I want to publish ECR vulnerability scan results to my Slack channel. I successfully configured EventBridge rule for AWS Inspector Scan and I'm receiving the messages in Slack.
However the message looks pretty unusable:
Inspector2 Scan | eu-central-1 | Account: 123456789012
Inspector2 Scan
Related resources
• arn:aws:ecr:eu-central-1:123456789012:repository/my-app
It doesn't show the most important information, which are the findings, e.g. from the SNS message:
{
"version": "0",
"id": "739c0d3c-4f02-85c7-5a88-94a9EXAMPLE",
"detail-type": "Inspector2 Scan",
"source": "aws.inspector2",
"account": "123456789012",
"time": "2021-12-03T18:03:16Z",
"region": "us-east-2",
"resources": [
"arn:aws:ecr:us-east-2:123456789012:repository/amazon/amazon-ecs-sample"
],
"detail": {
"scan-status": "INITIAL_SCAN_COMPLETE",
"repository-name": "arn:aws:ecr:us-east-2:123456789012:repository/amazon/amazon-ecs-sample",
"finding-severity-counts": {
"CRITICAL": 7,
"HIGH": 61,
"MEDIUM": 62,
"TOTAL": 158
},
"image-digest": "sha256:36c7b282abd0186e01419f2e58743e1bf635808231049bbc9d77e5EXAMPLE",
"image-tags": [
"latest"
]
}
}
Is there any way to preprocess the final Slack message to include some additional information from the SNS event?
Did you solve the problem here?