By using AWS re:Post, you agree to the Terms of Use

Inspector2 ecr scanning


Ive a repo with couple of images. inspector2 generates findings only for the first image, for the rest I only see a "No scan findings" message in ECR. I can hardly imagine that only a single image has any issues as all the images are the earlier builds of that image and for sure they have vulnerabilities. is there any way to find out if those images are actually scanned?

3 Answers

btw if someone from AWS actually reads this, would be nice to display this on the UI somehow. eg image is not scanned due to its age or somthing like this. if I goto a repo with old images, I see a No findings to display message. this suggest that my images are OK, but in reality they were not scanned at all :)

answered 10 months ago
  • Thanks for the feedback. I'm happy to raise this request to our service teams to add a UI message.


As far as I've tried, if the repository is subject to continuous scanning and the image is within 30 days of being pushed, Inspector will automatically scan it.

For more information about the 30-day limit, please refer to the following document

profile picture
answered 10 months ago
  • ah, forgot about the 30 day limit, many thanks


You might want to try pushing a trivial change to the repo to see if Inspector v2 continuous scanning picks it up and scans the repo.

answered 9 months ago
  • sure, hayao-k was correct, in our case images were older then 30 days.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions