Azure storage account allows plaintext transport
Part of Security, which counts for 30% of the overall score. When this check fires it deducts 8 points from that category, once per scan, no matter how many places it turns up.
What it detects
enable_https_traffic_only = false lets clients reach the storage account over unencrypted HTTP, so data and shared-key signatures can be read on the network path.
Why it matters
enable_https_traffic_only = false lets clients reach the storage account over plain HTTP, so blob data and the shared-key signatures used to authenticate requests can be read or tampered with on the network path. Requiring HTTPS is a baseline transport protection and is expected by most compliance baselines.
How to fix it
Set enable_https_traffic_only = true (or remove it, since current provider versions default to true) on the azurerm_storage_account, and set min_tls_version to "TLS1_2". Update any client that still uses http:// endpoints to https://. Apply the same settings across all storage accounts.
The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing
Does your repo trip this check?
Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.
Scan your repo