Automatic OS image patching is disabled for Virtual Machine scale sets

Description

This policy enforces enabling automatic OS image patching on Virtual Machine Scale Sets to always keep Virtual Machines secure by safely applying latest security patches every month.

Code Example

resource "azurerm_virtual_machine_scale_set" "example" {
          ...
 +        automatic_os_upgrade = true
          ...
        }

Remediation

Terraform

Resource: azurerm_virtual_machine_scale_set
Arguments: automatic_os_upgrade

Rule Details

Field	Value
ID	IAC-0602
Severity	LOW
IaC Type	arm
Frameworks	Terraform, TerraformPlan
Checkov ID	CKV_AZURE_95

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Automatic OS image patching is disabled for Virtual Machine scale sets

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Automatic OS image patching is disabled for Virtual Machine scale sets ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Automatic OS image patching is disabled for Virtual Machine scale sets

Description

Code Example

Remediation

Rule Details

References