feat(arm): add CKV_AZURE_86 to check resorce is a ContainerRegistry with tier "Standard"

[rutiNalenger]

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[//]: # "

PR Title

Be aware that we use the title to create changelog automatically and therefore only allow specific prefixes
- break:    to indicate a breaking change, this supersedes any of the types
- feat:     to indicate new features or checks
- fix:      to indicate a bugfix or handling of edge cases of existing checks
- docs:     to indicate an update to our documentation
- chore:    to indicate adjustments to workflow files or dependency updates
- platform: to indicate a change needed for the platform
Additionally a scope is needs to be added to the prefix, which indicates the targeted framework, in doubt choose 'general'.
#    
Allowed prefixs:
ansible|argo|arm|azure|bicep|bitbucket|circleci|cloudformation|dockerfile|github|gha|gitlab|helm|kubernetes|kustomize|openapi|sast|sca|secrets|serverless|terraform|general|graph|terraform_plan|terraform_json
#
ex.
feat(terraform): add CKV_AWS_123 to ensure that VPC Endpoint Service is configured for Manual Acceptance

"

Description

The function checks if a specific resource is a ContainerRegistry with tier "Standard". If so, it returns a failure result; otherwise, it returns a success result.

New/Edited policies (Delete if not relevant)

Description

Include a description of what makes it a violation and any relevant external links.

Fix

How does someone fix the issue in code and/or in runtime?

Checklist:

• [v] My code follows the style guidelines of this project
• [v] I have performed a self-review of my own code
• [v] I have commented my code, particularly in hard-to-understand areas
• [v] I have made corresponding changes to the documentation
• [v] I have added tests that prove my feature, policy, or fix is effective and works
• [v] New and existing tests pass locally with my changes
• [v] Any dependent changes have been merged and published in downstream modules

[rutiNalenger]

I dont find the right resource type, how can Iknow it?

‫בתאריך יום ג׳, 21 במאי 2024 ב-12:17 מאת ‪ChanochShayner‬‏ <‪ @.***‬‏>:‬

@.**** commented on this pull request.

In checkov/arm/checks/resource/AzureDefenderOnContainerRegistry.py https://github.com/bridgecrewio/checkov/pull/6336#discussion_r1607950123 :

• tier = properties.get("tier")
• resourceType = properties.get("resourceType")

I don't see tier and resourceType fields in Microsoft.ContainerRegistry/registries Probably this is not the resource type.

— Reply to this email directly, view it on GitHub https://github.com/bridgecrewio/checkov/pull/6336#pullrequestreview-2068034311, or unsubscribe https://github.com/notifications/unsubscribe-auth/BD7L7SH6XPVKGZKNZ3XRHILZDMGK7AVCNFSM6AAAAABIBD27B6VHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMZDANRYGAZTIMZRGE . You are receiving this because you authored the thread.Message ID: @.***>