Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Vulnerability assessment powered by Microsoft Defender Vulnerability Management, is an out-of-box solution that empowers security teams to easily discover and remediate vulnerabilities in container images, with zero configuration for onboarding, and without deployment of any sensors.
Note
Some Azure cloud environments automatically enable vulnerability assessment and can't be toggled. For more information, see Defender for Containers support matrix.
How to enable vulnerability assessment for container registries
Before starting, verify that the scope is onboarded to Defender CSPM, Defender for Containers or Defender for Container Registries.
In the Azure portal, navigate to the Defender for Cloud's Environment Settings page.
Select the onboarded scope to one of the above plans. Then select Settings.
Ensure the Registry access extension is toggled to On.
Select Continue.
Select Save.
A notification message pops up in the top right corner that verifies that the settings were saved successfully.
Note
If you use external registries, it's recommended to enable Defender for Containers for those registries to enhance coverage of your Kubernetes environment.
How to enable coverage of runtime container images
- Enabling the Agentless scanning for machines extension together with either the K8S API access or Defender sensor extensions in the Defender for Cloud Security Posture Management or the Defender for Containers plans provides runtime container image vulnerability assessment, agnostic to the originating registry. For more information, see Onboard agentless container posture in Defender CSPM. See the Defender for Containers support matrix for details.
- The Defender for Container Registries (deprecated) plan offers no runtime coverage of container images.
Note
To support a comprehensive coverage of runtime containers scan, it's recommended to enable both registry and runtime scan.
Next steps
- Learn more about Trusted Access.
- Learn how to view and remediate vulnerability assessment findings for registry images and running images.
- Learn how to create an exemption for a resource or subscription.
- Learn more about Cloud Security Posture Management.