Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon Inspector integration with Amazon Elastic Container Registry (Amazon ECR)

Amazon ECR is a fully managed container registry that supports Docker and OCI images and artifacts on Amazon. If you are using Amazon ECR, you can activate Enhanced scanning for your registry to allow Amazon Inspector to automatically detect your container images and scan them for vulnerable operating system packages and programming language packages.

This integration allows you to view Amazon Inspector findings for container images within the Amazon ECR console. Additionally, from the Amazon ECR console you can manage scan frequency and refine the scope of scans by creating inclusion filters.

Activating the integration

You can activate the integration by activating Amazon Inspector scanning through the Amazon Inspector console or API, or by configuring your repository to use Enhanced scanning with Amazon Inspector through the Amazon ECR console or API.

For more information on activating the integration through Amazon Inspector, see Automated resource scanning with Amazon Inspector.

For information on activating and configuring Enhanced scanning in Amazon ECR, see Enhanced Scanning in the Amazon ECR user guide.

Using the integration with a multi-account environment

If you are a member in a multi-account environment, you can activate enhanced scanning through Amazon ECR. However, once activated, it can only be deactivated by your Amazon Inspector delegated administrator. If it is deactivated, it reverts to basic scanning. For more information, see Deactivating Amazon Inspector.