2021/11/29 - Amazon EC2 Container Registry - 6 new 3 updated api methods
Changes This release adds supports for pull through cache rules and enhanced scanning.
Gets the scanning configuration for one or more repositories.
See also: AWS API Documentation
Request Syntax
client.batch_get_repository_scanning_configuration(
repositoryNames=[
'string',
]
)
list
[REQUIRED]
One or more repository names to get the scanning configuration for.
(string) --
dict
Response Syntax
{
'scanningConfigurations': [
{
'repositoryArn': 'string',
'repositoryName': 'string',
'scanOnPush': True|False,
'scanFrequency': 'SCAN_ON_PUSH'|'CONTINUOUS_SCAN'|'MANUAL',
'appliedScanFilters': [
{
'filter': 'string',
'filterType': 'WILDCARD'
},
]
},
],
'failures': [
{
'repositoryName': 'string',
'failureCode': 'REPOSITORY_NOT_FOUND',
'failureReason': 'string'
},
]
}
Response Structure
(dict) --
scanningConfigurations (list) --
The scanning configuration for the requested repositories.
(dict) --
The details of the scanning configuration for a repository.
repositoryArn (string) --
The ARN of the repository.
repositoryName (string) --
The name of the repository.
scanOnPush (boolean) --
Whether or not scan on push is configured for the repository.
scanFrequency (string) --
The scan frequency for the repository.
appliedScanFilters (list) --
The scan filters applied to the repository.
(dict) --
The details of a scanning repository filter.
filter (string) --
The filter to use when scanning.
filterType (string) --
The type associated with the filter.
failures (list) --
Any failures associated with the call.
(dict) --
The details about any failures associated with the scanning configuration of a repository.
repositoryName (string) --
The name of the repository.
failureCode (string) --
The failure code.
failureReason (string) --
The reason for the failure.
Deletes a pull through cache rule.
See also: AWS API Documentation
Request Syntax
client.delete_pull_through_cache_rule(
ecrRepositoryPrefix='string',
registryId='string'
)
string
[REQUIRED]
The Amazon ECR repository prefix associated with the pull through cache rule to delete.
string
The Amazon Web Services account ID associated with the registry that contains the pull through cache rule. If you do not specify a registry, the default registry is assumed.
dict
Response Syntax
{
'ecrRepositoryPrefix': 'string',
'upstreamRegistryUrl': 'string',
'createdAt': datetime(2015, 1, 1),
'registryId': 'string'
}
Response Structure
(dict) --
ecrRepositoryPrefix (string) --
The Amazon ECR repository prefix associated with the request.
upstreamRegistryUrl (string) --
The upstream registry URL associated with the pull through cache rule.
createdAt (datetime) --
The timestamp associated with the pull through cache rule.
registryId (string) --
The registry ID associated with the request.
Retrieves the scanning configuration for a registry.
See also: AWS API Documentation
Request Syntax
client.get_registry_scanning_configuration()
dict
Response Syntax
{
'registryId': 'string',
'scanningConfiguration': {
'scanType': 'BASIC'|'ENHANCED',
'rules': [
{
'scanFrequency': 'SCAN_ON_PUSH'|'CONTINUOUS_SCAN'|'MANUAL',
'repositoryFilters': [
{
'filter': 'string',
'filterType': 'WILDCARD'
},
]
},
]
}
}
Response Structure
(dict) --
registryId (string) --
The ID of the registry.
scanningConfiguration (dict) --
The scanning configuration for the registry.
scanType (string) --
The type of scanning configured for the registry.
rules (list) --
The scanning rules associated with the registry.
(dict) --
The details of a scanning rule for a private registry.
scanFrequency (string) --
The frequency that scans are performed at for a private registry.
repositoryFilters (list) --
The repository filters associated with the scanning configuration for a private registry.
(dict) --
The details of a scanning repository filter.
filter (string) --
The filter to use when scanning.
filterType (string) --
The type associated with the filter.
