All container images must start with the *.azurecr.io domain
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | omission |
Description#
Container images are being pulled from registries outside of the trusted *.azurecr.io Azure Container Registry domain, increasing the risk of using unverified or potentially malicious images.
Impact#
If untrusted container registries are used, attackers could supply compromised or vulnerable images, leading to unauthorized access, data breaches, or control over the containerized environment. This weakens supply chain integrity and exposes the infrastructure to malware or exploitation.
Resolution#
Use images from trusted Azure registries.