ECR Private Repository Does Not Have Image Scanning Configured

Overview

This check verifies the presence of image scanning configuration in a private Amazon ECR repository. The check result is unsuccessful if the private ECR repository lacks configuration for either scan-on-push or continuous scanning.

ECR image scanning is a valuable tool for detecting software vulnerabilities within container images. Utilizing the Common Vulnerabilities and Exposures (CVEs) database from the open-source Clair project, ECR delivers a comprehensive list of scan findings. Enabling image scanning on ECR repositories enhances the assurance of image integrity and safety during storage.

Vendor

AWS

Cloud Service

ECR

ECR.1

Severity

Item Types

AWS::ECR::Repository

Overview​

Vendor​

Cloud Service​

Related Controls​

Severity​

Item Types​

Overview

Vendor

Cloud Service

Related Controls

Severity

Item Types