Governance Anti Patterns Containers

Containers

Anti-patterns are automatically detected in AI-generated output after each stage. When a pattern matches and no safe pattern exempts it, a warning is shown.

Container Apps, ACR, and container runtime configuration detection

2 checks

---

Check	Description	Agents
ANTI-CONT-001	Secrets in environment variables detected — use Key Vault references with managed identity instead. Triggers on: environment_variable, env_var Exempted by: key vault, keyvault, managed identity, secret_ref, secretref	all agents
ANTI-CONT-002	Container registry admin credentials detected — use managed identity with AcrPull role assignment. Triggers on: admin_user_enabled = true, acrpush Exempted by: managed identity, acrpull	all agents

ANTI-CONT-001

Secrets in environment variables detected — use Key Vault references with managed identity instead.

Triggers on:

• environment_variable
• env_var

Exempted by:

• key vault
• keyvault
• managed identity
• secret_ref
• secretref

Correct patterns:

• secret_ref
• secretRef
• # Use Key Vault references with managed identity
• keyVaultUrl

---

ANTI-CONT-002

Container registry admin credentials detected — use managed identity with AcrPull role assignment.

Triggers on:

• admin_user_enabled = true
• acrpush

Exempted by:

• managed identity
• acrpull

Correct patterns:

• admin_user_enabled = false
• adminUserEnabled = false
• "AcrPull"
• # Use managed identity with AcrPull role assignment

---