Amazon Inspector doesn't show ECR container critical package issues under "Critical findings"
We've an odd issue with Amazon inspector.
Recently we've pushed multiple Docker images into private ECR repositories, and we're scanning them with "Enhanced scanning" and "Continuously scan all repositories" - we have no scanning overrides on individual repositories and no suppression rules; our "*" filter is actively scanning all images. The scan results appear fine in ECR if you select a repository then click the "See findings" link under "Vulnerabilities" - we see critical package vulnerabilities.
However: in Inspector, the "Critical findings" panel of the dashboard always displays "0 Critical" under "ECR Container". It also doesn't show the critical issue findings if you filter "By container image" or "By repository" - nothing. But: if you select "All findings" the critical ECR package issues are visible...
We had thought this might be some sort of dashboard update issue, but it's been like that for over 12 hours now. What do we need to do to get our scanned critical ECR image vulnerabilities reported on the main Inspector dashboard stats?
I really think Inspector is just broken in our account - I've now noticed it's also not categorising a handful of Critical EC2 issues on the main dashboard too, so it's not just ECR image Criticals it's ignoring.
Out of desperation, I just disabled it, deleted the service role it had created, and re-enabled it (letting it recreate the service role).
Same result: 0 Critical findings on the dashboard pan el, even though when you click on the "0 Critical" it opens up to display all of the actual Critical vulnerabilities that are there. This is a big problem for us as we use a third party integration that queries Inspector and, at the moment, its main status is informing it that "Everything is OK", when it isn't...
What can we do to resolve this?
Amazon Inspector v2 ECR enhanced scans are not finding expected vulnerabilitiesasked 4 months ago
Inspector2 dashboard issue in the delegated admin account
Amazon ECR Enhanced scanningasked 5 months ago
Docker licensing impacts to ECR, EKSasked 4 months ago
Amazon Inspector doesn't show ECR container critical package issues under "Critical findings"asked 7 days ago
inspector2 scan frequencyAccepted Answerasked 4 months ago
False positive in ECR container image detected by AWS Inspector v2 related with com.fasterxml.jackson.core:jackson-databind?asked 4 months ago
Can you use an Amazon ECR private repository with LightSail?Accepted Answerasked 5 months ago
Inspector2 ecr scanning
How to push multi-arch docker image built with docker-compose to ECRasked 5 months ago