Ensure Azure ACR disables anonymous image pulling

Error: Azure ACR enables anonymous image pulling

Bridgecrew Policy ID: BC_AZR_IAM_7
Checkov Check ID: CKV_AZURE_138
Bridgecrew Severity: LOW

Azure ACR enables anonymous image pulling

Description

Disabling anonymous image pulling for your Azure Container Registry (ACR) can help improve the security of your registry. When anonymous image pulling is enabled, anyone can pull images from your registry without needing to authenticate or have authorization.

Fix - Runtime

Fix - Buildtime

Terraform

  • Resource: azurerm_container_registry
  • Argument: anonymous_pull_enabled
resource "azurerm_container_registry" "ckv_unittest_pass_1" {
  name                   = "containerRegistry1"
  resource_group_name    = azurerm_resource_group.rg.name
  location               = azurerm_resource_group.rg.location
  sku                    = "Premium"
  anonymous_pull_enabled = false
}