Containers running in Azure should have vulnerability findings resolved

What does this mean?

This recommendation identifies containers currently running in Azure that have known vulnerabilities. These vulnerabilities should be resolved by updating the container image to a patched version.

Benefits of implementation

• Reduces active risk from running vulnerable workloads
• Complements image scanning with runtime vulnerability detection
• Helps prioritize remediation of actively exploited images

Drawbacks and considerations

• Updating container images may require application testing
• Some base images may not have patched versions available
• Frequent updates can disrupt deployment workflows

Implementation

Implementation guidance coming soon.

Related recommendations

Related recommendations will be linked here.