Vulnerabilities
Misconfiguration
Runtime Security
Compliance
AWS > Ecr >

Enable Image Scans

HIGH
Source
Trivy
ID
AVD-AWS-0030
cloudformation terraform

ECR repository has image scans disabled.

Repository image scans should be enabled to ensure vulnerable software can be discovered and remediated as soon as possible.

Impact

Follow the appropriate remediation steps below to resolve the issue.

Enable ECR image scanning

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

Resources:
  GoodExample:
    Type: AWS::ECR::Repository
    Properties:
      RepositoryName: "test-repository"
      ImageTagImmutability: IMMUTABLE
      ImageScanningConfiguration:
        ScanOnPush: True
      EncryptionConfiguration:
        EncryptionType: KMS
        KmsKey: "alias/ecr-key"

Enable ECR image scanning

1
2
3
4
5
6
7
8
9

 resource "aws_ecr_repository" "good_example" {
   name                 = "bar"
   image_tag_mutability = "MUTABLE"
 
   image_scanning_configuration {
     scan_on_push = true
   }
 }
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use