How to check images in ACR are in use or not

Ravindra Shukla 116 Reputation points
2022-04-22T08:45:53.993+00:00

Hello,

I am using Azure ACR as storage for my container images. Some of my images are vulnerable, so I want to check whether those images are in use by any other resource(like pipeline, deployment, container or any other application) before deleting it.

Is it possible to identify whether the image in ACR is in use by any other resource in Azure?

Please suggest.

Azure Container Registry
Azure Container Registry
An Azure service that provides a registry of Docker and Open Container Initiative images.
389 questions

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. SUNOJ KUMAR YELURU 13,936 Reputation points MVP
    2022-04-22T11:50:29.407+00:00

    Hi @Ravindra Shukla

    You can achieve this by enabling the diagnostic settings on the container registry & passing those logs to log analytics workspace. you can write some custom kusto queries & pull the logs based on your requirement.

    If the Answer is helpful, please click Accept Answer and up-vote, so that it can help others in the community looking for help on similar topics.

    0 comments
  2. Ravindra Shukla 116 Reputation points
    2022-04-25T14:53:26.947+00:00

    Hi @SUNOJ KUMAR YELURU Thanks for your reply.

    I would also like to know whether there is any Azure CLI command to get the information about all the vulnerable images from Azure.

    I don't want to have it from UI, instead I want to get it using CLI.

    Please let me know if there is any option.

    Thanks

    0 comments
  3. SUNOJ KUMAR YELURU 13,936 Reputation points MVP
    2022-04-28T10:02:51.403+00:00

    @Ravindra Shukla

    You can try the below Azure CLI command. 

    az graph query -q "SecurityResources | where type == 'microsoft.security/assessments' | where properties.displayName contains 'Container registry images should have vulnerability findings resolved' | summarize by assessmentKey=name //the ID of the assessment | join kind=inner ( securityresources | where type == 'microsoft.security/assessments/subassessments' | extend assessmentKey = extract('.*assessments/(.+?)/.*',1, id) ) on assessmentKey | project assessmentKey, subassessmentKey=name, id, parse_json(properties), resourceGroup, subscriptionId, tenantId | extend description = properties.description, displayName = properties.displayName, resourceId = properties.resourceDetails.id, resourceSource = properties.resourceDetails.source, category = properties.category, severity = properties.status.severity, code = properties.status.code, timeGenerated = properties.timeGenerated, remediation = properties.remediation, impact = properties.impact, vulnId = properties.id, additionalData = properties.additionalData"

    refer- https://learn.microsoft.com/en-us/azure/container-registry/resource-graph-samples?tabs=azure-cli#code-try-1

    If this answers your query, do click Accept Answer and Up-Vote for the same. And, if you have any further query do let us know.

    0 comments