CodeAnt AI home pagelight logodark logo
  • Support
  • Dashboard
  • Dashboard
Documentation
API Reference
Start Here
  • What is CodeAnt?
  • Join Community
Setup
  • Github
  • Bitbucket
  • Gitlab
  • Azure Devops
Pull Request Review
  • Features
  • Customize Review
  • Quality Gates
  • Integrations
Scan center
  • Code Security
  • Code Quality
  • Cloud Security
  • Engineering Productivity
Integrations
  • Jira
  • Test Coverage
  • CI/CD
IDE
  • Setup
  • Review
  • Enhancements
Rule Reference
  • Compliance
  • Anti-Patterns
  • Code Governance
  • Infrastructure Security Database
  • Application Security Database
    • Apex
    • Bash
    • C
    • Clojure
    • Cpp
    • Csharp
    • Dockerfile
    • Elixir
    • Fingerprints
    • Generic
    • Go
    • Html
    • Java
    • Javascript
    • Json
    • Kotlin
    • Ocaml
    • Php
    • Problem-based-packs
    • Python
    • Ruby
    • Rust
    • Scala
    • Solidity
    • Swift
    • Terraform
      • Aws
      • Azure
        • Best practice
        • Security
        • Security
      • Gcp
      • Lang
    • Typescript
    • Yaml
Resources
  • Open Source
  • Blogs
Azure

Security

azure-mssql-service-mintls-version

Ensure MSSQL is using the latest version of TLS encryption
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-326: Inadequate Encryption Strength
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures

azure-instance-extensions

Ensure Virtual Machine Extensions are not Installed
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control

azure-mysql-public-access-disabled

Ensure public network access enabled is set to False for MySQL servers
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control

azure-cosmosdb-disables-public-network

Ensure that Azure Cosmos DB disables public network access
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control

azure-storage-account-minimum-tlsversion

Ensure Storage Account is using the latest version of TLS encryption
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-326: Inadequate Encryption Strength
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures

azure-mysql-encryption-enabled

Ensure that MySQL server enables infrastructure encryption
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-320: CWE CATEGORY: Key Management Errors
OWASP:
- A03:2017 - Sensitive Data Exposure

azure-postgresql-encryption-enabled

Ensure that PostgreSQL server enables infrastructure encryption
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-320: CWE CATEGORY: Key Management Errors
OWASP:
- A03:2017 - Sensitive Data Exposure

azure-batchaccount-uses-keyvault-encrpytion

Ensure that Azure Batch account uses key vault to encrypt data
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-320: CWE CATEGORY: Key Management Errors
OWASP:
- A03:2017 - Sensitive Data Exposure

azure-mariadb-public-access-disabled

Ensure public network access enabled is set to False for MariaDB servers
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control

azure-key-no-expiration-date

Ensure that the expiration date is set on all keys
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-320: CWE CATEGORY: Key Management Errors
OWASP:
- A03:2017 - Sensitive Data Exposure

azure-managed-disk-encryption

Ensure Azure managed disk has encryption enabled
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-320: CWE CATEGORY: Key Management Errors
OWASP:
- A03:2017 - Sensitive Data Exposure

azure-search-publicnetwork-access-disabled

Ensure that Azure Cognitive Search disables public network access
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control

azure-dataexplorer-uses-disk-encryption

Ensure that Azure Data Explorer uses disk encryption
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-320: CWE CATEGORY: Key Management Errors
OWASP:
- A03:2017 - Sensitive Data Exposure

azure-functionapps-enable-auth

Ensure that function apps enables Authentication
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control

azure-redis-cache-public-network-access-enabled

Ensure that Azure Cache for Redis disables public network access
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control

azure-network-watcher-flowlog-period

Ensure that Network Security Group Flow Log retention period is 90 days or greater

azure-storage-blob-service-container-private-access

Ensure that Public access level is set to Private for blob containers
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control

azure-containergroup-deployed-into-virtualnetwork

Ensure that Azure Container group is deployed into virtual network
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control

azure-postgresql-server-public-access-disabled

Ensure public network access enabled is set to False for PostgreSQL servers
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control

