Skip to content

[RULE] AZ-KV-002: Key Vault not using private endpoint #7

Closed
Closed
[RULE] AZ-KV-002: Key Vault not using private endpoint#7
Assignees
parthrohit22
Labels
good first issuePerfect for first time contributorsnew-ruleAdding a new misconfiguration scan rule
@Vishnu2707

Description

@Vishnu2707
Vishnu2707
opened on Apr 25, 2026

What to build

A scan rule that detects Azure Key Vaults accessible over the
public internet without a private endpoint configured. This exposes
secrets, keys, and certificates to potential network-level attacks.

Rule details

  • Rule ID: AZ-KV-002
  • Severity: HIGH
  • Category: Key Vault
  • Frameworks: CIS 8.5, NIST AC-17, ISO 27001 A.13.1.1

Files to create

  • scanner/rules/az_kv_002.py — follow template in CONTRIBUTING.md
  • playbooks/cli/fix_az_kv_002.sh — Azure CLI remediation script

How to get started

  1. Read CONTRIBUTING.md
  2. Fork the repo, create branch feat/az-kv-002
  3. Write the rule and playbook
  4. Open a PR to dev

Acceptance Criteria

  • Rule follows template exactly
  • Returns correct findings JSON
  • Playbook script tested
  • Framework mappings included

Metadata

Metadata

Assignees

Labels

good first issuePerfect for first time contributorsnew-ruleAdding a new misconfiguration scan rule

Type

No type

Fields

No fields configured for issues without a type.

Projects

OpenShield MVP — Phase 1

Status

✅ Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions