Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions,
see Getting Started with Amazon Web Services in China
(PDF).
Retrieving the
findings for enhanced scans in Amazon ECR
You can retrieve the scan findings for the last completed enhanced image scan, and
then open the findings in Amazon Inspector to see more detail. The software vulnerabilities
that were discovered are listed by severity based on the Common Vulnerabilities and
Exposures (CVEs) database.
For troubleshooting details for some common issues when scanning images, see Troubleshooting image scanning in
Amazon ECR.
- Amazon Web Services Management Console
-
Use the following steps to retrieve image scan findings using the
Amazon Web Services Management Console.
To retrieve image scan findings
Open the Amazon ECR console at
https://console.amazonaws.cn/ecr/.
-
From the navigation bar, choose the Region where your
repository exists.
-
In the navigation pane, choose
Repositories.
-
On the Repositories page, choose the
repository that contains the image to retrieve the scan findings
for.
-
On the Images page, under the
Image tag column, select the image tag
to retrieve the scan findings.
-
To view more details in the Amazon Inspector console, choose the
vulnerability name in the Name
column.
- Amazon CLI
-
Use the following Amazon CLI command to retrieve image scan findings using
the Amazon CLI. You can specify an image using the imageTag or
imageDigest, both of which can be obtained using the
list-images
CLI command.
-
describe-image-scan-findings (Amazon CLI)
The following example uses an image tag.
aws ecr describe-image-scan-findings \
--repository-name name \
--image-id imageTag=tag_name \
--region us-east-2
The following example uses an image digest.
aws ecr describe-image-scan-findings \
--repository-name name \
--image-id imageDigest=sha256_hash \
--region us-east-2