Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(bootstrap): Enable ECR ScanOnPush by default #17581

Closed
1 of 2 tasks
xeroxnir opened this issue Nov 19, 2021 · 8 comments
Closed
1 of 2 tasks

(bootstrap): Enable ECR ScanOnPush by default #17581

xeroxnir opened this issue Nov 19, 2021 · 8 comments
Labels
effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p1 package/tools Related to AWS CDK Tools or CLI

Comments

@xeroxnir
Copy link

Description

Hello,

Enable ScanOnPush (no additional charge) for CDK bootstrap default ECR Registry. See related resource definition

Use Case

Building containers using DockerImageAsset, would be important to have visibility into their security vulnerabilities.

Proposed Solution

    Type: AWS::ECR::Repository
    Properties:
      RepositoryName:
        Fn::If:
          - HasCustomContainerAssetsRepositoryName
          - Fn::Sub: "${ContainerAssetsRepositoryName}"
          - Fn::Sub: cdk-${Qualifier}-container-assets-${AWS::AccountId}-${AWS::Region}
       ImageScanningConfiguration: 
         ScanOnPush: true

Other information

No response

Acknowledge

  • I may be able to implement this feature request
  • This feature might incur a breaking change
@xeroxnir xeroxnir added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Nov 19, 2021
@github-actions github-actions bot added the package/tools Related to AWS CDK Tools or CLI label Nov 19, 2021
@rix0rrr
Copy link
Contributor

rix0rrr commented Nov 22, 2021

I'd love to do this, before before we do it I have an open question to ECR team if there are any downsides to enabling this feature for everyone. I would like to hear back from them before we move on this.

@rix0rrr rix0rrr added effort/small Small work item – less than a day of effort p1 and removed needs-triage This issue or PR still needs to be triaged. labels Nov 22, 2021
@rix0rrr rix0rrr removed their assignment Nov 22, 2021
@Hi-Fi
Copy link
Contributor

Hi-Fi commented Jan 26, 2022

Seems that this is closed already with #17994

@jeffshep
Copy link

jeffshep commented Dec 16, 2022
edited
Loading

Is there some regression on this feature? It doesn't appear to be in the latest version of the bootstrap CloudFormation file?

@TheRealAmazonKendra
Copy link
Contributor

Removed in #21342

@TheRealAmazonKendra
Copy link
Contributor

Given the comment on that PR about scanning at the repo level being deprecated, is this still a valid issue?

@jeffshep
Copy link

From my perspective it felt like an out-of-the-box configuration that should have been enabled. However, given the constraints described about applying this globally in #21342 , I'd agree it doesn't fit here

@madeline-k
Copy link
Contributor

Closing as it looks like this issue is no longer needed. If you think this issue was closed in error, please open a new issue! We will not see any further comments on this one.

@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p1 package/tools Related to AWS CDK Tools or CLI
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@rix0rrr @Hi-Fi @xeroxnir @jeffshep @TheRealAmazonKendra @madeline-k