Severity Framework
CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Snyk CCSS
Rule category
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
Availability/ Redundancy
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
CSA-CCMGDPRHIPAAISO-27001NIST-800-53SOC-2
- Snyk IDSNYK-CC-00516
- creditSnyk Research Team
Description
Missing geo-replication leads to reduced availability of container images.
How to fix?
Set a replication block within the resource, including a valid location attribute.
Example Configuration
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"type": "Microsoft.ContainerRegistry/registries",
"apiVersion": "2019-05-01",
"name": "allowed1",
"location": "[resourceGroup().location]",
"sku": {
"name": "Premium",
"tier": "Premium"
},
"properties": {
"adminUserEnabled": false,
"networkRuleSet": {
"defaultAction": "Deny",
"virtualNetworkRules": [],
"ipRules": []
},
"replication": [
{
"location": "East US",
"zoneRedundancy": false
},
{
"location": "West Europe",
"zoneRedundancy": false
}
]
}
}
]
}
Set a georeplications block within the resource, including a valid location attribute.
Example Configuration
resource "azurerm_container_registry" "allowed" {
name = "containerRegistry1"
resource_group_name = var.azure_geo_replication
location = var.azure_geo_replication
sku = "Premium"
admin_enabled = false
georeplications {
location = "East US"
zone_redundancy_enabled = true
tags = {}
}
georeplications {
location = "North Europe"
zone_redundancy_enabled = true
tags = {}
}
}