Ensure that LocalGit repository folder is not set to 'wwwroot' for Azure App Service

HIGH

Description

Azure App service is configured with LocalGit as source code management type, and repository folder is set to 'wwwroot'. This may make expose the source code to public internet.

Remediation

In Azure Console -

Open the Azure Portal and go to App Service.
Select the App Service that got violated.
Under Settings, Select Configuration and in Application settings, edit 'SCM_REPOSITORY_PATH' to a valid repository folder.

In Terraform -

In the azurerm_app_service resource, set 'SCM_REPOSITORY_PATH' to a valid repository folder.

References:
https://learn.microsoft.com/en-us/azure/app-service/deploy-local-git?source=recommendations&tabs=cli
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service#scm_type

Policy Details

Rule Reference ID: AC_AZURE_0243

CSP: Azure

Remediation Available: No

Domain: Configuration and Vulnerability Analysis

Resource: azurerm_app_service

Resource Category: Serverless

Resource Type: App Service

Frameworks

GDPR
NIST-800-171
NIST-800-53
NIST-CSF
HIPAA