Skip to content

Add security plans for gh-aspnet-webapp and sample-web-app #118

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
CalinL merged 1 commit into from
Feb 5, 2026

Add security plans for gh-aspnet-webapp and sample-web-app

cd91e2b
Select commit
Loading
Failed to load commit list.
Merged

Add security plans for gh-aspnet-webapp and sample-web-app #118

Add security plans for gh-aspnet-webapp and sample-web-app
cd91e2b
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / checkov failed Feb 5, 2026 in 13s

17 new alerts including 16 errors

New alerts in code changed by this pull request

  • 16 errors
  • 1 note

See annotations below for details.

View all branch alerts.

Annotations

Check failure on line 164 in blueprints/sample-web-app/bicep/main.bicep

See this annotation in the file changed.

Code scanning / checkov

Azure SQL Server threat detection alerts are enabled for all threat types Error

Azure SQL Server threat detection alerts are enabled for all threat types

Check failure on line 164 in blueprints/sample-web-app/bicep/main.bicep

See this annotation in the file changed.

Code scanning / checkov

Ensure that 'Auditing' is set to 'On' for SQL servers Error

Ensure that 'Auditing' is set to 'On' for SQL servers

Check failure on line 164 in blueprints/sample-web-app/bicep/main.bicep

See this annotation in the file changed.

Code scanning / checkov

Ensure that 'Email service and co-administrators' is 'Enabled' for MSSQL servers Error

Ensure that 'Email service and co-administrators' is 'Enabled' for MSSQL servers

Check failure on line 164 in blueprints/sample-web-app/bicep/main.bicep

See this annotation in the file changed.

Code scanning / checkov

Ensure that 'Send Alerts To' is enabled for MSSQL servers Error

Ensure that 'Send Alerts To' is enabled for MSSQL servers

Check failure on line 164 in blueprints/sample-web-app/bicep/main.bicep

See this annotation in the file changed.

Code scanning / checkov

Ensure the Azure SQL Database Namespace is zone redundant Error

Ensure the Azure SQL Database Namespace is zone redundant

Check failure on line 146 in blueprints/sample-web-app/bicep/main.bicep

See this annotation in the file changed.

Code scanning / checkov

Azure SQL Server threat detection alerts are enabled for all threat types Error

Azure SQL Server threat detection alerts are enabled for all threat types

Check failure on line 146 in blueprints/sample-web-app/bicep/main.bicep

See this annotation in the file changed.

Code scanning / checkov

Ensure that 'Auditing' Retention is 'greater than 90 days' for SQL servers Error

Ensure that 'Auditing' Retention is 'greater than 90 days' for SQL servers

Check failure on line 146 in blueprints/sample-web-app/bicep/main.bicep

See this annotation in the file changed.

Code scanning / checkov

Ensure that 'Auditing' is set to 'On' for SQL servers Error

Ensure that 'Auditing' is set to 'On' for SQL servers

Check failure on line 146 in blueprints/sample-web-app/bicep/main.bicep

See this annotation in the file changed.

Code scanning / checkov

Ensure Azure AD authentication is enabled for Azure SQL (MSSQL) Error

Ensure Azure AD authentication is enabled for Azure SQL (MSSQL)

Check failure on line 131 in blueprints/sample-web-app/bicep/main.bicep

See this annotation in the file changed.

Code scanning / checkov

Ensure that 'HTTP Version' is the latest, if used to run the Function app Error

Ensure that 'HTTP Version' is the latest, if used to run the Function app

Check failure on line 131 in blueprints/sample-web-app/bicep/main.bicep

See this annotation in the file changed.

Code scanning / checkov

Ensure that App Service configures health check Error

Ensure that App Service configures health check

Check failure on line 131 in blueprints/sample-web-app/bicep/main.bicep

See this annotation in the file changed.

Code scanning / checkov

Ensure that Azure Web App public network access is disabled Error

Ensure that Azure Web App public network access is disabled

Check failure on line 131 in blueprints/sample-web-app/bicep/main.bicep

See this annotation in the file changed.

Code scanning / checkov

Ensure that 'HTTP Version' is the latest if used to run the web app Error

Ensure that 'HTTP Version' is the latest if used to run the web app

Check failure on line 131 in blueprints/sample-web-app/bicep/main.bicep

See this annotation in the file changed.

Code scanning / checkov

Ensure the web app has 'Client Certificates (Incoming client certificates)' set Error

Ensure the web app has 'Client Certificates (Incoming client certificates)' set

Check failure on line 95 in blueprints/sample-web-app/bicep/main.bicep

See this annotation in the file changed.

Code scanning / checkov

Ensure the App Service Plan is zone redundant Error

Ensure the App Service Plan is zone redundant

Check failure on line 78 in blueprints/sample-web-app/bicep/main.bicep

See this annotation in the file changed.

Code scanning / checkov

Ensure that Azure Key Vault disables public network access Error

Ensure that Azure Key Vault disables public network access

Check notice on line 131 in blueprints/sample-web-app/bicep/main.bicep

See this annotation in the file changed.

Code scanning / checkov

Ensure App Service has a minimum number of instances for failover Note

Ensure App Service has a minimum number of instances for failover