我知道如何获取存储库,我们可以使用
az acr repository list --name myregistry
。
但是,如何使用 azure cli 进行安全扫描后获取带有安全/漏洞问题的标签的存储库?
答案1
不幸的是,您无法直接从 CLI 获取结果。所有扫描数据都存储在 Log Analytics 中(通过 Azure 安全中心/Defender),因此您需要使用 Kusto 语言通过它进行查询。此查询将获取以下信息:
securityresources
| where type == "microsoft.security/assessments"
| summarize by assessmentKey=name //the ID of the assessment
| join kind=inner (
securityresources
| where type == "microsoft.security/assessments/subassessments"
| extend assessmentKey = extract(".*assessments/(.+?)/.*",1, id)
) on assessmentKey
| where properties.additionalData.assessedResourceType == "ContainerRegistryVulnerability"
| extend status = properties.status.code
| extend severity = properties.status.severity