AWS ECR automatic registry scanning disabled
Description
AlphaSOC detected that automatic vulnerability scanning was disabled for Amazon Elastic Container Registry (ECR). ECR scanning helps identify software vulnerabilities in container images stored in repositories, enabling organizations to remediate security issues before deploying these containers to production environments.
Impact
Disabling registry-level scanning prevents the automatic identification of vulnerabilities in container images, potentially allowing security issues to remain undetected before deployment. This can increase the attack surface, as containers with known vulnerabilities may be deployed to production environments where adversaries could exploit these weaknesses to execute malicious code, gain unauthorized access, or move laterally within the infrastructure.
Severity
| Severity | Condition |
|---|---|
Low | AWS ECR automatic registry scanning disabled |
Investigation and Remediation
Review the AWS CloudTrail logs to identify the user or role that disabled registry scanning and determine whether this action was authorized. If unauthorized, re-enable automatic scanning at the registry level using the AWS Console or API. Consider scanning all repositories to identify any existing vulnerabilities. Implement AWS Config rules to monitor scanning settings and ensure compliance with security policies. Review and restrict permissions to modify scanning configurations to authorized personnel only, and document the findings for incident tracking and compliance reporting.