Skip to content

Commit

Permalink
Merge pull request #5 from centriascolocation/feature/2-ecr-scan-on-push
Browse files Browse the repository at this point in the history
scan all ECRs for scan-on-push
  • Loading branch information
Michael Krieg authored Jan 20, 2021
2 parents f7e51e2 + a4596c0 commit aadefd6
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 0 deletions.
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ Batteries included:
* all your S3 Buckets are not public and encrypted (per Region) :white_check_mark:
* Organizations :white_check_mark:
* all your EBS volumes should be encrypted (per region) :white_check_mark:
* ECR: Test that images are scanned for vulnerabilities at a push to repository

## Usage

Expand Down
12 changes: 12 additions & 0 deletions controls/99-ecr.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
title '99 ECR Scan On Push'

control 'ecr-repositories-99.3' do
title 'ECR scan on push is activated'
desc 'Test that images are scanned for vulnerabilities at a push to repository'

aws_ecr_repositories.names.each do |repository_name|
describe aws_ecr_repository(repository_name) do
its('image_scanning_configuration.scan_on_push') { should eq true }
end
end
end

0 comments on commit aadefd6

Please sign in to comment.