles

Share post:

Related posts

Using Azure Service Bus Queue to simplify Dataverse Concurrency

Have you ever faced a challenge where you needed to process bulk data that would update a single record? For example, you processed receipts f...

1 day ago

Microsoft Dataverse – Build Agents with Azure Databricks as your knowledge source

We are announcing the ability to connect Azure Databricks to Microsoft Power Platform to create canvas apps in Power Apps using Databricks dat...

3 days ago

Announcing General Availability of Native Vector Type & Functions in Azure SQL

We are happy to announce that Native vector support in Azure SQL Database and Azure SQL Managed Instance is moving to General Availability thi...

4 days ago

Azure DevOps MCP Server, Public Preview

A few weeks ago at BUILD, we announced the upcoming Azure DevOps MCP Server: 👉 Azure DevOps with GitHub Repositories – Your path to Agentic A...

6 days ago

An open-source AutoScaler for Azure SQL Hyperscale Elastic Pools

TrackAbout is a worldwide provider of SaaS applications for tracking reusable, durable, physical assets like chemical containers and gas cylin...

6 days ago
Stay up to date with latest Microsoft Dynamics 365 and Power Platform news!
* Yes, I agree to the privacy policy