ECR image scanning should be enabled
- GG_ID: GG_IAC_0039
- Severity: HIGH
- Complexity: LOW
- Categories: SECRET
- Providers: AWS
- Potential data exposure: False
- Visible in logs: False
- User interaction required: False
- Privileges required: False
Amazon ECR provides the repository that stores all the code that has been
packaged as a Docker image in order to deploy application images and artifacts.
Image scanning should be enabled with the
scan_on_push parameter to
automatically identify vulnerabilities within the Common Vulnerabilities and Exposures
(CVEs) database from the open-source Clair project. It can be checked
within the container images each time a new version of an image is pushed.
Vulnerabilities within images would not be identified for remediation.
Enable ECR image scanning with