Enable ECR alerts

[AntonyBishop]

Background

We have ECR scanning enabled. This scanning will help identify potential vulnerabilities and improve security on the platform.

However, visibility of alerts for vulnerabilities isn't very easy of users to access.

Proposed user journey

As a Service Team I can be alerted of potential image vulnerabilities in my Slack channel so that I can fix image issues so that security of my application is improved, and so that security risk is decreased/mitigated.

Approach

• Identify how we link a Teams ECR scanning results to their Slack channel.
• Enable alerting

Which part of the user docs does this impact

Possible updates to - https://user-guide.cloud-platform.service.justice.gov.uk/documentation/getting-started/ecr-setup.html#creating-an-ecr-repository

Questions / Assumptions

• How often to we alert?
• What level of severity do we alert at?
• Do we need to communicate changes in advance (probably).

Definition of done

• [ ] Users will now be notified of ECR scanning alerts

Reference

How to write good user stories