This repository has been archived by the owner on Jul 26, 2024. It is now read-only.
[Auto] AI Gallery Standard Validation FAILED #13
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
AI Gallery Standard Validation: FAILED
Repository Management:
❌ README.md File. [How to fix?]
✔️ LICENSE.md File.
❌ SECURITY.md File. [How to fix?]
❌ CODE_OF_CONDUCT.md File. [How to fix?]
❌ CONTRIBUTING.md File. [How to fix?]
❌ ISSUE_TEMPLATE.md File. [How to fix?]
❌ Topics on repo contains ['azd-templates', 'ai-azd-templates']. [How to fix?]
Source code structure and conventions:
✔️ azure-dev.yaml File.
✔️ azure.yaml File.
✔️ infra Folder.
✔️ .devcontainer Folder.
Functional Requirements:
✔️ azd up.
✔️ azd down.
Security Requirements:
Not found security check related actions in the CI/CD pipeline.
error: AZR-000363 - Container apps environments allows you to expose your container app to the Internet.
Container apps environments deployed as external resources are available for public requests. External environments are deployed with a virtual IP on an external, public facing IP address.
Disable public network access to improve security by exposing the Container Apps environment through an internal load balancer.
This removes the need for a public IP address and prevents internet access to all Container Apps within the environment.
To provide secure access, instead consider using an Application Gateway or Azure Front Door premium in front of your Container Apps on your private VNET.
error: AZR-000005 - Azure Container Registry (ACR) includes a built-in local admin user account. The admin user account is a single user account with administrative access to the registry. This account provides single user access for early test and development. The admin user account is not intended for use with production container registries.
Instead of using the admin user account, consider using Entra ID (previously Azure AD) identities. Entra ID provides a centralized identity and authentication system for Azure. This provides a number of benefits including:
Strong account protection controls with conditional access, identity governance, and privileged identity management.
Auditing and reporting of account activity.
Granular access control with role-based access control (RBAC).
Separation of account types for users and applications.
error: AZR-000363 - Container apps environments allows you to expose your container app to the Internet.
Container apps environments deployed as external resources are available for public requests. External environments are deployed with a virtual IP on an external, public facing IP address.
Disable public network access to improve security by exposing the Container Apps environment through an internal load balancer.
This removes the need for a public IP address and prevents internet access to all Container Apps within the environment.
To provide secure access, instead consider using an Application Gateway or Azure Front Door premium in front of your Container Apps on your private VNET.
error: AZR-000005 - Azure Container Registry (ACR) includes a built-in local admin user account. The admin user account is a single user account with administrative access to the registry. This account provides single user access for early test and development. The admin user account is not intended for use with production container registries.
Instead of using the admin user account, consider using Entra ID (previously Azure AD) identities. Entra ID provides a centralized identity and authentication system for Azure. This provides a number of benefits including:
Strong account protection controls with conditional access, identity governance, and privileged identity management.
Auditing and reporting of account activity.
Granular access control with role-based access control (RBAC).
Separation of account types for users and applications.
How to fix?
The full Definition of Done of the AI-Gallery template and fix approached can be found HERE.
The text was updated successfully, but these errors were encountered: