Best practice rules for Container Registry
Trend Micro Cloud One™ – Conformity monitors Container Registry with the following rules:
- Configure IP Network Rules for Container Registries
Ensure that IP network rules are configured for your Azure container registries.
- Container Registries Encrypted with Customer-Managed Keys
Use Customer-Managed Keys (CMKs) to encrypt your Azure Container Registry (ACR) data.
- Disable ARM Audience Token Authentication for Container Registries
Ensure that ARM audience token authentication is disabled for Azure container registries.
- Disable Public Network Access to Container Registries
Ensure that public network access to Azure container registries is disabled.
- Enable Diagnostic Logs for Container Registries
Ensure that Diagnostic Logs are enabled for your Azure container registries.
- Enable Soft Delete for Container Registries
Ensure that Soft Delete is enabled for your Microsoft Azure container registries.
- Enable Trusted Microsoft Service Access for Container Registries
Allow trusted Microsoft services to access your network-restricted container registries.
- Use Managed Identities for Azure Container Registries
Ensure that your Microsoft Azure container registries are using managed identities.
- Use Private Endpoints for Container Registries
Ensure that network access to Azure container registries is allowed via private endpoints only.