AWS ECR discovery

Overview

Twigs supports discovery of container images from AWS Container Registry (ECR) for vulnerability assessment.

Pre-requisites

AWS CLI is required, please install it by following the steps mentioned here for your Operating System. You need to configure using  AWS CLI and login into your ECR using “docker login” as well. You can inventory all images in your ECR by specifying registry name or single image by specifying fully qualified image name (with optional tag).

Steps involved

You can run twigs to ingest this collected inventory into your ThreatWorx instance by following the below mentioned steps:

  • Open a new shell / terminal
  • Configure AWS CLI for the first time.
  • Perform “docker login” as described here.
  • You can run the command mentioned below:

twigs ecr [--registry REGISTRY] [--image IMAGE] [--repository_type {public,private}] [--tmp_dir TMP_DIR] [--check_vuln CHECK_VULN] [--check_all_vulns]

  • After discovery is complete, you can login into ThreatWorx Console to view the newly discovered container image assets.

Examples

$ twigs ecr --registry "0088...342" --check_all_vulns

Run ECR discovery for all repositories in your AWS Account by specifying your AWS Account ID

twigs ecr --image "0088...283.dkr.ecr.us-west-1.amazonaws.com/ubuntu:18.04" --check_all_vulns

Discover a specific container image as an asset in ThreatWorx