Ensure Azure Defender is set to On for container registries

Explanation

Azure Defender is a cloud workload protection service that utilizes and agent-based deployment to analyze signals from Azure network fabric and the service control plane, to detect threats across all Azure resources. It can also analyze non-Azure resources, utilizing Azure Arc, including those on-premises and in both AWS and GCP (once they’ve been onboarded).

Possible Impact

Azure Defender for App Service detects attacks targeting applications running over App Service.

Suggested Resolution

Enable AppServices in Azure Defender

Insecure Example

The following example will fail the azure-security-center-defender-on-appservices check.

resource "azurerm_security_center_subscription_pricing" "bad_example" {
  tier          = "Free"
  resource_type = "VirtualMachines"
}

Secure Example

The following example will pass the azure-security-center-defender-on-appservices check.

resource "azurerm_security_center_subscription_pricing" "good_example" {
  tier          = "Standard"
  resource_type = "VirtualMachines,AppServices"
}

Getting Started
Provider Checks
Config
GitHub Actions