By using AWS re:Post, you agree to the Terms of Use
AWS re:Postre:Post
/Amazon Inspector doesn't show ECR container critical package issues under "Critical findings"/

Amazon Inspector doesn't show ECR container critical package issues under "Critical findings"

0

Hi,

We've an odd issue with Amazon inspector.

Recently we've pushed multiple Docker images into private ECR repositories, and we're scanning them with "Enhanced scanning" and "Continuously scan all repositories" - we have no scanning overrides on individual repositories and no suppression rules; our "*" filter is actively scanning all images. The scan results appear fine in ECR if you select a repository then click the "See findings" link under "Vulnerabilities" - we see critical package vulnerabilities.

However: in Inspector, the "Critical findings" panel of the dashboard always displays "0 Critical" under "ECR Container". It also doesn't show the critical issue findings if you filter "By container image" or "By repository" - nothing. But: if you select "All findings" the critical ECR package issues are visible...

We had thought this might be some sort of dashboard update issue, but it's been like that for over 12 hours now. What do we need to do to get our scanned critical ECR image vulnerabilities reported on the main Inspector dashboard stats?

Thanks.

Dashboard Findings: Criticals 0

Container Image Findings: Empty

All Findings - Criticals present and correct

Topics
ContainersSecurity Identity & ComplianceDevOps
Tags
Amazon Elastic Container Registry (ECR)Amazon InspectorDevOps
AWS-User-5399631
asked 7 days ago4 views
1 Answers
0

I really think Inspector is just broken in our account - I've now noticed it's also not categorising a handful of Critical EC2 issues on the main dashboard too, so it's not just ECR image Criticals it's ignoring.

Out of desperation, I just disabled it, deleted the service role it had created, and re-enabled it (letting it recreate the service role).

Same result: 0 Critical findings on the dashboard pan el, even though when you click on the "0 Critical" it opens up to display all of the actual Critical vulnerabilities that are there. This is a big problem for us as we use a third party integration that queries Inspector and, at the moment, its main status is informing it that "Everything is OK", when it isn't...

What can we do to resolve this?

AWS-User-5399631
answered 6 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant questions