Risk Report for Open-Source Microsoft 365 MSP Tool

Description

Security Audit & Risk Report for Open-Source Microsoft 365 MSP Tool (CIPP)
We are a UK-based Managed Services Provider (MSP) currently assessing a powerful open-source tool called CIPP (Central Identity Policy Platform) for managing multiple Microsoft 365 tenants.
As part of our onboarding and internal governance process, we need a consultant or developer to perform a code-level security and deployment review, produce a formal risk report, and optionally assist with deployment and integration.
This is a short-term engagement with the potential for ongoing work.
Project Scope – Phase One:Review the CIPP source code (Python-based) for potential security flaws, malicious code, or poor practices.
Assess use of GDAP/DAP permissions and delegated access models.
Audit configuration files and deployment methods (Docker-based).
Evaluate dependency and supply chain risks (e.g., Python packages).
Provide a formal written report that includes:
Risk summary and threat assessment
Technical findings and recommendations
Executive-friendly summary
Skills Required:Python (secure coding & open-source auditing)
Microsoft 365 / Azure AD administration
Experience with GDAP/DAP and Microsoft Graph API
Docker and container security
Familiarity with security standards (e.g., OWASP, Cyber Essentials, ISO 27001)
Deliverables:Written risk assessment report (PDF or Word)
Summary of recommendations
(Optional) deployment assistance and SIEM integration guidance
To ideally,
Please Answer:Have you audited open-source tools or Python applications before? If so, please provide examples.
Do you have experience working with Microsoft 365 APIs or delegated admin access (GDAP/DAP)?
Are you comfortable reviewing Docker/container deployment security?
Can you provide a sample or outline of a previous risk report or security assessment you've delivered?
Budget & Timeline:Fixed price preferred for Phase One (please provide an estimate).
Target delivery: within 1–2 weeks of engagement.