Skip to content

Latest commit

 

History

History
138 lines (112 loc) · 4.07 KB

enableecrscanonpush.md

File metadata and controls

138 lines (112 loc) · 4.07 KB

Scan images pushed to ECR

org.openrewrite.terraform.aws.EnableECRScanOnPush

ECR Image Scanning assesses and identifies operating system vulnerabilities. Using automated image scans you can ensure container image vulnerabilities are found before getting pushed to production.

Tags

  • CKV_AWS_33
  • terraform
  • AWS

Source

GitHub, Issue Tracker, Maven Central

  • groupId: org.openrewrite.recipe
  • artifactId: rewrite-terraform
  • version: 2.0.1

Usage

This recipe has no required configuration options. It can be activated by adding a dependency on org.openrewrite.recipe:rewrite-terraform:2.0.1 in your build file or by running a shell command (in which case no build changes are needed): {% tabs %} {% tab title="Gradle" %} {% code title="build.gradle" %}

plugins {
    id("org.openrewrite.rewrite") version("6.1.4")
}

rewrite {
    activeRecipe("org.openrewrite.terraform.aws.EnableECRScanOnPush")
}

repositories {
    mavenCentral()
}

dependencies {
    rewrite("org.openrewrite.recipe:rewrite-terraform:2.0.1")
}

{% endcode %} {% endtab %} {% tab title="Maven POM" %} {% code title="pom.xml" %}

<project>
  <build>
    <plugins>
      <plugin>
        <groupId>org.openrewrite.maven</groupId>
        <artifactId>rewrite-maven-plugin</artifactId>
        <version>5.2.4</version>
        <configuration>
          <activeRecipes>
            <recipe>org.openrewrite.terraform.aws.EnableECRScanOnPush</recipe>
          </activeRecipes>
        </configuration>
        <dependencies>
          <dependency>
            <groupId>org.openrewrite.recipe</groupId>
            <artifactId>rewrite-terraform</artifactId>
            <version>2.0.1</version>
          </dependency>
        </dependencies>
      </plugin>
    </plugins>
  </build>
</project>

{% endcode %} {% endtab %}

{% tab title="Maven Command Line" %} {% code title="shell" %} You will need to have Maven installed on your machine before you can run the following command.

mvn -U org.openrewrite.maven:rewrite-maven-plugin:run \
  -Drewrite.recipeArtifactCoordinates=org.openrewrite.recipe:rewrite-terraform:RELEASE \
  -Drewrite.activeRecipes=org.openrewrite.terraform.aws.EnableECRScanOnPush

{% endcode %} {% endtab %} {% endtabs %}

Definition

{% tabs %} {% tab title="Recipe List" %}

{% endtab %}

{% tab title="Yaml Recipe List" %}

---
type: specs.openrewrite.org/v1beta/recipe
name: org.openrewrite.terraform.aws.EnableECRScanOnPush
displayName: Scan images pushed to ECR
description: ECR Image Scanning assesses and identifies operating system vulnerabilities. Using automated image scans you can ensure container image vulnerabilities are found before getting pushed to production.
tags:
  - CKV_AWS_33
  - terraform
  - AWS
recipeList:
  - org.openrewrite.terraform.AddConfiguration:
      resourceName: aws_ecr_repository
      content: image_scanning_configuration {
  scan_on_push = true
}

{% endtab %} {% endtabs %}

Contributors

See how this recipe works across multiple open-source repositories

Moderne Link Image

The community edition of the Moderne platform enables you to easily run recipes across thousands of open-source repositories.

Please contact Moderne for more information about safely running the recipes on your own codebase in a private SaaS.