turbot/azure_compliance

Query: securitycenter_container_image_scan_enabled

Usage

powerpipe query azure_compliance.query.securitycenter_container_image_scan_enabled

SQL

select
sub_assessment.id as resource,
case
when container_registry_vulnerability_properties ->> 'AssessedResourceType' = 'ContainerRegistryVulnerability' then 'ok'
else 'alarm'
end as status,
case
when container_registry_vulnerability_properties ->> 'AssessedResourceType' = 'ContainerRegistryVulnerability' then sub_assessment.name || ' container image scan enabled.'
else sub_assessment.name || ' container image scan disabled.'
end as reason
, sub.display_name as subscription
from
azure_security_center_sub_assessment sub_assessment
right join azure_subscription sub on sub_assessment.subscription_id = sub.subscription_id;

Controls

The query is being used by the following controls: