Skip to content

feat(query): implements "Beta - Storage Account With Cross Tenant Replication Enabled"#7835

Merged
cx-andre-pereira merged 3 commits into
masterfrom
AST-116661_51_9.3.7_ensure_cross_tenant_replication_is_not_enabled
Dec 9, 2025
Merged

feat(query): implements "Beta - Storage Account With Cross Tenant Replication Enabled"#7835
cx-andre-pereira merged 3 commits into
masterfrom
AST-116661_51_9.3.7_ensure_cross_tenant_replication_is_not_enabled

Conversation

@cx-andre-pereira

@cx-andre-pereira cx-andre-pereira commented Nov 7, 2025
edited
Loading

Copy link
Copy Markdown
Contributor

Reason for Proposed Changes

  • Currently there is no query to ensure that resources of type "azurerm_storage_account" do not set the "cross_tenant_replication_enabled" field to true.

  • Quoting CIS_Microsoft_Azure_Foundations_Benchmark_v5.0.0 page 533: "Disabling Cross Tenant Replication minimizes the risk of unauthorized data access and ensures that data governance policies are strictly adhered to. This control is especially critical for organizations with stringent data security and privacy requirements, as it prevents the accidental sharing of sensitive information."

Proposed Changes

  • Implemented the missing query.
  • The query will flag any "azurerm_storage_account" resource that sets the "cross_tenant_replication_enabled" field to true.

I submit this contribution under the Apache-2.0 license.

@github-actions github-actions Bot added feature New feature query New query feature labels Nov 7, 2025
@github-actions

github-actions Bot commented Nov 7, 2025
edited
Loading

Copy link
Copy Markdown
Contributor

kics-logo

KICS version: v2.1.17

Category Results
CRITICAL CRITICAL 0
HIGH HIGH 0
MEDIUM MEDIUM 0
LOW LOW 0
INFO INFO 0
TRACE TRACE 0
TOTAL TOTAL 0
Metric Values
Files scanned placeholder 1
Files parsed placeholder 1
Files failed to scan placeholder 0
Total executed queries placeholder 47
Queries failed to execute placeholder 0
Execution time placeholder 0

@cx-andre-pereira cx-andre-pereira marked this pull request as ready for review November 7, 2025 16:45
@cx-andre-pereira cx-andre-pereira requested a review from a team as a code owner November 7, 2025 16:45
@github-actions github-actions Bot added terraform Terraform query azure PR related with Azure Cloud labels Nov 7, 2025
cx-eduardo-semanas
cx-eduardo-semanas previously approved these changes Nov 27, 2025
View reviewed changes

@cx-eduardo-semanas cx-eduardo-semanas left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

cx-eduardo-semanas
cx-eduardo-semanas approved these changes Dec 9, 2025
View reviewed changes

@cx-eduardo-semanas cx-eduardo-semanas left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@cx-andre-pereira cx-andre-pereira merged commit afdf6da into master Dec 9, 2025
29 checks passed
@cx-andre-pereira cx-andre-pereira deleted the AST-116661_51_9.3.7_ensure_cross_tenant_replication_is_not_enabled branch December 9, 2025 11:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@cx-eduardo-semanas cx-eduardo-semanas cx-eduardo-semanas approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

azure PR related with Azure Cloud feature New feature query New query feature terraform Terraform query

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cx-andre-pereira @cx-eduardo-semanas