Ensure that Azure Defender is set to On Container Registries

azure_defender_on_container_reg

Severity

high

Vendor

Azure

Resource

Azure Defender

Description

Azure Defender also extends its protection to container registries within the Azure ecosystem. This means that it actively monitors and safeguards your container images and related artifacts stored in Azure Container Registry (ACR) against potential security threats. By analyzing the security of these container images and registries, Azure Defender helps you ensure that your containerized applications are free from vulnerabilities and protected against unauthorized access, reducing the risk of security breaches and ensuring the integrity of your containerized workloads.

Examples

Terraform

resource "azurerm_security_center_subscription_pricing" {
  tier          = "Standard"
  resource_type = "ContainerRegistry" (1)
}

1	KubernetesServices is not set as a resource_type. (Paid feature, not in Free tier)

Mitigation / Fix

Buildtime

Terraform

resource "azurerm_security_center_subscription_pricing" "standard_servers" {
  tier          = "Standard"
    resource_type = "AppServices,ContainerRegistry,KeyVaults,KubernetesService,SqlServers,SqlServerVirtualMachines,StorageAccounts,VirtualMachines,ARM,DNS"(1)
}

1	Fixed, KubernetesService added as a resource.