ECR image scanning should be enabled
Severity | Exploitability | Providers | Categories |
---|---|---|---|
HIGH | HIGH | AWS | SECRET |
Description
Amazon ECR provides the repository that stores all the code that has been
packaged as a Docker image in order to deploy application images and artifacts.
Image scanning should be enabled with the scan_on_push
parameter to
automatically identify vulnerabilities within the Common Vulnerabilities and Exposures
(CVEs) database from the open-source Clair project. It can be checked
within the container images each time a new version of an image is pushed.
Impact
Potential data exposure | Visible in logs | User interaction required | Privileges required |
---|---|---|---|
False | False | False | False |
Vulnerabilities within images would not be identified for remediation.
Remediation guidelines
Enable ECR image scanning with scan_on_push
parameter.