-
AWS Elastic Container Registry has been able to support the scanning of images for vulnerabilities using the open source project Clair for quite some time now. Clair is an open source project used for the static analysis of vulnerabilities in application containers (currently including OCI and Docker). Made available by AWS directly and implemented into ECR, it is a very useful feature to minimize the risk of using endangered software - and stay compliant. The scanning for vulnerabilities should be a good standard in any Dockerized scenario as public images and their heirs can contain many security risks (Top-ten-docker-images) - which might be overlooked while developing applications that are constantly changed and improved - and new versions of images are pushed to your ECR many times a day.
-
InfluxDB
Purpose built for real-time analytics at any scale. InfluxDB Platform is powered by columnar analytics, optimized for cost-efficient storage, and built with open data standards.
-
ecr-scan-notification-pipe
simple, event driven aws ecr scan notification pipeline to slack channel using terraform
def lambda_handler(event, context): slackWebhook = os.environ.get('SLACK_WEBHOOK') msg = { "text": event['Records'][0]['Sns']['Message'] } encoded_msg = json.dumps(msg).encode('utf-8') resp = http.request('POST',slackWebhook, body=encoded_msg) print( { "message": event['Records'][0]['Sns']['Message'], "status_code": resp.status, "response": resp.data } ) ` The sample code can be found here, please feel free to use.