Checking for vulnerabilities in Azure Function app base image

Question

We're encountering numerous alerts in Microsoft Defender for Cloud related to container registries, specifically the "Container images in Azure registry should have vulnerability findings resolved" warning. After investigating the base images of the associated repositories, it turns out that most of them are using the base image docker pull mcr.microsoft.com/azure-functions/dotnet:4.

Guides to Azure Functions that use Docker, such as Create a function on Linux using a custom container, all say I have to start with one of the Azure Functions-specific images, such as "mcr.microsoft.com/azure-functions/dotnet:4", of which there aren't very many choices and none of them mention a Linux version.

This base image seems to be the source of the multiple findings. Is there a way to confirm if this image is updated and to obtain details on the Linux and vendor versions included in the container?

Answer 1

Hello @Arshad Azeem Based on the provided document, Microsoft Defender for Cloud offers vulnerability analysis for Azure Container Registry images.

You can use Microsoft Defender for Container Registries to scan your images for vulnerabilities. Regarding your question about the base image docker pull mcr.microsoft.com/azure-functions/dotnet:4, I am not sure about the specific details of the Linux and vendor versions included in the container.

However, you can check if this image is updated by running the command docker pull mcr.microsoft.com/azure-functions/dotnet:4 to pull the latest version of the image.

If there is a newer version available, it will be downloaded. If you are still encountering alerts related to this image, you may want to consider using a different base

---

I hope that this response has addressed your query and helped you overcome your challenges. If so, please mark this response as Answered. This will not only acknowledge our efforts, but also assist other community members who may be looking for similar solutions.