Creates a pull through cache rule. A pull through cache rule provides a way to cache images from an external public registry in your Amazon ECR private registry.
See also: AWS API Documentation
Request Syntax
client.create_pull_through_cache_rule(
ecrRepositoryPrefix='string',
upstreamRegistryUrl='string',
registryId='string'
)
string
[REQUIRED]
The repository name prefix to use when caching images from the source registry.
string
[REQUIRED]
The registry URL of the upstream public registry to use as the source for the pull through cache rule.
string
The Amazon Web Services account ID associated with the registry to create the pull through cache rule for. If you do not specify a registry, the default registry is assumed.
dict
Response Syntax
{
'ecrRepositoryPrefix': 'string',
'upstreamRegistryUrl': 'string',
'createdAt': datetime(2015, 1, 1),
'registryId': 'string'
}
Response Structure
(dict) --
ecrRepositoryPrefix (string) --
The Amazon ECR repository prefix associated with the pull through cache rule.
upstreamRegistryUrl (string) --
The upstream registry URL associated with the pull through cache rule.
createdAt (datetime) --
The date and time, in JavaScript date format, when the pull through cache rule was created.
registryId (string) --
The registry ID associated with the request.
Returns the pull through cache rules for a registry.
See also: AWS API Documentation
Request Syntax
client.describe_pull_through_cache_rules(
registryId='string',
ecrRepositoryPrefixes=[
'string',
],
nextToken='string',
maxResults=123
)
string
The Amazon Web Services account ID associated with the registry to return the pull through cache rules for. If you do not specify a registry, the default registry is assumed.
list
The Amazon ECR repository prefixes associated with the pull through cache rules to return. If no repository prefix value is specified, all pull through cache rules are returned.
(string) --
string
The nextToken value returned from a previous paginated DescribePullThroughCacheRulesRequest request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.
integer
The maximum number of pull through cache rules returned by DescribePullThroughCacheRulesRequest in paginated output. When this parameter is used, DescribePullThroughCacheRulesRequest only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another DescribePullThroughCacheRulesRequest request with the returned nextToken value. This value can be between 1 and 1000. If this parameter is not used, then DescribePullThroughCacheRulesRequest returns up to 100 results and a nextToken value, if applicable.
dict
Response Syntax
{
'pullThroughCacheRules': [
{
'ecrRepositoryPrefix': 'string',
'upstreamRegistryUrl': 'string',
'createdAt': datetime(2015, 1, 1),
'registryId': 'string'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
pullThroughCacheRules (list) --
The details of the pull through cache rules.
(dict) --
The details of a pull through cache rule.
ecrRepositoryPrefix (string) --
The Amazon ECR repository prefix associated with the pull through cache rule.
upstreamRegistryUrl (string) --
The upstream registry URL associated with the pull through cache rule.
createdAt (datetime) --
The date and time the pull through cache was created.
registryId (string) --
The Amazon Web Services account ID associated with the registry the pull through cache rule is associated with.
nextToken (string) --
The nextToken value to include in a future DescribePullThroughCacheRulesRequest request. When the results of a DescribePullThroughCacheRulesRequest request exceed maxResults , this value can be used to retrieve the next page of results. This value is null when there are no more results to return.
Creates or updates the scanning configuration for your private registry.
See also: AWS API Documentation
Request Syntax
client.put_registry_scanning_configuration(
scanType='BASIC'|'ENHANCED',
rules=[
{
'scanFrequency': 'SCAN_ON_PUSH'|'CONTINUOUS_SCAN'|'MANUAL',
'repositoryFilters': [
{
'filter': 'string',
'filterType': 'WILDCARD'
},
]
},
]
)
string
The scanning type to set for the registry.
By default, the BASIC scan type is used. When basic scanning is set, you may specify filters to determine which individual repositories, or all repositories, are scanned when new images are pushed. Alternatively, you can do manual scans of images with basic scanning.
When the ENHANCED scan type is set, Amazon Inspector provides automated, continuous scanning of all repositories in your registry.
list
The scanning rules to use for the registry. A scanning rule is used to determine which repository filters are used and at what frequency scanning will occur.
