Announcing Image Scanning for Amazon ECR
Today, AWS is announcing general availability of Image Scanning for Amazon Elastic Container Registry. Amazon ECR is a fully managed container registry that makes it easy for developers to store, manage and deploy container images. Image Scanning is an automated vulnerability assessment feature in ECR that helps improve the security of your application’s container images by scanning them for a broad range of operating system vulnerabilities.
You can enable image scans on push for your repositories to ensure every image is automatically checked against an aggregated set of Common Vulnerabilities and Exposures (CVEs). This can help you automate detection and responses to container image vulnerabilities prior to promoting and deploying into production. You can also scan images using an API command, allowing you to set up periodic scans for running container images to ensure continued monitoring. ECR notifies you when a scan completes, and results are available in the console and over the API.
Image Scanning for Amazon ECR is available at no additional charge, and you can now use it in all commercial AWS Regions and GovCloud (US). To learn more, see Image Scanning in the Amazon ECR User Guide. To get started, go to the ECR console in your AWS account, or use the CLI to enable ‘scan on push’ for your repositories.