Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
com.azure.resourcemanager:azure-resourcemanager-deviceprovisioningservices
Advanced tools
This package contains Microsoft Azure SDK for IotDps Management SDK. For documentation on how to use this package, please see https://aka.ms/azsdk/java/mgmt. API for using the Azure IoT Hub Device Provisioning Service features. Package tag package-2022-02.
This repository is for active development of the Azure SDK for Java. For consumers of the SDK we recommend visiting our public developer docs or our versioned developer docs.
To get started with a specific service library, see the README.md file located in the library's project folder. You can find service libraries in the /sdk
directory. For a list of all the services we support access our list of all existing libraries.
For tutorials, samples, quick starts and other documentation, visit Azure for Java Developers.
All libraries are baselined on Java 8, with testing and forward support up until the latest Java long-term support release (currently Java 17).
Each service can have both 'client' and 'management' libraries. 'Client' libraries are used to consume the service, whereas 'management' libraries are used to configure and manage the service.
Our client libraries follow the Azure SDK Design Guidelines for Java, and share a number of core features such as HTTP retries, logging, transport protocols, authentication protocols, etc., so that once you learn how to use these features in one client library, you will know how to use them in other client libraries. You can learn about these shared features here.
These libraries can be easily identified by folder, package, and namespaces names starting with azure-
, e.g. azure-keyvault
.
You can find the most up to date list of all of the new packages on our page. This list includes the most recent releases: both stable and beta.
NOTE: If you need to ensure your code is ready for production use one of the stable, non-beta libraries.
Similar to our client libraries, the management libraries follow the Azure SDK Design Guidelines for Java. These libraries provide a high-level, object-oriented API for managing Azure resources, that are optimized for ease of use, succinctness, and consistency. You can find the list of management libraries on this page.
For general documentation on how to use the new libraries for Azure Resource Management, please visit here. We have also prepared plenty of code samples as well as migration guide in case you are upgrading from previous versions.
The management libraries can be identified by namespaces that start with azure-resourcemanager
, e.g. azure-resourcemanager-compute
.
Note that the latest libraries from Microsoft are in the com.azure
Maven group ID, and have the package naming pattern of beginning with com.azure
. If you're using libraries that are in com.microsoft.azure
Maven group ID, or have this as the package structure, please consider migrating to the latest libraries. You can find a mapping table from these historical releases to their equivalent here.
azure-java-sdk
tag.The main branch has the most recent code with new features and bug fixes. It does not represent latest released stable SDK.
For each package we release there will be a unique git tag created that contains the name and the version of the package to mark the commit of the code that produced the package. This tag will be used for servicing via hotfix branches as well as debugging the code for a particular beta or stable release version.
Format of the release tags are <package-name>_<package-version>
. For more information please see our branching strategy.
For details on contributing to this repository, see the contributing guide.
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, view Microsoft's CLA.
When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repositories using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
Many people all over the world have helped make this project better. You'll want to check out:
Security issues and bugs should be reported privately, via email, to the Microsoft Security Response Center (MSRC) secure@microsoft.com. You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Further information, including the MSRC PGP key, can be found in the Security TechCenter.
Azure SDK for Java is licensed under the MIT license.
FAQs
Unknown package
We found that com.azure.resourcemanager:azure-resourcemanager-deviceprovisioningservices demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.