Amazon Elastic Container Registry (ECR) introduces a significant upgrade to its basic scanning feature, now in preview. This new version leverages Amazon’s own scanning technology to deliver improved vulnerability detection and scanning results across a wider range of popular operating systems. By utilizing this enhanced basic scanning, you can significantly strengthen the security posture of your container images.
Improved Vulnerability Detection and Broader OS Support
ECR basic scanning helps identify software vulnerabilities within your container images. You can choose to scan images manually or configure repositories for automatic scans on image push. Today’s launch expands vulnerability detection to encompass popular operating systems and provides more comprehensive scan findings.
Free Preview and Easy Access
The new version of ECR basic scanning is available at no additional cost during the preview period. You can easily try it out through the AWS console. To learn more about ECR basic scanning, this update, and supported regions, visit our documentation [link to ECR basic scanning documentation].
Enhanced Scanning for Additional Security
ECR also offers Enhanced scanning, powered by Amazon Inspector, which provides even greater security benefits. This includes the ability to scan for vulnerabilities in programming language packages. For a detailed comparison between the new basic scanning and Enhanced scanning, refer to our documentation [link to Enhanced scanning].
How to enable Improved Basic Scanning
By default, Amazon ECR enables basic scanning on all private registries.
As a result, unless you’ve changed the scanning settings on your private registry there should be no need to enable basic scanning.
A new version of Amazon ECR basic scanning is now available in preview.
Follow the steps below in order to turn on the improved basic scanning for your private registry (AWS Management Console)
Note: During this public preview, you can only use the AWS Management Console to opt-in for the Improved basic scanning version.
Steps:
- Open the Amazon ECR console.
- In the navigation pane, choose Private registry, Repository.
- At the moment, the page has an information banner to enable to switch to the upgraded basic scanning. Choose Switch.
- The scanning configuration is defined at the private registry level on a per-Region basis. Therefore choose the region on the navigation menu.
- Choose Create Repository.
- Choose Private in Visibility settings.
- Give a name to repository. Such as baranhubtutorialimprovedbasicscan
- (Optional) Enable Scan on push if you would like each image to be scanned automatically after being pushed to a repository. Alternatively, each image can be scanned manually.
- Choose Create repository.
- In the Repository menu, the repository called baranhubtutorialimprovedbasicscan should be seen as below.
- Choose the created repository and then actions > Repository scan filters.
- Confirm if the Basic Scanning type version is “Improved basic scanning”
- On the Scanning configuration page, For Scan type choose Improved basic scanning (In preview) – new.
- By default all of your repositories are set for Manual scanning. You can optionally configure scan on push by specifying Scan on push filters. You can set scan on push for all repositories or individual repositories. For more information, see Using filters.
Serdar Baran
As businesses increasingly rely on cloud infrastructure, securing it with best practices becomes crucial to building the future of technology. – that’s where I come in.
With a strong foundation in cloud security best practices, network security and architectural design, I provide cloud infrastructure solutions tailored safeguard your digital assets against evolving cyber threats.
Let’s connect and discuss how we can collaborate to create secure and efficient cloud solutions.