Enable vulnerability scanning for images that are in a private ACR
Currently ASC cannot scan images stored in an ACR that is in a private VNet or protected via Firewall rules. Customers who have such ACR instances cannot leverage the ASC image scanning capabilities for such scenarios.
This seems to be a rub in Azure, one team fights to enable features while another attempts to secure it - leaving features behind and leaving you with yet another security tradeoff to consider.
Ex - cant use SQL Vulnerability Assessment if you want to put a firewall on your storage account: https://github.com/MicrosoftDocs/azure-docs/issues/36124
Ex- cannot use KeyVault integration with AppGateway if you want a firewall on your keyvault : https://github.com/MicrosoftDocs/azure-docs/issues/33157
Ex - various feature limitations when using private AKS clusters