Inspector2 ecr scanning

0

Ive a repo with couple of images. inspector2 generates findings only for the first image, for the rest I only see a "No scan findings" message in ECR. I can hardly imagine that only a single image has any issues as all the images are the earlier builds of that image and for sure they have vulnerabilities. is there any way to find out if those images are actually scanned?

3 回答
1

btw if someone from AWS actually reads this, would be nice to display this on the UI somehow. eg image is not scanned due to its age or somthing like this. if I goto a repo with old images, I see a No findings to display message. this suggest that my images are OK, but in reality they were not scanned at all :)

fpg
已回答 3 年前
  • Thanks for the feedback. I'm happy to raise this request to our service teams to add a UI message.

0

As far as I've tried, if the repository is subject to continuous scanning and the image is within 30 days of being pushed, Inspector will automatically scan it.

For more information about the 30-day limit, please refer to the following document
https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning-enhanced.html

profile picture
hayao-k
已回答 3 年前
  • ah, forgot about the 30 day limit, many thanks

0

You might want to try pushing a trivial change to the repo to see if Inspector v2 continuous scanning picks it up and scans the repo.

klarson
已回答 3 年前
  • sure, hayao-k was correct, in our case images were older then 30 days.

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则