🕌
Amazon ECR イメージスキャン結果通知 ベーシックスキャンと拡張スキャンで異なるよ
Amazon ECRのスキャン結果をChatbot経由でSlackに通知する
などでベーシックスキャンの場合は紹介されています
拡張スキャンの場合、Amazon EventBridgeで定義するイベントパターンを変える必要があります
ベーシックスキャン
サンプルイベント
{
"version": "0",
"id": "85fc3613-e913-7fc4-a80c-a3753e4aa9ae",
"detail-type": "ECR Image Scan",
"source": "aws.ecr",
"account": "123456789012",
"time": "2019-10-29T02:36:48Z",
"region": "us-east-1",
"resources": [
"arn:aws:ecr:us-east-1:123456789012:repository/my-repository-name"
],
"detail": {
"scan-status": "COMPLETE",
"repository-name": "my-repository-name",
"finding-severity-counts": {
"CRITICAL": 10,
"MEDIUM": 9
},
"image-digest": "sha256:7f5b2640fe6fb4f46592dfd3410c4a79dac4f89e4782432e0378abcd1234",
"image-tags": []
}
}
イベントパターン
{
"detail": {
"finding-severity-counts": {
"CRITICAL": [{
"numeric": [">", 0]
}]
}
},
"detail-type": ["ECR Image Scan"],
"source": ["aws.ecr"]
}
拡張スキャン
初期イメージスキャンのイベント (拡張スキャン)
サンプルイベント
{
"version": "0",
"id": "739c0d3c-4f02-85c7-5a88-94a9EXAMPLE",
"detail-type": "Inspector2 Scan",
"source": "aws.inspector2",
"account": "123456789012",
"time": "2021-12-03T18:03:16Z",
"region": "us-east-2",
"resources": [
"arn:aws:ecr:us-east-2:123456789012:repository/amazon/amazon-ecs-sample"
],
"detail": {
"scan-status": "INITIAL_SCAN_COMPLETE",
"repository-name": "arn:aws:ecr:us-east-2:123456789012:repository/amazon/amazon-ecs-sample",
"finding-severity-counts": {
"CRITICAL": 7,
"HIGH": 61,
"MEDIUM": 62,
"TOTAL": 158
},
"image-digest": "sha256:36c7b282abd0186e01419f2e58743e1bf635808231049bbc9d77e5EXAMPLE",
"image-tags": [
"latest"
]
}
}
イベントパターン
{
"detail": {
"finding-severity-counts": {
"CRITICAL": [{
"numeric": [">", 0]
}]
}
},
"detail-type": ["Inspector2 Scan"],
"source": ["aws.inspector2"]
}
Discussion