Table of Contents
...
There are two ways to scan container images in ECR:
- Using Synopsys Detect on a local workstation.
- Using an AWS CodePipeline Custom Action.
...
Authenticate with ECR. ECR uses authentication tokens that expire after 12 hours. The ecr get-login command generates a docker login command with authentication credentials.
Code Block title Generate Docker Login for ECR (Linux) aws ecr get-login --region region --no-include-email | sh
Invoke Synopsys Detect, and configure at least the following /wiki/spaces/INTDOCS/pages/622673.following:
Code Block title Synopsys Detect - Scanning Images bash <(curl -s https://detect.synopsys.com/detect.sh) \ --blackduck.url=<URL> \ --blackduck.api.token=<token> \ --detect.docker.image=<Image URI> \ --detect.project.name=<Project Name>
- On scan completion, navigate to the project version in Black Duck to view the scan results.
.png?version=1&modificationDate=1554218247591&cacheVersion=1&api=v2&width=770)
Using the CodePipeline Custom Action
...