/
AWS-ECR-Scan-on-ECR-Image-Push-Disabled

AWS-ECR-Scan-on-ECR-Image-Push-Disabled

Owned by naveen
Last updated: Jan 24, 2022
1 min read

Severity : Medium

Description : Ensures ECR image scan on push.

Description: This control ensures that ECR repository have enabled image scanning when images are pushed to the repositories. ECR uses the Common Vulnerabilities and Exposures (CVEs) database and provides a list of scan findings and ECR image scanning helps in finding out the software vulnerabilities in container images. If scan on push is enabled for a repository, new images being pushed are scanned automatically and findings are logged in cloud watch. Its recommended to enable the scanning on the images.

Remediation Steps:

Perform following to to update the ECR Policy :

  1. Login to the AWS Management Console at https://console.aws.amazon.com.

  2. From service menu, Open the Amazon ECR console.

  3. In the navigation pane, choose Repositories.

  4. On the Repositories page, choose the repository to reconfigure.

  5. Select Edit.

  6. Under Image scan settings section, Enable Scan on push.

  7. Click Save.

Important:

Reference:

 

Related content

AWS-ALB-WAF-ACL
AWS-ALB-WAF-ACL
Blue Hexagon Documentation
Read with this
AWS-ECR-ECR-Repository-Policy
AWS-ECR-ECR-Repository-Policy
Blue Hexagon Documentation
More like this
AWS-EC2-Public-Instances-Without-Instance-Profiles
AWS-EC2-Public-Instances-Without-Instance-Profiles
Blue Hexagon Documentation
Read with this
AWS-EKS-EKS-Kubernetes-Version
AWS-EKS-EKS-Kubernetes-Version
Blue Hexagon Documentation
More like this
AWS-ECR-Image-Vulnerabilities
AWS-ECR-Image-Vulnerabilities
Blue Hexagon Documentation
Read with this
AWS-CloudTrail-is-not-enabled-with-multi-trail-and-not-capturing-all-management-events
AWS-CloudTrail-is-not-enabled-with-multi-trail-and-not-capturing-all-management-events
Blue Hexagon Documentation
More like this

Blue Hexagon Proprietary