Switching to the improved basic scanning for images in Amazon ECR
Important
For new users, your registries are automatically configured to use the
AWS_NATIVE
scanning technology upon creation. There is no
action for you to take. Amazon ECR doesn't recommend reverting to the previous
scanning technology CLAIR
.
- AWS Management Console
-
To turn on improved basic scanning for your private registry
-
Open the Amazon ECR console at https://console.aws.amazon.com/ecr/private-registry/repositories
-
From the navigation bar, choose the Region to set the scanning configuration for.
-
In the navigation pane, choose Private registry, Settings, Scanning.
-
On the Scanning configuration page, For Scan type choose Improved basic scanning.
-
By default all of your repositories are set for Manual scanning. You can optionally configure scan on push by specifying Scan on push filters. You can set scan on push for all repositories or individual repositories. For more information, see Filters to choose which repositories are scanned in Amazon ECR.
-
- AWS CLI
-
Amazon ECR has basic scanning enabled for all private registries. Use the following commands below to view your current basic scan type and to change your basic scan type.
-
To retrieve the basic scan type version you are currently using.
aws ecr get-account-setting --name BASIC_SCAN_TYPE_VERSION
The parameter name is a required field. If you don't provide the name you will receive the following error:
aws: error: the following arugents are required: --name
To change your basic scan type version from
CLAIR
toAWS_NATIVE
. Once you change your basic scan type version fromCLAIR
toAWS_NATIVE
it's not recommended that you revert back toCLAIR
.aws ecr put-account-setting --name BASIC_SCAN_TYPE_VERSION --value
value
-