Azure App Service Web App Doesn't Use Latest .Net Core Version

Periodically, newer versions are released for .Net Core software either due to security flaws or to include additional functionality. Using the latest .Net Core version for web apps is recommended in order to take advantage of security fixes, if any.

Policy Details

Policy Subtype
Run, Build
Template Type

Build Rules

Azure App Service Web app doesn't use latest .Net Core version.
JSON Query:
$.resource.*.azurerm_app_service[*].*[*].site_config[?( @.dotnet_framework_version !='v4.0' && @.dotnet_framework_version )] size greater than 0
Recommended solution for making sure App Service Web app uses latest .Net Core version.
It is recommended that Azure App Service Web app uses latest .Net Core version. Please make sure your template has "dotnet_framework_version" and it is set to "v4.0".
For example:
"azurerm_app_service": [ { "<app_service_name>": [ { "app_service_plan_id": "${}", "name": "example-app-service", "resource_group_name": "${}", "site_config": [ { "dotnet_framework_version": "v4.0", "scm_type": "LocalGit" } ] } ] } ]

Run Rule Recommendation

Using Portal.
  1. Go to App Services.
  2. Click on each App.
  3. Under Settings section, Click on Configuration, Select on Application settings.
  4. Ensure that Stack is set to .Net Core and Major Version is set to largest version.


There are 4 standards that are applicable to this policy:
  • MITRE ATT&CK [Beta]
  • CIS v1.1 (Azure)
  • CCPA 2018

Recommended For You