enable-image-scans
Default Severity: high
Explanation
Repository image scans should be enabled to ensure vulnerable software can be discovered and remediated as soon as possible.
Possible Impact
The ability to scan images is not being used and vulnerabilities will not be highlighted
Suggested Resolution
Enable ECR image scanning
Insecure Example
The following example will fail the aws-ecr-enable-image-scans check.
resource "aws_ecr_repository" "bad_example" {
name = "bar"
image_tag_mutability = "MUTABLE"
image_scanning_configuration {
scan_on_push = false
}
}
Secure Example
The following example will pass the aws-ecr-enable-image-scans check.
resource "aws_ecr_repository" "good_example" {
name = "bar"
image_tag_mutability = "MUTABLE"
image_scanning_configuration {
scan_on_push = true
}
}