Open tdefise opened 2 months ago
Hi @tdefise, we do have a Policy within Checkov that checks for this: CKV_AZURE_15
Checkov Doc Link: https://www.checkov.io/5.Policy%20Index/terraform.html#:~:text=1217,CKV_AZURE_15
Hi @itariq20,
CKV_AZURE_15 check for "minimum_tls_version" cc https://github.com/bridgecrewio/checkov/blob/449df380f076d618b1e404e4a7bddad52131b35c/checkov/terraform/checks/resource/azure/AppServiceMinTLSVersion.py#L18
However, I don't see checks for "scm_minimum_tls_version"
Describe the issue It seems that there are no checks in order to ensure that web apps have their SCM minimum TLS version is set to 1.2
Examples
Version (please complete the following information):
Additional context
Having SCM set to a minimum TLS version of 1.2 ensure that data-in-transit will be encrypted using a current TLS version, which is less likely subject to attack, and also required by some regulatory requirements. Even if by default it is set to 1.2, it's always good to have a check that ensure that if someone specified the parameter with an version not equal to 1.2, it would be flagged