-
Notifications
You must be signed in to change notification settings - Fork 6
Governance Anti Patterns Storage
Storage account access and data exposure detection
Domain: storage
| Check | Description |
|---|---|
| ANTI-STOR-001 | Storage account shared key access enabled — disable shared key and use Entra ID RBAC with managed identity. |
| ANTI-STOR-002 | Blob public access enabled — set allowBlobPublicAccess = false. |
Storage account shared key access enabled — disable shared key and use Entra ID RBAC with managed identity.
Rationale: Shared key authentication is a legacy pattern that bypasses Entra ID conditional access, PIM, and per-identity audit trails.
Agents: terraform-agent, bicep-agent
| Services | Triggers On | Correct Patterns |
|---|---|---|
|
|
|
Blob public access enabled — set allowBlobPublicAccess = false.
Rationale: Public blob access allows anonymous internet users to read container contents without any authentication.
Agents: terraform-agent, bicep-agent
| Services | Triggers On | Correct Patterns |
|---|---|---|
|
|
|
Getting Started
Stages
Interfaces
Configuration
Agent System
Features
- Backlog Generation
- Cost Analysis
- Error Analysis
- Docs & Spec Kit
- MCP Integration
- Knowledge System
- Escalation
Quality
Help
Policies — Azure
AI Services
Compute
Data Services
- Azure SQL
- Backup Vault
- Cosmos Db
- Data Factory
- Databricks
- Event Grid
- Event Hubs
- Fabric
- IoT Hub
- Mysql Flexible
- Postgresql Flexible
- Recovery Services
- Redis Cache
- Service Bus
- Stream Analytics
- Synapse Workspace
Identity
Management
Messaging
Monitoring
Networking
- Application Gateway
- Bastion
- CDN
- DDoS Protection
- DNS Zones
- Expressroute
- Firewall
- Load Balancer
- Nat Gateway
- Network Interface
- Private Endpoints
- Public Ip
- Route Tables
- Traffic Manager
- Virtual Network
- Vpn Gateway
- WAF Policy
Security
Storage
Web & App
Policies — Well-Architected
Reliability
Security
Cost Optimization
Operational Excellence
Performance Efficiency
Integration