(dict) --
The details of a scanning rule for a private registry.
scanFrequency (string) -- [REQUIRED]
The frequency that scans are performed at for a private registry.
repositoryFilters (list) -- [REQUIRED]
The repository filters associated with the scanning configuration for a private registry.
(dict) --
The details of a scanning repository filter.
filter (string) -- [REQUIRED]
The filter to use when scanning.
filterType (string) -- [REQUIRED]
The type associated with the filter.
dict
Response Syntax
{
'registryScanningConfiguration': {
'scanType': 'BASIC'|'ENHANCED',
'rules': [
{
'scanFrequency': 'SCAN_ON_PUSH'|'CONTINUOUS_SCAN'|'MANUAL',
'repositoryFilters': [
{
'filter': 'string',
'filterType': 'WILDCARD'
},
]
},
]
}
}
Response Structure
(dict) --
registryScanningConfiguration (dict) --
The scanning configuration for your registry.
scanType (string) --
The type of scanning configured for the registry.
rules (list) --
The scanning rules associated with the registry.
(dict) --
The details of a scanning rule for a private registry.
scanFrequency (string) --
The frequency that scans are performed at for a private registry.
repositoryFilters (list) --
The repository filters associated with the scanning configuration for a private registry.
(dict) --
The details of a scanning repository filter.
filter (string) --
The filter to use when scanning.
filterType (string) --
The type associated with the filter.
{'imageScanFindings': {'enhancedFindings': [{'awsAccountId': 'string',
'description': 'string',
'findingArn': 'string',
'firstObservedAt': 'timestamp',
'lastObservedAt': 'timestamp',
'packageVulnerabilityDetails': {'cvss': [{'baseScore': 'double',
'scoringVector': 'string',
'source': 'string',
'version': 'string'}],
'referenceUrls': ['string'],
'relatedVulnerabilities': ['string'],
'source': 'string',
'sourceUrl': 'string',
'vendorCreatedAt': 'timestamp',
'vendorSeverity': 'string',
'vendorUpdatedAt': 'timestamp',
'vulnerabilityId': 'string',
'vulnerablePackages': [{'arch': 'string',
'epoch': 'integer',
'filePath': 'string',
'name': 'string',
'packageManager': 'string',
'release': 'string',
'sourceLayerHash': 'string',
'version': 'string'}]},
'remediation': {'recommendation': {'text': 'string',
'url': 'string'}},
'resources': [{'details': {'awsEcrContainerImage': {'architecture': 'string',
'author': 'string',
'imageHash': 'string',
'imageTags': ['string'],
'platform': 'string',
'pushedAt': 'timestamp',
'registry': 'string',
'repositoryName': 'string'}},
'id': 'string',
'tags': {'string': 'string'},
'type': 'string'}],
'score': 'double',
'scoreDetails': {'cvss': {'adjustments': [{'metric': 'string',
'reason': 'string'}],
'score': 'double',
'scoreSource': 'string',
'scoringVector': 'string',
'version': 'string'}},
'severity': 'string',
'status': 'string',
'title': 'string',
'type': 'string',
'updatedAt': 'timestamp'}]},
'imageScanStatus': {'status': {'ACTIVE',
'FINDINGS_UNAVAILABLE',
'PENDING',
'SCAN_ELIGIBILITY_EXPIRED',
'UNSUPPORTED_IMAGE'}}}
Returns the scan findings for the specified image.
