Remove vulnerable container images

Security · Container Registry · Rule · 2020_12 · Critical

Remove container images with known vulnerabilities.

Description

When Microsoft Defender for container registries is enabled, Microsoft Defender scans container images. Container images are scanned for known vulnerabilities and marked as healthy or unhealthy. Vulnerable container images should not be used.

Recommendation

Consider using removing container images with known vulnerabilities.

Notes

This rule applies when analyzing resources deployed (in-flight) to Azure.

Links

• Review and remediate recommendations
• Introduction to Azure Defender for container registries
• Overview of Microsoft Defender for Containers
• Secure the images and run time

Comments