All Collections
Setting up container scanning
Cloud Provider Registries
Container scanning for AWS ECR with AWS Inspector
Container scanning for AWS ECR with AWS Inspector
Willem Delbare avatar
Written by Willem Delbare
Updated over a week ago

Aikido can seamlessly integrate with AWS ECR. Docker image findings are extracted via the AWS Inspector2 API or via our own Aikido Scanner (recommended).

Aikido will use the findings reported by Inspector and run them through the same deduplication and de-noising engine you are familiar with. Let's dive into the details of this new functionality and how to enable it.

Step 1: Connect your AWS Environment

As a prerequisite, your AWS environment must be connected to Aikido. If you have not done this already, navigate to the cloud overview in Aikido. Click on "Connect cloud" and follow the steps to get set up. More information in this article.

Step 2: Enable the Amazon Inspector

Log in to your AWS console and navigate to the Amazon inspector service in the region(s) where your images are stored. Click on "Get Started" and activate the inspector.

Alternatively, you enable this from within Aikido during the setup.

Step 3: Push the latest version of your images to ECR again

Amazon Inspector will only scan newly pushed imags for vulnerabilities. So for the analysis to start on your images, you should push the latest version of your images again to their respective ECR repositories.

Important note. Amazon uses a pay-per-push modal, so for every push a fee will be incurred.

Step 4. Start a Scan in Aikido to process the results

Once Amazon inspector is enabled for the region, AWS will automatically scan all your latest images for vulnerabilities and make them accessible to acquire via the API.

Step 5. Link Images

Link images: The last step is to link a cloud image to a code repository. Go to the 'Images' tab on the cloud detail page and link the images to the code repository where the source code is hosted.

Once the cloud images are linked to the code repositories, Aikido will assess and score the findings from AWS Inspector/ECR and link them to the related cloud environment and code repository.

Important note.

If you are using AWS Inspector, be aware that scanning costs on a pay-per-push basis. Depending on the number of pushes you are doing on a weekly basis, this cost can go up. Feel free to check out the Aikido Scanner which has a broader coverage and allows for unlimited scans on any free plan.

Did this answer your question?