Retrieving the findings for basic scans in Amazon ECR
You can retrieve the scan findings for the last completed basic image scan. The software vulnerabilities that were discovered are listed by severity based on the Common Vulnerabilities and Exposures (CVEs) database.
For troubleshooting details for some common issues when scanning images, see Troubleshooting image scanning in Amazon ECR.
- AWS Management Console
-
Use the following steps to retrieve image scan findings using the AWS Management Console.
To retrieve image scan findings
Open the Amazon ECR console at https://console.aws.amazon.com/ecr/private-registry/repositories
-
From the navigation bar, choose the Region to create your repository in.
-
In the navigation pane, choose Repositories.
-
On the Repositories page, choose the repository that contains the image to retrieve the scan findings for.
-
On the Images page, under the Image tag column, select the image tag to retrieve the scan findings.
- AWS CLI
-
Use the following AWS CLI command to retrieve image scan findings using the AWS CLI. You can specify an image using the
imageTagorimageDigest, both of which can be obtained using the list-images CLI command.-
describe-image-scan-findings (AWS CLI)
The following example uses an image tag.
aws ecr describe-image-scan-findings --repository-namename--image-id imageTag=tag_name--regionus-east-2The following example uses an image digest.
aws ecr describe-image-scan-findings --repository-namename--image-id imageDigest=sha256_hash--regionus-east-2
-
- AWS Tools for Windows PowerShell
-
-
Get-ECRImageScanFinding (AWS Tools for Windows PowerShell)
The following example uses an image tag.
Get-ECRImageScanFinding -RepositoryNamename-ImageId_ImageTagtag_name-Regionus-east-2The following example uses an image digest.
Get-ECRImageScanFinding -RepositoryNamename-ImageId_ImageDigestsha256_hash-Regionus-east-2
-
