Control: Container registries should restrict public network access
Description
Azure Container Registries should be configured with private endpoints and network rules to restrict public access.
Usage
Run the control in your terminal:
powerpipe control run azure_perimeter.control.container_registry_restrict_public_network_access
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_perimeter.control.container_registry_restrict_public_network_access --share
Steampipe Tables
SQL
select r.id as resource, case when public_network_access = 'Disabled' then 'ok' else 'alarm' end as status, case when public_network_access = 'Disabled' then r.name || ' prohibits public network access.' else r.name || ' allows public network access.' end as reason , r.resource_group as resource_group , sub.display_name as subscriptionfrom azure_container_registry r, azure_subscription subwhere sub.subscription_id = r.subscription_id;