is such a feature on the roadmap? where can we provide feedback/vote on feature?
Azure Container registry vulnerabilities - setting scope of Defender for Cloud scanning
Greetings,
we have enabled Defender for Cloud for our subscription, and one of the biggest recommendations is the "Container registry images should have vulnerability findings resolved".
DFC reports on all containers in the registry, where none of them but one are actually deployed or running. The only one actually active and running is the 'latest' container.
Is there a way to turn off reporting on these vulnerabilities on certain containers, e.g. any without the 'latest' tag? Is this good practice?
I know the following criteria can be used to disable rules:
Finding ID
Category
Security check
CVSS v3 scores
Severity
Patchable status
But I would actually need something to reference the image, not the finding.
To me it seems redundant to get a lower security score and always active recommendations for containers that are just archived, not active & deployed.
Thougts on this?
Thanks in advance!
3 answers
Sort by: Newest
-
-
Marilee Turscak-MSFT 34,046 Reputation points Microsoft Employee
2022-09-14T22:41:40.367+00:00 Hi @NSimpraga ,
Just checking to see if you were able to see the response from @Givary-MSFT .
We have passed your feedback along to the engineering team to customize the rules, reference the image, and turn off reporting for certain archived containers and created a work item for them.
You are also welcome to leave your own feedback on the page that @Givary-MSFT shared if you want to add more details about your scenario.
Let me know if you have further questions.
-
Givary-MSFT 28,321 Reputation points Microsoft Employee
2022-09-08T08:52:08.517+00:00 Thank you for reaching out to us. As I understand you are looking for customize disable rules to ignore a finding within Defender for Cloud.
Researched on your ask, As you mentioned in your query as well following is the only criteria which can be used to disable findings, we don't have any criteria to reference the image.
Finding ID
Category
Security check
CVSS v3 scores
Severity
Patchable statusReference: https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-usage
However you can share your feedback on https://feedback.azure.com/d365community about this feature request which is closely monitored by our engineering team.
Let me know if you have any further questions.