Unscanned ECR Image

• Query id: 9630336b-3fed-4096-8173-b9afdfe346a7
• Query name: Unscanned ECR Image
• Platform: Terraform
• Severity: Low
• Category: Observability
• CWE: 1021
• URL: Github

Description

Checks if the ECR Image has been scanned
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file

resource "aws_ecr_repository" "positive1" {
  name                 = "img_p_2"
  image_tag_mutability = "MUTABLE"
}

resource "aws_ecr_repository" "positive2" {
  name                 = "img_p_1"
  image_tag_mutability = "MUTABLE"

  image_scanning_configuration {
    scan_on_push = false
  }
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file

resource "aws_ecr_repository" "negative1" {
  name                 = "bar"
  image_tag_mutability = "MUTABLE"

  image_scanning_configuration {
    scan_on_push = true
  }
}