ECR image scanning should be enabled
| Severity | Exploitability | Providers | Categories |
|---|---|---|---|
| HIGH | HIGH | AWS | SECRET |
Description
Amazon ECR provides the repository that stores all the code that has been
packaged as a Docker image in order to deploy application images and artifacts.
Image scanning should be enabled with the scan_on_push parameter to
automatically identify vulnerabilities within the Common Vulnerabilities and Exposures
(CVEs) database from the open-source Clair project. It can be checked
within the container images each time a new version of an image is pushed.
Impact
| Potential data exposure | Visible in logs | User interaction required | Privileges required |
|---|---|---|---|
| False | False | False | False |
Vulnerabilities within images would not be identified for remediation.
Remediation guidelines
Enable ECR image scanning with scan_on_push parameter.
References
Was this page helpful?
