AWS Config Rule: ECR Private Image Scanning Enabled
ECR_PRIVATE_IMAGE_SCANNING_ENABLED
Eduardo Van Cauteren
Last Update 10 เดือนที่แล้ว
Description: Checks if a private Amazon Elastic Container Registry (ECR) repository has image scanning enabled. The rule is NON_COMPLIANT if the private ECR repository's scan frequency is not on scan on push or continuous scan.
Trigger type: Periodic
AWS Region: All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region
How to Resolve Manually
This config rule checks if Image Scanning is enabled for a particular Amazon Elastic Container Registry (ECR) repository. If the Scan on Push feature is disabled, the rule will be marked as non-compliant.
In order to resolve this, head on over Amazon ECR service within AWS Console, go to Repositories and click on the repository to enable image scanning. Click the Edit button then toggle on the Scan on push option then click on Save.
Check the following screenshot for further reference:
Want to know more about StackZone and how to make your cloud management simple and secure?
Check our how it works section with easy to follow videos or just create your own StackZone Account here
