AWS Inspector for AWS ECR

Aikido can seamlessly integrate with AWS ECR. Docker image findings are extracted via the AWS Inspector2 API or via our own Aikido Scanner (recommended).

Aikido will use the findings reported by Inspector and run them through the same deduplication and de-noising engine you are familiar with. Let's dive into the details of this new functionality and how to enable it.

Step 1: Connect your AWS Environment

As a prerequisite, your AWS environment must be connected to Aikido. If you have not done this already, navigate to the cloud overview in Aikido. Click on "Connect cloud" and follow the steps to get set up. More information in this article.

Step 2: Enable the Amazon Inspector

Log in to your AWS console and navigate to the Amazon inspector service in the region(s) where your images are stored. Click on "Get Started" and activate the inspector.

Alternatively, you enable this from within Aikido during the setup.

Step 3: Push the latest version of your images to ECR again

Amazon Inspector will only scan newly pushed imags for vulnerabilities. So for the analysis to start on your images, you should push the latest version of your images again to their respective ECR repositories.

Step 4. Start a Scan in Aikido to process the results

Once Amazon inspector is enabled for the region, AWS will automatically scan all your latest images for vulnerabilities and make them accessible to acquire via the API.

Step 5. Link Images

Link images: The last step is to link a cloud image to a code repository. Go to the 'Images' tab on the cloud detail page and link the images to the code repository where the source code is hosted.

Once the cloud images are linked to the code repositories, Aikido will assess and score the findings from AWS Inspector/ECR and link them to the related cloud environment and code repository.

Discover Integration Details →