Too Long; Didn't Read
Amazon Elastic Container Registry (ECR) can now be setup to automatically scan images on push. ECR image scanning uses the Common Vulnerabilities and Exposures database from the Clair project. Clair analyses each layer of the Docker image, then returns vulnerabilities that might affect the image. These vulnerabilities are then shown to us in the AWS Console or we can fetch them via the AWS Command Line Interface (CLI) ECR offers these features:automatically scan on pushing an image to ECR. An event is sent to AWS EventBridge when an image scan completes, allowing for further automation.