Overview
Twigs supports discovery of container images from AWS Container Registry (ECR) for vulnerability assessment.
Pre-requisites
AWS CLI is required, please install it by following the steps mentioned here for your Operating System. You need to configure using AWS CLI and login into your ECR using “docker login” as well. You can inventory all images in your ECR by specifying registry name or single image by specifying fully qualified image name (with optional tag).
Steps involved
You can run twigs to ingest this collected inventory into your ThreatWorx instance by following the below mentioned steps:
- Open a new shell / terminal
- Configure AWS CLI for the first time.
- Perform “docker login” as described here.
- You can run the command mentioned below:
twigs ecr [--registry REGISTRY] [--image IMAGE] [--repository_type {public,private}] [--tmp_dir TMP_DIR] [--check_vuln CHECK_VULN] [--check_all_vulns]
- After discovery is complete, you can login into ThreatWorx Console to view the newly discovered container image assets.
Examples
$ twigs ecr --registry "0088...342" --check_all_vulns
Run ECR discovery for all repositories in your AWS Account by specifying your AWS Account ID
twigs ecr --image "0088...283.dkr.ecr.us-west-1.amazonaws.com/ubuntu:18.04" --check_all_vulns
Discover a specific container image as an asset in ThreatWorx