Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Anonymous pull access should not be enabled #2422

Closed
BernieWhite opened this issue Sep 7, 2023 · 2 comments · Fixed by #2433
Closed

Anonymous pull access should not be enabled #2422

BernieWhite opened this issue Sep 7, 2023 · 2 comments · Fixed by #2433
Assignees
@BenjaminEngeset
Labels
lifecycle: preview Preview feature and rules pillar: security Aligned to the Security pillar. rule: container-registry Rules for Container Registry
Milestone
v1.30.0

Comments

@BernieWhite
Copy link
Collaborator

BernieWhite commented Sep 7, 2023
edited
Loading

Existing rule

No response

Suggested rule

Create rule Azure.ACR.AnonymousAccess that checks if anonymous access is enabled.

If anonymous is enabled, the rule should fail.

By default, anonymous is not enabled but may be explicitly set to enabled by setting properties.anonymousPullEnabled to true.

Anonymous access can currently only be enabled on Standard and Premium tiers, and is a preview feature.

Pillar

Security

Additional context
@BernieWhite BernieWhite added rule: container-registry Rules for Container Registry lifecycle: preview Preview feature and rules pillar: security Aligned to the Security pillar. labels Sep 7, 2023
@BenjaminEngeset
Copy link
Contributor

I can contribute on this one.

@BernieWhite
Copy link
Collaborator Author

Thanks @BenjaminEngeset

@BenjaminEngeset BenjaminEngeset mentioned this issue Sep 16, 2023
Merged
11 tasks
@BernieWhite BernieWhite added this to the v1.30.0 milestone Sep 23, 2023
This was referenced Oct 1, 2023
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@BenjaminEngeset BenjaminEngeset

Labels
lifecycle: preview Preview feature and rules pillar: security Aligned to the Security pillar. rule: container-registry Rules for Container Registry
Projects
None yet
Milestone
v1.30.0
Development

Successfully merging a pull request may close this issue.

feat(new): Added Azure.ACR.AnonymousAccess BenjaminEngeset/PSRule.Rules.Azure
2 participants
@BernieWhite @BenjaminEngeset