Add Terraform configurations for Azure resources and update CI/CD workflows #36

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged

CalinL merged 2 commits into main from feature/update17

Apr 22, 2025

Merged

Add Terraform configurations for Azure resources and update CI/CD workflows #36

Update allowed licenses in dependency review workflow to include GPL-3.0

GitHub Advanced Security / defsec failed Apr 21, 2025 in 4s

49 new alerts including 13 errors

New alerts in code changed by this pull request

13 errors
24 warnings
12 notes

See annotations below for details.

View all branch alerts.

Annotations

Check failure on line 25 in terraform/azure/aks.tf

Code scanning / defsec

Ensure AKS cluster has Network Policy configured Error

Kubernetes cluster does not have a network policy set.

Check failure on line 25 in terraform/azure/aks.tf

Code scanning / defsec

Ensure AKS has an API Server Authorized IP Ranges enabled Error

Cluster does not limit API access to specific IP addresses.

Check warning on line 16 in terraform/azure/aks.tf

Code scanning / defsec

Ensure AKS logging to Azure Monitoring is Configured Warning

Cluster does not have logging enabled via OMS Agent.

Check failure on line 23 in terraform/azure/aks.tf

Code scanning / defsec

Ensure RBAC is enabled on AKS clusters Error

Cluster has RBAC disabled

Check notice on line 21 in terraform/azure/app_service.tf

Code scanning / defsec

Web App has registration with AD enabled Note

App service does not have an identity type.

Check warning on line 21 in terraform/azure/app_service.tf

Code scanning / defsec

App Service authentication is activated Warning

App service does not have authentication enabled.

Check notice on line 21 in terraform/azure/app_service.tf

Code scanning / defsec

Web App accepts incoming client certificate Note

App service does not have client certificates enabled.

Check notice on line 20 in terraform/azure/app_service.tf

Code scanning / defsec

Web App uses the latest HTTP version Note

App service does not have HTTP/2 enabled.

Check failure on line 19 in terraform/azure/app_service.tf

Code scanning / defsec

Web App uses latest TLS version Error

App service does not require a secure TLS version.

Check notice on line 33 in terraform/azure/app_service.tf

Code scanning / defsec

Web App has registration with AD enabled Note

App service does not have an identity type.

Check notice on line 33 in terraform/azure/app_service.tf

Code scanning / defsec

Web App uses the latest HTTP version Note

App service does not have HTTP/2 enabled.

Check notice on line 33 in terraform/azure/app_service.tf

Code scanning / defsec

Web App accepts incoming client certificate Note

App service does not have client certificates enabled.

Check warning on line 31 in terraform/azure/app_service.tf

Code scanning / defsec

App Service authentication is activated Warning

App service does not have authentication enabled.

Check failure on line 17 in terraform/azure/instance.tf

Code scanning / defsec

Password authentication should be disabled on Azure virtual machines Error

Linux virtual machine allows password authentication.

Check warning on line 22 in terraform/azure/key_vault.tf

Code scanning / defsec

Key vault should have purge protection enabled Warning

Vault does not have purge protection enabled.

Check failure on line 22 in terraform/azure/key_vault.tf

Code scanning / defsec

Key vault should have the network acl block specified Error

Vault network ACL does not block access by default.

Check warning on line 37 in terraform/azure/key_vault.tf

Code scanning / defsec

Ensure that the expiration date is set on all keys Warning

Key should have an expiry date specified.

Check notice on line 43 in terraform/azure/key_vault.tf

Code scanning / defsec

Key vault Secret should have a content type set Note

Secret does not have a content-type specified.

Check notice on line 43 in terraform/azure/key_vault.tf

Code scanning / defsec

Key Vault Secret should have an expiration date set Note

Secret should have an expiry date specified.

Check warning on line 10 in terraform/azure/logging.tf

Code scanning / defsec

Ensure log profile captures all activities Warning

Log profile does not require the 'Write' category.

Check warning on line 10 in terraform/azure/logging.tf

Code scanning / defsec

Ensure log profile captures all activities Warning

Log profile does not require the 'Delete' category.

Check warning on line 10 in terraform/azure/logging.tf

Code scanning / defsec

Ensure activitys are captured for all locations Warning

Log profile does not log to all regions (68 regions missing).

Check warning on line 8 in terraform/azure/logging.tf

Code scanning / defsec

Ensure the activity retention log is set to at least a year Warning

Profile has a log retention policy of less than 1 year.

Check failure on line 50 in terraform/azure/networking.tf

Code scanning / defsec

An inbound network security rule allows traffic from /0. Error

Security group rule allows ingress from public internet.

Check failure on line 50 in terraform/azure/networking.tf

Code scanning / defsec

SSH access should not be accessible from the Internet, should be blocked on port 22 Error

Security group rule allows ingress to SSH port from multiple public internet addresses.