Where is the event for ECR scan on push for container image with vulnerabilities

Question

Security hub is enabled in one of the region, `us-east-1` and all the resources are in the region. I am attempting to write a Lambda function which takes an event which occurs when an image is uploaded to ecr repo and scan on push is enabled. I have granted Lambda role over permissive actions for the sake of simplicity.

![Lambda Role Permissions](/media/postImages/original/IMaAdSClW2QhuL3Ym1Fzhcew)

My first question is, where or how can I find an event that shows the vulnerabilities in an uploaded image? I tried uploading an intentional vulnerable php image, in the console I can see that the image has vulnerabilities, but I don't see an event in cloudtrail under `ecr.amazonaws.com` which shows the detected vulnerabilities.

Accepted Answer

Have you checked this Document?

https://docs.aws.amazon.com/AmazonECR/latest/userguide/ecr-eventbridge.html

I think you can catch the event by selecting AWS as the service provider, ECR as the service name, and ECR Image Scan as the event type in the Event Bridge rules.

The following questions may also be helpful.

https://repost.aws/ja/questions/QU0nS7C0mSQymHWTMd9OgoQw/ecr-enhanced-scanning-eventbridge

Where is the event for ECR scan on push for container image with vulnerabilities

관련 콘텐츠