aws-ecr-scanning-off

Ensure ECR image scanning on push is enabled

Examples

Insecure Example

Terraform

resource "aws_ecr_repository" "scan" {
  name = "scan-example"

  image_scanning_configuration {
    scan_on_push = false
  }
}

CloudFormation

AWSTemplateFormatVersion: "2010-09-09"
Resources:
  MyRepository: 
    Type: AWS::ECR::Repository
    Properties: 
      RepositoryName: "test-repository"
      ImageScanningConfiguration: 
        ScanOnPush: "false"     # Optional by default

Secure Example

Terraform

resource "aws_ecr_repository" "scan" {
  name = "scan-example"

  image_scanning_configuration {
    scan_on_push = true # not triggered by default
  }
}

CloudFormation

AWSTemplateFormatVersion: "2010-09-09"
Resources:
  MyRepository: 
    Type: AWS::ECR::Repository
    Properties: 
      RepositoryName: "test-repository"
      ImageScanningConfiguration: 
        ScanOnPush: "true"

More information

• AWS Docs
• Terraform Docs
• Cloudformation Docs