Azure Container Registry (ACR) Isn't Configured to Use Signed/Trusted Images

Description

Using signed or trusted images ensures that the images being used in your deployments are verified and not tampered with. Enabling this feature in Azure Container Registry adds a layer of security by ensuring only signed images can be pulled and run.

This policy checks whether Azure Container Registry has trust policy enabled for signed images.

Code Example

terraform

resource "azurerm_container_registry" "example" {
  name                     = "exampleContainerRegistry"
  resource_group_name      = azurerm_resource_group.example.name
  location                 = azurerm_resource_group.example.location
  sku                      = "Standard"
  admin_enabled            = false

  # If using azurerm version below 4.0
+ trust_policy {
+   enabled = true
+ }

  # If using azurerm version 4.0 and above
+ trust_policy_enabled     = true
}

Remediation

Terraform

Resource: azurerm_container_registry
Arguments: trust_policy_enabled

Rule Details

Field	Value
ID	IAC-0671
Severity	MEDIUM
IaC Type	Terraform
Frameworks	Terraform,
Checkov ID	CKV_AZURE_164

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Azure Container Registry (ACR) Isn't Configured to Use Signed/Trusted Images

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Azure Container Registry (ACR) Isn't Configured to Use Signed/Trusted Images ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Azure Container Registry (ACR) Isn't Configured to Use Signed/Trusted Images

Description

Code Example

Remediation

Rule Details

References