Azure Container registry vulnerabilities - setting scope of Defender for Cloud scanning

NSimpraga 166 Reputation points
2022-09-07T10:34:00.293+00:00

Greetings,

we have enabled Defender for Cloud for our subscription, and one of the biggest recommendations is the "Container registry images should have vulnerability findings resolved".
DFC reports on all containers in the registry, where none of them but one are actually deployed or running. The only one actually active and running is the 'latest' container.

Is there a way to turn off reporting on these vulnerabilities on certain containers, e.g. any without the 'latest' tag? Is this good practice?

I know the following criteria can be used to disable rules:

Finding ID
Category
Security check
CVSS v3 scores
Severity
Patchable status

But I would actually need something to reference the image, not the finding.

To me it seems redundant to get a lower security score and always active recommendations for containers that are just archived, not active & deployed.
Thougts on this?

Thanks in advance!

Azure Container Registry
Azure Container Registry
An Azure service that provides a registry of Docker and Open Container Initiative images.
389 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,194 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Givary-MSFT 27,886 Reputation points Microsoft Employee
    2022-09-08T08:52:08.517+00:00

    @NSimpraga

    Thank you for reaching out to us. As I understand you are looking for customize disable rules to ignore a finding within Defender for Cloud.

    Researched on your ask, As you mentioned in your query as well following is the only criteria which can be used to disable findings, we don't have any criteria to reference the image.

    Finding ID
    Category
    Security check
    CVSS v3 scores
    Severity
    Patchable status

    Reference: https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-usage

    However you can share your feedback on https://feedback.azure.com/d365community about this feature request which is closely monitored by our engineering team.

    Let me know if you have any further questions.

  2. Marilee Turscak-MSFT 33,801 Reputation points Microsoft Employee
    2022-09-14T22:41:40.367+00:00

    Hi @NSimpraga ,

    Just checking to see if you were able to see the response from @Givary-MSFT .

    We have passed your feedback along to the engineering team to customize the rules, reference the image, and turn off reporting for certain archived containers and created a work item for them.

    You are also welcome to leave your own feedback on the page that @Givary-MSFT shared if you want to add more details about your scenario.

    Let me know if you have further questions.

    0 comments
  3. Tilo 6 Reputation points
    2023-02-09T01:25:53.5033333+00:00

    is such a feature on the roadmap? where can we provide feedback/vote on feature?