search

bridgecrewio / checkov

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
https://www.checkov.io/
Apache License 2.0
6.72k stars 1.08k forks source link

CKV_AZURE_80 outdated #6343

Closed l33tCod-er closed 1 month ago

l33tCod-er commented 1 month ago

Describe the issue We are using Terraform to setup a windows service. We use resource of type "azurerm_windows_web_app", so that the rule CKV_AZURE_80 is applied / checked:

Source

Examples

Our config looks as:

resource "azurerm_windows_web_app" "app-service" {
...
  site_config {
    default_documents = ["readme.html", "index.html"]
    always_on         = true
    ftps_state        = "Disabled"
    http2_enabled     = true
    application_stack {
      dotnet_version = "v8.0"
    }
  }
...
}

We get: [None][CKV_AZURE_80] Ensure that 'Net Framework' version is the latest, if used as a part of the web app. From the sources it seems it expects dotnet v7.0, so it shall be updated to accept all LTS.

Version (please complete the following information):