Azure Container Registry (ACR) Does Not Have a Quarantine Policy Enabled

Description

The container image quarantine feature in Azure Container Registry enables you to take control over the distribution of images by quarantining them until they're verified. This is particularly important in supply chain security to ensure that only verified and scanned images are used.

This policy ensures that the quarantine policy is enabled for Azure Container Registry.

Code Example

terraform

resource "azurerm_container_registry" "example" {
  name                     = "exampleContainerRegistry"
  resource_group_name      = azurerm_resource_group.example.name
  location                 = azurerm_resource_group.example.location
  sku                      = "Premium"
  admin_enabled            = false
  
+ quarantine_policy_enabled = true
}

Remediation

Terraform

Resource: azurerm_container_registry
Arguments: quarantine_policy_enabled

Rule Details

Field	Value
ID	IAC-0673
Severity	MEDIUM
IaC Type	arm
Frameworks	Terraform,
Checkov ID	CKV_AZURE_166

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Azure Container Registry (ACR) Does Not Have a Quarantine Policy Enabled

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Azure Container Registry (ACR) Does Not Have a Quarantine Policy Enabled ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Azure Container Registry (ACR) Does Not Have a Quarantine Policy Enabled

Description

Code Example

Remediation

Rule Details

References