Vulnerabilities
Misconfiguration
Runtime Security
Compliance
Compliance > Kubernetes > CIS - AKS 1.0 > Managed Services >

Image Registry and Image Scanning

N/A
Source
Kube Bench
ID
5.1
Version
aks-1.0

5.1 Image Registry and Image Scanning

5.1.1 Ensure Image Vulnerability Scanning using Azure Defender image scanning or a third party provider (Manual)

No remediation

5.1.2 Minimize user access to Azure Container Registry (ACR) (Manual)

Azure Container Registry If you use Azure Container Registry (ACR) as your container image store, you need to grant permissions to the service principal for your AKS cluster to read and pull images. Currently, the recommended configuration is to use the az aks create or az aks update command to integrate with a registry and assign the appropriate role for the service principal. For detailed steps, see Authenticate with Azure Container Registry from Azure Kubernetes Service. To avoid needing an Owner or Azure account administrator role, you can configure a service principal manually or use an existing service principal to authenticate ACR from AKS. For more information, see ACR authentication with service principals or Authenticate from Kubernetes with a pull secret.

5.1.3 Minimize cluster access to read-only for Azure Container Registry (ACR) (Manual)

No remediation

5.1.4 Minimize Container Registries to only those approved (Manual)

No remediation

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2023 Aqua Security Software Ltd.   Privacy Policy | Terms of Use