See also: AWS API Documentation
Request Syntax
client.describe_image_scan_findings(
registryId='string',
repositoryName='string',
imageId={
'imageDigest': 'string',
'imageTag': 'string'
},
nextToken='string',
maxResults=123
)
string
The Amazon Web Services account ID associated with the registry that contains the repository in which to describe the image scan findings for. If you do not specify a registry, the default registry is assumed.
string
[REQUIRED]
The repository for the image for which to describe the scan findings.
dict
[REQUIRED]
An object with identifying information for an image in an Amazon ECR repository.
imageDigest (string) --
The sha256 digest of the image manifest.
imageTag (string) --
The tag used for the image.
string
The nextToken value returned from a previous paginated DescribeImageScanFindings request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.
integer
The maximum number of image scan results returned by DescribeImageScanFindings in paginated output. When this parameter is used, DescribeImageScanFindings only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another DescribeImageScanFindings request with the returned nextToken value. This value can be between 1 and 1000. If this parameter is not used, then DescribeImageScanFindings returns up to 100 results and a nextToken value, if applicable.
dict
Response Syntax
{
'registryId': 'string',
'repositoryName': 'string',
'imageId': {
'imageDigest': 'string',
'imageTag': 'string'
},
'imageScanStatus': {
'status': 'IN_PROGRESS'|'COMPLETE'|'FAILED'|'UNSUPPORTED_IMAGE'|'ACTIVE'|'PENDING'|'SCAN_ELIGIBILITY_EXPIRED'|'FINDINGS_UNAVAILABLE',
'description': 'string'
},
'imageScanFindings': {
'imageScanCompletedAt': datetime(2015, 1, 1),
'vulnerabilitySourceUpdatedAt': datetime(2015, 1, 1),
'findingSeverityCounts': {
'string': 123
},
'findings': [
{
'name': 'string',
'description': 'string',
'uri': 'string',
'severity': 'INFORMATIONAL'|'LOW'|'MEDIUM'|'HIGH'|'CRITICAL'|'UNDEFINED',
'attributes': [
{
'key': 'string',
'value': 'string'
},
]
},
],
'enhancedFindings': [
{
'awsAccountId': 'string',
'description': 'string',
'findingArn': 'string',
'firstObservedAt': datetime(2015, 1, 1),
'lastObservedAt': datetime(2015, 1, 1),
'packageVulnerabilityDetails': {
'cvss': [
{
'baseScore': 123.0,
'scoringVector': 'string',
'source': 'string',
'version': 'string'
},
],
'referenceUrls': [
'string',
],
'relatedVulnerabilities': [
'string',
],
'source': 'string',
'sourceUrl': 'string',
'vendorCreatedAt': datetime(2015, 1, 1),
'vendorSeverity': 'string',
'vendorUpdatedAt': datetime(2015, 1, 1),
'vulnerabilityId': 'string',
'vulnerablePackages': [
{
'arch': 'string',
'epoch': 123,
'filePath': 'string',
'name': 'string',
'packageManager': 'string',
'release': 'string',
'sourceLayerHash': 'string',
'version': 'string'
},
]
},
'remediation': {
'recommendation': {
'url': 'string',
'text': 'string'
}
},
'resources': [
{
'details': {
'awsEcrContainerImage': {
'architecture': 'string',
'author': 'string',
'imageHash': 'string',
'imageTags': [
'string',
],
'platform': 'string',
'pushedAt': datetime(2015, 1, 1),
'registry': 'string',
'repositoryName': 'string'
}
},
'id': 'string',
'tags': {
'string': 'string'
},
'type': 'string'
},
],
'score': 123.0,
'scoreDetails': {
'cvss': {
'adjustments': [
{
'metric': 'string',
'reason': 'string'
},
],
'score': 123.0,
'scoreSource': 'string',
'scoringVector': 'string',
'version': 'string'
}
},
'severity': 'string',
'status': 'string',
'title': 'string',
'type': 'string',
'updatedAt': datetime(2015, 1, 1)
},
]
},
'nextToken': 'string'
}
Response Structure
(dict) --
registryId (string) --
The registry ID associated with the request.
repositoryName (string) --
The repository name associated with the request.
imageId (dict) --
An object with identifying information for an image in an Amazon ECR repository.
imageDigest (string) --
The sha256 digest of the image manifest.
imageTag (string) --
The tag used for the image.
imageScanStatus (dict) --
The current state of the scan.
status (string) --
The current state of an image scan.
description (string) --
The description of the image scan status.
imageScanFindings (dict) --
The information contained in the image scan findings.
imageScanCompletedAt (datetime) --
The time of the last completed image scan.
vulnerabilitySourceUpdatedAt (datetime) --
The time when the vulnerability data was last scanned.
findingSeverityCounts (dict) --
The image vulnerability counts, sorted by severity.
