Remove vulnerable container images#
Security · Container Registry · Rule · 2020_12 · Critical
Remove container images with known vulnerabilities.
Description#
When Microsoft Defender for container registries is enabled, Microsoft Defender scans container images. Container images are scanned for known vulnerabilities and marked as healthy or unhealthy. Vulnerable container images should not be used.
Recommendation#
Consider using removing container images with known vulnerabilities.
Notes#
This rule applies when analyzing resources deployed (in-flight) to Azure.
Links#
- SE:02 Secured development lifecycle
- Introduction to Azure Defender for container registries
- Overview of Microsoft Defender for Containers
- Secure the images and run time