Checks whether the image scan feature is enabled in Security Center (SAS) and no image vulnerabilities to be fixed exist. If so, the evaluation result is Compliant.
Scenarios
This rule applies when you need to fix vulnerabilities at the earliest opportunity. This helps improve system security.
Risk level
Default risk level: medium.
When you configure this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
- If the image scan feature is enabled in SAS and no image vulnerabilities to be fixed exist, the evaluation result is Compliant.
- If the image scan feature is disabled in SAS, the evaluation result is Incompliant. If the image scan feature is enabled in SAS and one or more vulnerabilities to be fixed exist, the evaluation result is also Incompliant. For more information about how to remediate an incompliant configuration, see Incompliance remediation.
- This rule does not apply when the image scan feature is disabled or no vulnerability information is found because no image scan is performed.
Rule details
| Item | Description |
|---|---|
| Rule name | security-center-image-vul-check |
| Rule identifier | security-center-image-vul-check |
| Tag | SecurityCenter |
| Automatic remediation | Not supported |
| Trigger type | Periodic execution |
| Evaluation frequency | Interval of 24 hours |
| Supported resource type | All resources |
| Input parameter | None |
Incompliance remediation
Enable the image scan feature of SAS and make sure that no image vulnerabilities exist. For more information, see Overview.