ECR enhanced scanning is not enabled Affecting ECR service in AWS

Snyk CCSS

Containers / Vulnerabilities

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

Snyk ID SNYK-CC-00762
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Enhanced scanning in ECR decreases the risk of missing critical vulnerabilities in container images, potentially leading to compromised containers and applications.

How to fix?

Set the scan_type attribute to ENHANCED in the aws_ecr_registry_scanning_configuration resource.

Example Configuration

resource "aws_ecr_registry_scanning_configuration" "allowed" {
  scan_type = "ENHANCED"
  rule {
    scan_frequency = "CONTINUOUS_SCAN"
    repository_filter {
      filter      = "example_762a"
      filter_type = "WILDCARD"
    }
  }
}

Terraform

aws_ecr_registry_scanning_configuration

ECR enhanced scanning is not enabled Affecting ECR service in AWS

Severity

Description

How to fix?

Example Configuration

Terraform