(string) --
(integer) --
findings (list) --
The findings from the image scan.
(dict) --
Contains information about an image scan finding.
name (string) --
The name associated with the finding, usually a CVE number.
description (string) --
The description of the finding.
uri (string) --
A link containing additional details about the security vulnerability.
severity (string) --
The finding severity.
attributes (list) --
A collection of attributes of the host from which the finding is generated.
(dict) --
This data type is used in the ImageScanFinding data type.
key (string) --
The attribute key.
value (string) --
The value assigned to the attribute key.
enhancedFindings (list) --
Details about the enhanced scan findings from Amazon Inspector.
(dict) --
The details of an enhanced image scan. This is returned when enhanced scanning is enabled for your private registry.
awsAccountId (string) --
The Amazon Web Services account ID associated with the image.
description (string) --
The description of the finding.
findingArn (string) --
The Amazon Resource Number (ARN) of the finding.
firstObservedAt (datetime) --
The date and time that the finding was first observed.
lastObservedAt (datetime) --
The date and time that the finding was last observed.
packageVulnerabilityDetails (dict) --
An object that contains the details of a package vulnerability finding.
cvss (list) --
An object that contains details about the CVSS score of a finding.
(dict) --
The CVSS score for a finding.
baseScore (float) --
The base CVSS score used for the finding.
scoringVector (string) --
The vector string of the CVSS score.
source (string) --
The source of the CVSS score.
version (string) --
The version of CVSS used for the score.
referenceUrls (list) --
One or more URLs that contain details about this vulnerability type.
(string) --
relatedVulnerabilities (list) --
One or more vulnerabilities related to the one identified in this finding.
(string) --
source (string) --
The source of the vulnerability information.
sourceUrl (string) --
A URL to the source of the vulnerability information.
vendorCreatedAt (datetime) --
The date and time that this vulnerability was first added to the vendor's database.
vendorSeverity (string) --
The severity the vendor has given to this vulnerability type.
vendorUpdatedAt (datetime) --
The date and time the vendor last updated this vulnerability in their database.
vulnerabilityId (string) --
The ID given to this vulnerability.
vulnerablePackages (list) --
The packages impacted by this vulnerability.
(dict) --
Information on the vulnerable package identified by a finding.
arch (string) --
The architecture of the vulnerable package.
epoch (integer) --
The epoch of the vulnerable package.
filePath (string) --
The file path of the vulnerable package.
name (string) --
The name of the vulnerable package.
packageManager (string) --
The package manager of the vulnerable package.
release (string) --
The release of the vulnerable package.
sourceLayerHash (string) --
The source layer hash of the vulnerable package.
version (string) --
The version of the vulnerable package.
remediation (dict) --
An object that contains the details about how to remediate a finding.
recommendation (dict) --
An object that contains information about the recommended course of action to remediate the finding.
url (string) --
The URL address to the CVE remediation recommendations.
text (string) --
The recommended course of action to remediate the finding.
resources (list) --
Contains information on the resources involved in a finding.
(dict) --
Details about the resource involved in a finding.
details (dict) --
An object that contains details about the resource involved in a finding.
awsEcrContainerImage (dict) --
An object that contains details about the Amazon ECR container image involved in the finding.
architecture (string) --
The architecture of the Amazon ECR container image.
author (string) --
The image author of the Amazon ECR container image.
imageHash (string) --
The image hash of the Amazon ECR container image.
imageTags (list) --
The image tags attached to the Amazon ECR container image.
