Remove vulnerable container images

March 21, 2025 ยท View on GitHub

SYNOPSIS

Remove container images with known vulnerabilities.

DESCRIPTION

When Microsoft Defender for container registries is enabled, Microsoft Defender scans container images. Container images are scanned for known vulnerabilities and marked as healthy or unhealthy. Vulnerable container images should not be used.

RECOMMENDATION

Consider using removing container images with known vulnerabilities.

NOTES

This rule applies when analyzing resources deployed (in-flight) to Azure.