2 Answers
- Newest
- Most votes
- Most comments
0
Thank you for the feedback; the new version is in preview and we will take this feedback into consideration as we plan for GA. In the meantime, you can use the previous version of scanning that is currently in GA if you need this capability.
answered 21 days ago
-1
I believe you need to call DescribeImageScanFindings
to see the findings
The new version of basic scanning does not support imageScanFindingsSummary and imageScanStatus in the DescribeImages API. To view these, use the DescribeImageScanFindings API.
Updated Answer with the offical Important differences https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning.html
Relevant content
- Accepted Answerasked 2 years ago
- asked 3 months ago
- asked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 7 months ago
Updated answer with offical differences which answers the question
Hi, thanks for the quick response.
I understand about the API, but calling it for every single image wouldn't be efficient, especially for repositories with a large volume of images.
Ideally, there would be an API that retrieves data for multiple images or even for an entire repository, similar to what enhanced scanning offers using the inspector v2 apia
With either version of Amazon ECR basic scanning enabled on your private registry, you can configure repository filters to specify which repositories are set to scan on push or you can perform manual scans. Amazon ECR provides a list of scan findings. Each container image may be scanned once per 24 hour
Afraid I am only sharing the official AWS documentation. You would only scan the image you uploaded with basic scanning so there’s no need to retrospectively enumerate unless your using enhanced scanning. Also best practice for ECR is to have a lifecycle policy to delete images.
I'm sorry but i'm not following your line of answers. my problem is that previously i had the option to list all images in one api call, and inside the response i could see which image was already scanned or not, and then decide how i want to proceed (sometimes i will trigger a scan and sometime i wont)
with the new version, i need to call the DescribeImageScanFindings for every image (out of thousands) !
i dont understand why the "Improved" version breaks this functionality without providing any alternative.