LoginSignup
2
0

More than 3 years have passed since last update.

@dharada1in株式会社エウレカ

[awscli] ECRの脆弱性スキャンでプッシュ時解析を全リポジトリ一括enableする

Last updated at Posted at 2019-10-29

Image Scanning for Amazon ECR がきたので、全リポジトリでScan On Pushを有効化してみました。

先にawsコマンドをupgradeしておく

aws ecr put-image-scanning-configuration という新しいコマンドを使いたいため

$ pip3 install awscli --upgrade --user

$ aws --version                                                               
aws-cli/1.16.268 Python/3.7.3 Darwin/17.7.0 botocore/1.13.4

Scan On PushをすべてのECRリポジトリで有効にする

REPOSITORIES=`aws ecr describe-repositories --region ap-northeast-1 | jq .repositories | jq .[] | jq .repositoryName -r`

while read line
do
  aws ecr put-image-scanning-configuration --repository-name $line --image-scanning-configuration scanOnPush=true --region ap-northeast-1
done <<END
$REPOSITORIES
END

結果

スクリーンショット_2019-10-29_12_00_49.png

参考

https://aws.amazon.com/jp/about-aws/whats-new/2019/10/announcing-image-scanning-for-amazon-ecr/
https://aws.amazon.com/jp/blogs/containers/amazon-ecr-native-container-image-scanning/
https://docs.aws.amazon.com/ja_jp/AmazonECR/latest/userguide/image-scanning.html
https://dev.classmethod.jp/cloud/aws/ecr-repository-scan/

2
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
2
0