(string) --
platform (string) --
The platform of the Amazon ECR container image.
pushedAt (datetime) --
The date and time the Amazon ECR container image was pushed.
registry (string) --
The registry the Amazon ECR container image belongs to.
repositoryName (string) --
The name of the repository the Amazon ECR container image resides in.
id (string) --
The ID of the resource.
tags (dict) --
The tags attached to the resource.
(string) --
(string) --
type (string) --
The type of resource.
score (float) --
The Amazon Inspector score given to the finding.
scoreDetails (dict) --
An object that contains details of the Amazon Inspector score.
cvss (dict) --
An object that contains details about the CVSS score given to a finding.
adjustments (list) --
An object that contains details about adjustment Amazon Inspector made to the CVSS score.
(dict) --
Details on adjustments Amazon Inspector made to the CVSS score for a finding.
metric (string) --
The metric used to adjust the CVSS score.
reason (string) --
The reason the CVSS score has been adjustment.
score (float) --
The CVSS score.
scoreSource (string) --
The source for the CVSS score.
scoringVector (string) --
The vector for the CVSS score.
version (string) --
The CVSS version used in scoring.
severity (string) --
The severity of the finding.
status (string) --
The status of the finding.
title (string) --
The title of the finding.
type (string) --
The type of the finding.
updatedAt (datetime) --
The date and time the finding was last updated at.
nextToken (string) --
The nextToken value to include in a future DescribeImageScanFindings request. When the results of a DescribeImageScanFindings request exceed maxResults , this value can be used to retrieve the next page of results. This value is null when there are no more results to return.
{'imageDetails': {'imageScanStatus': {'status': {'ACTIVE',
'FINDINGS_UNAVAILABLE',
'PENDING',
'SCAN_ELIGIBILITY_EXPIRED',
'UNSUPPORTED_IMAGE'}}}}
Returns metadata about the images in a repository.
Note
Beginning with Docker version 1.9, the Docker client compresses image layers before pushing them to a V2 Docker registry. The output of the docker images command shows the uncompressed image size, so it may return a larger image size than the image sizes returned by DescribeImages.
See also: AWS API Documentation
Request Syntax
client.describe_images(
registryId='string',
repositoryName='string',
imageIds=[
{
'imageDigest': 'string',
'imageTag': 'string'
},
],
nextToken='string',
maxResults=123,
filter={
'tagStatus': 'TAGGED'|'UNTAGGED'|'ANY'
}
)
string
The Amazon Web Services account ID associated with the registry that contains the repository in which to describe images. If you do not specify a registry, the default registry is assumed.
string
[REQUIRED]
The repository that contains the images to describe.
list
The list of image IDs for the requested repository.
(dict) --
An object with identifying information for an image in an Amazon ECR repository.
imageDigest (string) --
The sha256 digest of the image manifest.
imageTag (string) --
The tag used for the image.
string
The nextToken value returned from a previous paginated DescribeImages request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return. This option cannot be used when you specify images with imageIds .
integer
The maximum number of repository results returned by DescribeImages in paginated output. When this parameter is used, DescribeImages only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another DescribeImages request with the returned nextToken value. This value can be between 1 and 1000. If this parameter is not used, then DescribeImages returns up to 100 results and a nextToken value, if applicable. This option cannot be used when you specify images with imageIds .
dict
The filter key and value with which to filter your DescribeImages results.
tagStatus (string) --
The tag status with which to filter your DescribeImages results. You can filter results based on whether they are TAGGED or UNTAGGED .
dict
Response Syntax
{
'imageDetails': [
{
'registryId': 'string',
'repositoryName': 'string',
'imageDigest': 'string',
'imageTags': [
'string',
],
'imageSizeInBytes': 123,
'imagePushedAt': datetime(2015, 1, 1),
'imageScanStatus': {
'status': 'IN_PROGRESS'|'COMPLETE'|'FAILED'|'UNSUPPORTED_IMAGE'|'ACTIVE'|'PENDING'|'SCAN_ELIGIBILITY_EXPIRED'|'FINDINGS_UNAVAILABLE',
'description': 'string'
},
'imageScanFindingsSummary': {
'imageScanCompletedAt': datetime(2015, 1, 1),
'vulnerabilitySourceUpdatedAt': datetime(2015, 1, 1),
'findingSeverityCounts': {
'string': 123
}
},
'imageManifestMediaType': 'string',
'artifactMediaType': 'string'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
imageDetails (list) --
A list of ImageDetail objects that contain data about the image.
