Azure Core SDK
PyPIazure-coreazure-core is the shared transport, retry, logging, and authentication layer used by all Azure Python SDKs. It handles DefaultAzureCredential resolution, including managed identity, environment variables, and the Azure CLI token cache. Every Azure SDK package for Python depends on azure-core.
Checking Azure Core SDK
azure-core 1.30.0 is a clean version with no known supply chain compromise. The response returns compromised: false with an empty sources array.
curl "https://api.attestd.io/v1/check?product=azure-core&version=1.30.0" \
-H "Authorization: Bearer YOUR_API_KEY"{
"product": "azure-core",
"version": "1.30.0",
"supported": true,
"risk_state": "none",
"supply_chain": {
"compromised": false,
"sources": [],
"malware_type": null,
"description": null,
"advisory_url": null,
"compromised_at": null,
"removed_at": null
},
"last_updated": "2026-05-01T00:00:00Z"
}Why this package is monitored
The core credential resolution layer is present in every Azure SDK call. A compromised azure-core can intercept any Azure credential type (managed identity tokens, service principal secrets, Azure CLI tokens) across all Azure services, not just a single service's SDK.
Attestd monitors azure-core using the following detection sources:
registryManually curated advisories in the Attestd registry, verified by a human analyst. Confidence 1.0.
osvOSV.dev malicious-package advisories with IDs prefixed MAL-. Confidence 0.95.
pypi_yankVersions yanked on PyPI with a security-related yanked_reason annotation. Confidence 0.80.