azure-cosmosdb-accounts-restricted-access

Ensure Cosmos DB accounts have restricted access
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control

azure-vmencryption-at-host-enabled

Ensure that Virtual machine scale sets have encryption at host enabled
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-320: CWE CATEGORY: Key Management Errors
OWASP:
- A03:2017 - Sensitive Data Exposure

azure-datafactory-uses-git-repository

Ensure that Azure Data Factory uses Git repository for source control
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control

azure-iot-no-public-network-access

Ensure that Azure IoT Hub disables public network access
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control

azure-managed-disk-encryption-set

Ensure that managed disks use a specific set of disk encryption sets for the customer-managed key encryption
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-320: CWE CATEGORY: Key Management Errors
OWASP:
- A03:2017 - Sensitive Data Exposure

azure-storage-sync-public-access-disabled

Ensure that Azure File Sync disables public network access
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control

azure-monitor-log-profile-retention-days

Ensure that Activity Log Retention is set 365 days or greater

azure-cosmosdb-disable-access-key-write

Ensure that Cosmos DB accounts have access key write capability disabled
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control

azure-redis-cache-enable-non-ssl-port

Ensure that only SSL are enabled for Cache for Redis
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-319: Cleartext Transmission of Sensitive Information
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures

azure-dataexplorer-double-encryption-enabled

Ensure that Azure Data Explorer uses double encryption
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-320: CWE CATEGORY: Key Management Errors
OWASP:
- A03:2017 - Sensitive Data Exposure

azure-cognitiveservices-disables-public-network

Ensure that Cognitive Services accounts disable public network access
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control

azure-automation-encrypted

Ensure that Automation account variables are encrypted
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-320: CWE CATEGORY: Key Management Errors
OWASP:
- A03:2017 - Sensitive Data Exposure

azure-storage-account-disable-public-access

Ensure default network access rule for Storage Accounts is set to deny
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control

azure-functionapp-disallow-cors

ensure that CORS disallows all resources to access Function app
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-942: Permissive Cross-domain Policy with Untrusted Domains
OWASP:
- A05:2021 - Security Misconfiguration

azure-datalake-store-encryption

Ensure that Data Lake Store accounts enables encryption
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-320: CWE CATEGORY: Key Management Errors
OWASP:
- A03:2017 - Sensitive Data Exposure

azure-mysql-mintls-version

Ensure MySQL is using the latest version of TLS encryption
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-326: Inadequate Encryption Strength
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures

azure-key-backedby-hsm

Ensure that key vault key is backed by HSM
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-320: CWE CATEGORY: Key Management Errors
OWASP:
- A03:2017 - Sensitive Data Exposure

azure-datafactory-no-public-network-access

Ensure that Azure Data factory public network access is disabled
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control

azure-cosmosdb-have-cmk

Ensure that Cosmos DB accounts have customer-managed keys to encrypt data at rest
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-320: CWE CATEGORY: Key Management Errors
OWASP:
- A03:2017 - Sensitive Data Exposure

azure-sqlserver-public-access-disabled

Ensure that SQL server disables public network access
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control

azure-service-fabric-cluster-protection-level

Ensure that Service Fabric use three levels of protection available
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-320: CWE CATEGORY: Key Management Errors
OWASP:
- A03:2017 - Sensitive Data Exposure

azure-remote-debugging-not-enabled

Ensure that remote debugging is not enabled for app services
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control

azure-scale-set-password

Ensure that Virtual machine does not enable password authentication
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control

azure-customrole-definition-subscription-owner

Ensure that no custom subscription owner roles are created
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control

azure-postgresql-min-tls-version

Ensure PostgreSQL is using the latest version of TLS encryption
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-326: Inadequate Encryption Strength
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures

azure-sqlserver-no-public-access

Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control

azure-eventgrid-domain-network-access

Ensure that Azure Event Grid Domain public network access is disabled
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control
Best practiceAks
twitterlinkedin
Powered by Mintlify
Assistant
Responses are generated using AI and may contain mistakes.