Remediation
Enable Amazon Inspector ECR Scanningβ
If you are the delegated administrator for an AWS Organization, you can centrally enable Amazon Inspector scan types across multiple accounts and Regions using the AWS CLI and automation scripts. For additional guidance, refer to the inspector2-enablement-with-cli repository on GitHub.
From Consoleβ
To activate Amazon Inspector ECR scanning:
-
Open the Amazon Inspector console: https://console.aws.amazon.com/inspector/v2/home
-
Using the AWS Region selector in the upper-right corner, select the Region where your ECR repositories are located.
-
In the navigation pane, choose Account management.
-
Select the account(s) for which you want to enable a scan type.
-
Choose Activate, then select ECR scanning.
-
Repeat these steps in each AWS Region that hosts ECR repositories to ensure full coverage.