Omission of Security-relevant Information
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-223: Omission of Security-relevant Information |
| OWASP | A09:2021 - Security Logging and Monitoring Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The AWS ECR repository is configured without image scanning on push, meaning container images are not automatically checked for known vulnerabilities before being stored. This increases the risk of deploying insecure or outdated software.
Impact#
If image scanning is disabled, vulnerable images could be pushed to the repository and later deployed to production, potentially exposing your application to exploits, data breaches, or compromise by attackers leveraging unpatched vulnerabilities in your containers.