Control: Azure Defender for container registries should be enabled
Description
Azure Defender for container registries provides vulnerability scanning of any images pulled within the last 30 days, pushed to your registry, or imported, and exposes detailed findings per image.
Usage
Run the control in your terminal:
powerpipe control run terraform_azure_compliance.control.container_registry_azure_defender_enabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run terraform_azure_compliance.control.container_registry_azure_defender_enabled --shareSQL
This control uses a named query:
select address as resource, case when (attributes_std ->> 'resource_type') = 'AppServices' and (attributes_std ->> 'tier') = 'Standard' then 'ok' else 'info' end status, split_part(address, '.', 2) || case when (attributes_std ->> 'resource_type') = 'ContainerRegistry' and (attributes_std ->> 'tier') = 'Standard' then ' Azure Defender on for Container Registry' else ' Azure Defender off for Container Registry' end || '.' reason , path || ':' || start_linefrom terraform_resourcewhere type = 'azurerm_security_center_subscription_pricing';