-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
core: ContainerAssetsRepository fails security controls from cdk bootstrap #25966
Comments
Yes it makes sense! Making it p1 feature request. |
Hi We used to have this feature but removed it. Please check this PR description: |
This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled. |
Commenting to keep this alive until I return from leave. I think the linked PR is the right move, I just want to confirm one detail |
|
Describe the bug
The ECR repository made during bootstrap doesn't have image scanning enabled [1]. This causes SecurityHub to mark it as failing ECR.1 [2]
[1] https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk/lib/api/bootstrap/bootstrap-template.yaml#L234
[2] https://docs.aws.amazon.com/securityhub/latest/userguide/ecr-controls.html#ecr-1
Expected Behavior
SecurityHub doesn't find issues
Current Behavior
SecurityHub finds issues
Reproduction Steps
Bootstrap an account with SecurityHub enabled. You don't seem to need to push anything to the repository (mine is empty).
Possible Solution
The
AWS::ECR::Repository
should gainImageScanningConfiguration
. I believe basic image scanning is freeAdditional Information/Context
No response
CDK CLI Version
2.81.0 (build bd920f2)
Framework Version
No response
Node.js Version
v16.10.0
OS
Windows 11
Language
Typescript
Language Version
No response
Other information
No response
The text was updated successfully, but these errors were encountered: