CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-CC-00481
- creditSnyk Research Team
Description
The blob soft delete configuration ensures that storage blobs remain recoverable for a set time even if data is deleted. Enabling soft delete protects data from user error or malicious actors that may deliberately delete data.
How to fix?
Set Microsoft.Storage/storageAccounts/blobServices properties.deleteRetentionPolicy.enabled attribute to be true and properties.deleteRetentionPolicy.days to 7 or greater.
Example Configuration
{
"type": "Microsoft.Storage/storageAccounts/blobServices",
"apiVersion": "2021-06-01",
"name": "azure-648-allowed/default",
"properties": {
"deleteRetentionPolicy": {
"days": 7,
"enabled": true
},
"isVersioningEnabled": true
}
}
Set blob_properties.delete_retention_policy.days to 7 or greater.
Example Configuration
resource "azurerm_storage_account" "allowed" {
name = "storageaccountname481"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
account_tier = "Standard"
account_replication_type = "GRS"
blob_properties {
delete_retention_policy {
days = 7
}
}
}