Azure running container images should have vulnerabilities resolved

What does this mean?

This recommendation ensures that container images actively running in Azure environments are free from known vulnerabilities. Images should be regularly scanned and updated to address newly discovered CVEs.

Benefits of implementation

• Provides continuous vulnerability assessment of running workloads
• Reduces the window of exposure to known CVEs
• Required by Defender for Cloud container security

Drawbacks and considerations

• Continuous scanning generates ongoing operational overhead
• False positives may require investigation
• Remediation may lag behind new vulnerability disclosures

Implementation

Implementation guidance coming soon.

Related recommendations

Related recommendations will be linked here.