scan on push deprecated

alexjurkiewicz / ecr-scan-image

Github Action to run AWS ECR vulnerability scan on Docker image

MIT License

28 stars 23 forks source link

scan on push deprecated #22

Open donfirst opened 2 years ago

donfirst commented 2 years ago

AWS introduced a scanning policy for ECR. You can find that feature here AWS ACCOUNT-> ECS->REPOSITORIES- PRIVATE REGISTRY SCANNING

The old one scan on push depracated

alexjurkiewicz commented 2 years ago

How do you propose this action should work?

On Thu, 12 May 2022 at 00:03, donfirst @.***> wrote:

AWS introduced a scanning policy for ECR. You can find that feature here AWS ACCOUNT-> ECS->REPOSITORIES- PRIVATE REGISTRY SCANNING

The old one scan on push depracated And this git action method doesn't work when scan on push is disabled

— Reply to this email directly, view it on GitHub https://github.com/alexjurkiewicz/ecr-scan-image/issues/22, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAC4U5JI6AMUMQV5VZ3NETDVJO43NANCNFSM5VVBYKVA . You are receiving this because you are subscribed to this thread.Message ID: @.***>

donfirst commented 2 years ago

Sorry for the late answer: 1) log in to was 2)in the service search. - put ecs 3)In the ecs console click into Repositories ( AMAZON ECR SECTION) 4) Choose a private registry ( the first one - the top one on the right side menu) 5) choose the scanning for basic scanning, the github action works but if you will switch to Enhanced scanning

and enable "Scan on push all repositories"

You would be able to see the error from GitHub action

I believe that this GitHub action should work exactly as it's worked now :-).Enhanced scan gives much more information

Best Regards Pete

bogdannazarenko commented 2 years ago

Ran into the same issue. I am using Enhanced scanning

##[debug]Entering main
##[debug]Repository:MASKED, Tag:MASKED, Ignore list:
##[debug]Checking for existing findings
Requesting image scan
Error: This feature is disabled

bogdannazarenko commented 2 years ago

@alexjurkiewicz I think by simply removing the following startScan https://github.com/alexjurkiewicz/ecr-scan-image/blob/master/index.js#L173 would solve this. Are you still maintaining this project? Will you approve a pull request?

alexjurkiewicz commented 2 years ago

Yes I would!

On Fri, 29 July 2022, 03:29 Bogdan Nazarenko, @.***> wrote:

@alexjurkiewicz https://github.com/alexjurkiewicz I think by simply removing the following startScan https://github.com/alexjurkiewicz/ecr-scan-image/blob/master/index.js#L173 would solve this. Are you still maintaining this project? Will you approve a pull request?

— Reply to this email directly, view it on GitHub https://github.com/alexjurkiewicz/ecr-scan-image/issues/22#issuecomment-1198436135, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAC4U5J5C3PUEUUDRLE2OOLVWK7PVANCNFSM5VVBYKVA . You are receiving this because you were mentioned.Message ID: @.***>