Since you have continuous scanning enabled, you can change the approach a little bit. Rather than trigger an Event Bridge -> Lambda on Image push you can trigger the same logic on completion of scan. Details about Event Bridge event on completion of scan can be found in the section - "Event for an initial image scan (enhanced scanning)" in this document. It gives a nice summary of findings by severity.
About 2/3 months before continuous scanning was a thing, I had written ECR Scan Reporter | docs which I use mostly with the ECS definitions scanning (so I didn't scan all the images, only the ones I used).
I specifically used SQS as the middle man here so that I can perform retries when there are too many API calls (which in repositories with 100s of images, definitely did get). But also that way I am truly waiting on events, there is no direct / sync dependencies between the trigger of the scan, the execution of the scan, and the evaluation of the scan.
Export lightsail container service image to ECRasked 2 months ago
Amazon ECR Enhanced scanningasked 8 months ago
Robomaker doesn't push docker images into ECRAccepted Answerasked 3 months ago
Amazon Linux 2022 ECR Basic Scanasked 5 days ago
Solution to delete new ECR images, from PutImage actions, that contain CRITICAL vulnerabilitesasked 5 days ago
Amazon Inspector doesn't show ECR container critical package issues under "Critical findings"asked 3 months ago
CloudWatch Rule for ECR "PutImage" event not triggering CodePipelineasked 3 years ago
ECR is not deleting images; how to force layer uploadasked 2 months ago
Can you use an Amazon ECR private repository with LightSail?Accepted Answerasked 8 months ago
Inspector2 ecr scanningasked 8 months ago