(dict) --
An object that describes an image returned by a DescribeImages operation.
registryId (string) --
The Amazon Web Services account ID associated with the registry to which this image belongs.
repositoryName (string) --
The name of the repository to which this image belongs.
imageDigest (string) --
The sha256 digest of the image manifest.
imageTags (list) --
The list of tags associated with this image.
(string) --
imageSizeInBytes (integer) --
The size, in bytes, of the image in the repository.
If the image is a manifest list, this will be the max size of all manifests in the list.
Note
Beginning with Docker version 1.9, the Docker client compresses image layers before pushing them to a V2 Docker registry. The output of the docker images command shows the uncompressed image size, so it may return a larger image size than the image sizes returned by DescribeImages.
imagePushedAt (datetime) --
The date and time, expressed in standard JavaScript date format, at which the current image was pushed to the repository.
imageScanStatus (dict) --
The current state of the scan.
status (string) --
The current state of an image scan.
description (string) --
The description of the image scan status.
imageScanFindingsSummary (dict) --
A summary of the last completed image scan.
imageScanCompletedAt (datetime) --
The time of the last completed image scan.
vulnerabilitySourceUpdatedAt (datetime) --
The time when the vulnerability data was last scanned.
findingSeverityCounts (dict) --
The image vulnerability counts, sorted by severity.
(string) --
(integer) --
imageManifestMediaType (string) --
The media type of the image manifest.
artifactMediaType (string) --
The artifact media type of the image.
nextToken (string) --
The nextToken value to include in a future DescribeImages request. When the results of a DescribeImages request exceed maxResults , this value can be used to retrieve the next page of results. This value is null when there are no more results to return.
{'imageScanStatus': {'status': {'ACTIVE',
'FINDINGS_UNAVAILABLE',
'PENDING',
'SCAN_ELIGIBILITY_EXPIRED',
'UNSUPPORTED_IMAGE'}}}
Starts an image vulnerability scan. An image scan can only be started once per 24 hours on an individual image. This limit includes if an image was scanned on initial push. For more information, see Image scanning in the Amazon Elastic Container Registry User Guide .
See also: AWS API Documentation
Request Syntax
client.start_image_scan(
registryId='string',
repositoryName='string',
imageId={
'imageDigest': 'string',
'imageTag': 'string'
}
)
string
The Amazon Web Services account ID associated with the registry that contains the repository in which to start an image scan request. If you do not specify a registry, the default registry is assumed.
string
[REQUIRED]
The name of the repository that contains the images to scan.
dict
[REQUIRED]
An object with identifying information for an image in an Amazon ECR repository.
imageDigest (string) --
The sha256 digest of the image manifest.
imageTag (string) --
The tag used for the image.
dict
Response Syntax
{
'registryId': 'string',
'repositoryName': 'string',
'imageId': {
'imageDigest': 'string',
'imageTag': 'string'
},
'imageScanStatus': {
'status': 'IN_PROGRESS'|'COMPLETE'|'FAILED'|'UNSUPPORTED_IMAGE'|'ACTIVE'|'PENDING'|'SCAN_ELIGIBILITY_EXPIRED'|'FINDINGS_UNAVAILABLE',
'description': 'string'
}
}
Response Structure
(dict) --
registryId (string) --
The registry ID associated with the request.
repositoryName (string) --
The repository name associated with the request.
imageId (dict) --
An object with identifying information for an image in an Amazon ECR repository.
imageDigest (string) --
The sha256 digest of the image manifest.
imageTag (string) --
The tag used for the image.
imageScanStatus (dict) --
The current state of the scan.
status (string) --
The current state of an image scan.
description (string) --
The description of the image scan status.