Azure App Service Web app doesn't use latest .Net framework version
Description
Azure App Service web applications developed with the .NET software stack should use the latest available version of .NET to ensure the latest security fixes are in use.
Code Example
go
{
"resource "azurerm_app_service" "example" {
...
site_config {
+ dotnet_framework_version = "v4.0"
...
}
}
",
}Remediation
Terraform
- Resource: azurerm_app_service
- Arguments: dotnet_framework_version - (Optional) The version of the .net framework's CLR used in this App Service.
Possible values are v2.0 (which will use the latest version of the .net framework for the .net CLR v2 - currently .net 3.5), v4.0 (which corresponds to the latest version of the .net CLR v4 - which at the time of writing is .net 4.7.1) and v5.0.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0588 |
| Severity | LOW |
| IaC Type | arm |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AZURE_80 |