Is there a good way to prevent defender for cloud recommendations/warnings before doing changes?
Defender for DevOps usually deals with SAST scanning on repos, but the warnings I’m interested in blocking are terraform changes that modifies/creates resources in Azure that in turn leads to defender for cloud warnings.
For example
- Using Storage account with SAS tokens
- No firewall set in SQL Server instance
- Function App should only be accessible over HTTPS
Context/Background:
We use Terraform code checked in git to configure and deploy hundreds of instances of SQL, appservers, in-house applications in docker containers and others in Azure. The idea is to shift security left and fail the TF build pipelines instead of chasing down teams after defender findings.
You need to sign in to view this answers
Leave feedback about this