Vulnerability Scanning not enabled for Azure Container Registry
Description
Vulnerability scanning for container images is a critical security feature that helps to identify software flaws in your container images. It is highly recommended to enable this feature in Azure Container Registry to identify and fix vulnerabilities before they can be exploited.
This policy checks whether the Azure Container Registry has vulnerability scanning enabled by requiring a SKU of `Standard` or `Premium`.
Code Example
terraform
resource "azurerm_container_registry" "example" {
name = "exampleContainerRegistry"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
+ sku = "Standard"
admin_enabled = false
}Remediation
Terraform
- Resource: azurerm_container_registry
- Arguments: sku
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0670 |
| Severity | MEDIUM |
| IaC Type | arm |
| Frameworks | Terraform, |
| Checkov ID | CKV_AZURE_163 |