Skip to content

feat(cli): docker image asset scanning by default #4874

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mergify merged 4 commits into from
Nov 8, 2019
Merged

feat(cli): docker image asset scanning by default #4874

mergify merged 4 commits into from
Nov 8, 2019

Conversation

@jogold
Copy link
Contributor

@jogold jogold commented Nov 6, 2019
edited by eladb
Loading

Amazon ECR image scanning helps in identifying software vulnerabilities in container images.

Amazon ECR uses the Common Vulnerabilities and Exposures (CVEs) database from the open source CoreOS Clair project and provides a list of scan findings.

Image Scanning for Amazon ECR is available at no additional charge, and you can now use it in all commercial AWS Regions and GovCloud (US)

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@jogold
feat(toolkit): configure image scanning on push
8370551 
Amazon ECR image scanning helps in identifying software vulnerabilities in container images.
Amazon ECR uses the Common Vulnerabilities and Exposures (CVEs) database from the open source
CoreOS Clair project and provides a list of scan findings.

This feature is available at no additional charge.
@jogold jogold requested a review from RomainMuller as a code owner November 6, 2019 10:30
@mergify
Copy link
Contributor

mergify bot commented Nov 6, 2019

Thanks so much for taking the time to contribute to the AWS CDK ❤️

We will shortly assign someone to review this pull request and help get it
merged. In the meantime, please take a minute to make sure you follow this
checklist:

  • PR title type(scope): text
    • type: fix, feat, refactor go into CHANGELOG, chore is hidden
    • scope: name of module without aws- or cdk- prefix or postfix (e.g. s3 instead of aws-s3-deployment)
    • text: use all lower-case, do not end with a period, do not include issue refs
  • PR Description
    • Rationale: describe rationale of change and approach taken
    • Issues: indicate issues fixed via: fixes #xxx or closes #xxx
    • Breaking?: last paragraph: BREAKING CHANGE: <describe what changed + link for details>
  • Testing
    • Unit test added. Prefer to add a new test rather than modify existing tests
    • CLI or init templates change? Re-run/add CLI integration tests
  • Documentation
    • README: update module README to describe new features
    • API docs: public APIs must be documented. Copy from official AWS docs when possible
    • Design: for significant features, follow design process

@aws-cdk-automation
Copy link
Collaborator

aws-cdk-automation commented Nov 6, 2019

AWS CodeBuild CI Report

  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

eladb
eladb suggested changes Nov 6, 2019
View reviewed changes
@eladb eladb self-assigned this Nov 6, 2019
@eladb
Copy link
Contributor

eladb commented Nov 6, 2019

@RomainMuller @rix0rrr @shivlaks any objections?

eladb
eladb previously approved these changes Nov 8, 2019
View reviewed changes
@eladb eladb changed the title feat(toolkit): configure image scanning on push feat(cli): docker image asset scanning by default Nov 8, 2019
@mergify
Copy link
Contributor

mergify bot commented Nov 8, 2019

Thank you for contributing! Your pull request is now being automatically merged.

@aws-cdk-automation
Copy link
Collaborator

aws-cdk-automation commented Nov 8, 2019

AWS CodeBuild CI Report

  • Result: FAILED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@jogold
Copy link
Contributor Author

jogold commented Nov 8, 2019

Error: EISDIR: illegal operation on a directory, copyfile '/tmp/npm-packHNeqNF' -> '/tmp/npm-packNURlln/Amazon.CDK.CXAPI/npm-packHNeqNF'??

@mergify mergify bot dismissed eladb’s stale review November 8, 2019 09:17

Pull request has been modified.

@jogold jogold requested a review from eladb November 8, 2019 09:17
@aws-cdk-automation
Copy link
Collaborator

aws-cdk-automation commented Nov 8, 2019

AWS CodeBuild CI Report

  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@aws-cdk-automation
Copy link
Collaborator

aws-cdk-automation commented Nov 8, 2019

AWS CodeBuild CI Report

  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify mergify bot merged commit 87421c9 into aws:master Nov 8, 2019
@eladb
Copy link
Contributor

eladb commented Nov 8, 2019

Missed a beat for a second:

Image Scanning for Amazon ECR is available at no additional charge, and you can now use it in all commercial AWS Regions and GovCloud (US)

@jogold
Copy link
Contributor Author

jogold commented Nov 8, 2019

Does it cover China regions?

@jogold
Copy link
Contributor Author

jogold commented Nov 8, 2019

Does it cover China regions?

From the docs, it seems that it's available in the China regions.

@jogold jogold deleted the ecr-image-scan branch November 11, 2019 14:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@RomainMuller RomainMuller Awaiting requested review from RomainMuller

1 more reviewer

@eladb eladb eladb approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@eladb eladb

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jogold @aws-cdk-automation @eladb