aws
[ECR] [request]: Filtering for Image Scan Results
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Tell us about your request Provide the customers with the ability to filter scan results by "Severity" and "Image Age".
Which service(s) is this request for? ECR
Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard? "We have 100s of repos with 1000s of images. This means we’d have to return tens (or 100s?) of thousands of results and then parse through them to come up with anything actionable. Ideally there would be filters for the severity of the findings and/or the age of the image."
Are you currently working around this issue?
Additional context
Attachments If you think you might have additional information that you'd like to include via an attachment, please do - we'll take a look. (Remember to remove any personally-identifiable information.)
When using ECR's enhanced scanning, you can get some of this by using Inspector's ListFindings API directly. Example:
aws inspector2 list-findings --filter-criteria="awsAccountId=[{comparison="EQUALS",value="${accountId"}],severity=[{comparison="EQUALS",value="CRITICAL"}]"
https://docs.aws.amazon.com/inspector/v2/APIReference/API_ListFindings.html
