Prisma Cloud Application Security: Why am I seeing the Linux finding "Azure Virtual Machine (Linux) does not authenticate using SSH keys" for my Windows VM defined in Terraform?
301
Created On 03/06/25 19:15 PM - Last Modified 06/23/25 20:25 PM
Question
Suppose I had the following snippet from my terraform plan file:
"resources": [
{
"type": "Microsoft.Compute/virtualMachines",
"apiVersion": "2021-04-01",
"name": "[parameters('vmName')]",
"location": "[parameters('location')]",
"tags": {
"owner": "[parameters('vmOwner')]",
"type": "[parameters('vmType')]"
},
"properties": {
"hardwareProfile": {
"vmSize": "[variables('vmSize')]"
},
"storageProfile": {
"imageReference": {
"id": "[parameters('imageID')]"
},
"osDisk": {
"createOption": "FromImage",
"managedDisk": {
"storageAccountType": "[variables('storageAccountType')]"
},
"diskSizeGB": "[parameters('diskSizeGB')]",
"caching": "ReadWrite"
}
},
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces', concat(parameters('vmName'), '-nic'))]"
}
]
}
}
}
]
As a parameter, the type of VM is specified as "windows":
"vmType": {
"value": "windows"
}
When Checkov scans this plan file, a finding is shown for the policy: "Azure Virtual Machine (Linux) does not authenticate using SSH keys" - https://docs.prismacloud.io/en/enterprise-edition/policy-reference/azure-policies/azure-networking-policies/bc-azr-networking-1
Why is this finding shown for a Windows VM?
Environment
Prisma Cloud
Terraform
Checkov
Answer
The following attribute needs to be added in the imageReference block:
properties > storageProfile > imageReference > Add in the attribute "publisher":"Microsoft.Compute"
This is where Checkov looks for the type of VM. As seen from the screenshot above, the finding no longer appears.