Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
[//]: # "
PR Title
Be aware that we use the title to create changelog automatically and therefore only allow specific prefixes
- break: to indicate a breaking change, this supersedes any of the types
- feat: to indicate new features or checks
- fix: to indicate a bugfix or handling of edge cases of existing checks
- docs: to indicate an update to our documentation
- chore: to indicate adjustments to workflow files or dependency updates
- platform: to indicate a change needed for the platform
Additionally a scope is needs to be added to the prefix, which indicates the targeted framework, in doubt choose 'general'.
#
Allowed prefixs:
Ensure that Azure Defender for cloud is set to On for Resource Manager, Checks if Azure Defender protection is enabled for cloud resources management.
#
ex.
feat(terraform): add CKV_AWS_123 to ensure that VPC Endpoint Service is configured for Manual Acceptance
"
Description
I added a new security check named "Ensure that Azure Defender for cloud is set to On for Resource Manager" to our testing framework. The check examines the configuration of Azure Defender protection for the Resource Manager service in the cloud.
The motivation behind this change is to ensure that Azure Defender protection is properly configured and activated for Resource Manager by cloud administrators. By enforcing this check, we aim to enhance the security posture of cloud environments by ensuring that basic security configurations are in place according to organizational requirements.
This change requires the integration of the new security check into the existing testing framework. Additionally, it relies on the availability of Azure resources and configurations for testing purposes.
Fixes # (issue)
New/Edited policies (Delete if not relevant)
Description
Include a description of what makes it a violation and any relevant external links.
Fix
How does someone fix the issue in code and/or in runtime?
Checklist:
[X] My code follows the style guidelines of this project
[X] I have performed a self-review of my own code
[ ] I have commented my code, particularly in hard-to-understand areas
[X] I have made corresponding changes to the documentation
[X] I have added tests that prove my feature, policy, or fix is effective and works
[ ] New and existing tests pass locally with my changes
[ ] Any dependent changes have been merged and published in downstream modules
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
[//]: # "
PR Title
Ensure that Azure Defender for cloud is set to On for Resource Manager, Checks if Azure Defender protection is enabled for cloud resources management. # ex. feat(terraform): add CKV_AWS_123 to ensure that VPC Endpoint Service is configured for Manual Acceptance "
Description
I added a new security check named "Ensure that Azure Defender for cloud is set to On for Resource Manager" to our testing framework. The check examines the configuration of Azure Defender protection for the Resource Manager service in the cloud. The motivation behind this change is to ensure that Azure Defender protection is properly configured and activated for Resource Manager by cloud administrators. By enforcing this check, we aim to enhance the security posture of cloud environments by ensuring that basic security configurations are in place according to organizational requirements. This change requires the integration of the new security check into the existing testing framework. Additionally, it relies on the availability of Azure resources and configurations for testing purposes.
Fixes # (issue)
New/Edited policies (Delete if not relevant)
Description
Include a description of what makes it a violation and any relevant external links.
Fix
How does someone fix the issue in code and/or in runtime?
Checklist: