Where is the event for ECR scan on push for container image with vulnerabilities

0

Security hub is enabled in one of the region, us-east-1 and all the resources are in the region. I am attempting to write a Lambda function which takes an event which occurs when an image is uploaded to ecr repo and scan on push is enabled. I have granted Lambda role over permissive actions for the sake of simplicity.

Lambda Role Permissions

My first question is, where or how can I find an event that shows the vulnerabilities in an uploaded image? I tried uploading an intentional vulnerable php image, in the console I can see that the image has vulnerabilities, but I don't see an event in cloudtrail under ecr.amazonaws.com which shows the detected vulnerabilities.

1 Answer
1
Accepted Answer

Have you checked this Document?

https://docs.aws.amazon.com/AmazonECR/latest/userguide/ecr-eventbridge.html

I think you can catch the event by selecting AWS as the service provider, ECR as the service name, and ECR Image Scan as the event type in the Event Bridge rules.

The following questions may also be helpful.

https://repost.aws/ja/questions/QU0nS7C0mSQymHWTMd9OgoQw/ecr-enhanced-scanning-eventbridge

profile picture
EXPERT
shibata
answered 8 months ago
profile picture
EXPERT
reviewed 7 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions