ECR Container Image Re-Scan

Based entirely on Michael Hausenblas's implementation

Just ported some of the functionality to use Serverless instead + removed the need for init buckets

Serverless Deploy

serverless deploy

Test

Retrieve the endpoint created for you and export a variable containing it.

# Serverless: Stack update finished...
# endpoints:
#   POST - https://jn03zi6twg.execute-api.us-east-1.amazonaws.com/dev/configs
#   DELETE - https://jn03zi6twg.execute-api.us-east-1.amazonaws.com/dev/configs/{id}
#   GET - https://jn03zi6twg.execute-api.us-east-1.amazonaws.com/dev/configs
#   GET - https://jn03zi6twg.execute-api.us-east-1.amazonaws.com/dev/summary
#   GET - https://jn03zi6twg.execute-api.us-east-1.amazonaws.com/dev/findings/{id}

export ECRSCANAPI_URL="https://jn03zi6twg.execute-api.us-east-1.amazonaws.com/dev"

Create the demo repo

./container_push.sh

Add a configuration file

curl -s --header "Content-Type: application/json" --request POST --data @sample-config.json $ECRSCANAPI_URL/configs/

Issues

You might get rate limited from the ECR Vuln scanner

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
configs		configs
findings		findings
start-scan		start-scan
summary		summary
.gitignore		.gitignore
Dockerfile		Dockerfile
Gopkg.lock		Gopkg.lock
Gopkg.toml		Gopkg.toml
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
container_push.sh		container_push.sh
rate-limits.png		rate-limits.png
serverless.yml		serverless.yml

License

t04glovern/aws-ecr-continuous-scan

Folders and files

Latest commit

History

Repository files navigation

ECR Container Image Re-Scan

Serverless Deploy

Test

Create the demo repo

Add a configuration file

Issues

About

Topics

Resources

License

Stars

Watchers

Forks

Languages