v1.26.0
What's changed since v1.25.0:
- New features:
- Added March 2023 baselines
Azure.GA_2023_03andAzure.Preview_2023_03by @BernieWhite.
#2138- Includes rules released before or during March 2023.
- Marked
Azure.GA_2022_12andAzure.Preview_2022_12baselines as obsolete.
- Added March 2023 baselines
- New rules:
- API Management:
- Check that wildcard
*for any configuration option in CORS policies settings is not in use by @BenjaminEngeset.
#2073
- Check that wildcard
- Azure Kubernetes Service:
- Check that the Defender profile with Azure Kubernetes Service clusters are enabled by @BenjaminEngeset.
#2123
- Check that the Defender profile with Azure Kubernetes Service clusters are enabled by @BenjaminEngeset.
- Container App:
- Check that internal-only ingress for container apps are configured by @BenjaminEngeset.
#2098 - Check that Azure File volumes for container apps are configured by @BenjaminEngeset.
#2101 - Check that the names of container apps meets the naming requirements by @BenjaminEngeset.
#2094 - Check that managed identity for container apps are configured by @BenjaminEngeset.
#2096 - Check that public network access for container apps environments are disabled by @BenjaminEngeset.
#2098
- Check that internal-only ingress for container apps are configured by @BenjaminEngeset.
- Deployment:
- Check that the names of nested deployments meets the naming requirements of deployments by @BenjaminEngeset.
#1915
- Check that the names of nested deployments meets the naming requirements of deployments by @BenjaminEngeset.
- IoT Hub:
- Check IoT Hubs in supported regions only uses TLS 1.2 version by @BenjaminEngeset.
#1996
- Check IoT Hubs in supported regions only uses TLS 1.2 version by @BenjaminEngeset.
- Service Bus:
- Check namespaces audit diagnostic logs are enabled by @BenjaminEngeset.
#1862
- Check namespaces audit diagnostic logs are enabled by @BenjaminEngeset.
- SQL Database:
- Check that Azure AD-only authentication is enabled by @BenjaminEngeset.
#2119 - Check that Azure AD authentication is configured for SQL Managed Instances by @BenjaminEngeset.
#2117
- Check that Azure AD-only authentication is enabled by @BenjaminEngeset.
- SQL Managed Instance:
- Check that managed identity for SQL Managed Instances are configured by @BenjaminEngeset.
#2120 - Check that Azure AD-only authentication is enabled by @BenjaminEngeset.
#2118
- Check that managed identity for SQL Managed Instances are configured by @BenjaminEngeset.
- API Management:
- Updated rules:
- Azure Kubernetes Service:
- Updated
Azure.AKS.Versionto use latest stable version1.25.6by @BernieWhite.
#2136- Use
AZURE_AKS_CLUSTER_MINIMUM_VERSIONto configure the minimum version of the cluster.
- Use
- Updated
- Azure Kubernetes Service:
- General improvements:
- Added a selector for premium Service Bus namespaces by @BernieWhite.
#2091 - Improved export of in-flight deeply nested API Management policies by @BernieWhite.
#2153
- Added a selector for premium Service Bus namespaces by @BernieWhite.
- Engineering:
- Bug fixes:
- Fixed dependency issue of deployments across resource group scopes by @BernieWhite.
#2111 - Fixed false positive with
Azure.Deployment.Nameby @BernieWhite.
#2109 - Fixed false positives for
Azure.AppService.AlwaysOnwith Functions and Workflows by @BernieWhite.
#943
- Fixed dependency issue of deployments across resource group scopes by @BernieWhite.
What's changed since pre-release v1.26.0-B0078:
- No additional changes.
See change log.
Contributors
BernieWhite and BenjaminEngeset