Amazon Elastic Container Registry (Amazon ECR) is an AWS-managed container image registry service that is secure, scalable, and reliable. Amazon ECR is an extension to Amazon Elastic Container Service (Amazon ECS) or Amazon Elastic Kubernetes Service (Amazon EKS). You can manually scan container images stored in Amazon ECR. Alternatively, you can configure your repositories to scan images when you push them to a repository.
Amazon ECR image scanning helps in identifying software vulnerabilities in your container images. We will be notified about the vulnerabilities once the scanning finishes.
Each container image may be scanned once per 24 hours. If scan on push is disabled on a repository, then you must manually start each image scan to get the scan results. When a new repository is configured to scan on push, all new images pushed to the repository will be scanned.
You can manually scan container images stored in Amazon ECR. Or you can configure your repositories to scan images when you push them to a repository.
Using AWS CLI:
- By this command you will get scanning configuration of the repositories
aws get-registry-scanning-configuration \ --repository-name <cluster-autoscaler>
Using AWS CLI:
aws ecr put-image-scanning-configuration --region us-east-1 --repository-name cc-docker-web-repo --image-scanning-configuration scanOnPush=true
If you are unable to find the status of the scan on the push column, select the setting button on the right side and enable the status.