To start scanning container images with DTA or with VS services you first need to connect an image registry to scan images from.
Note: Currently, Aqua VS scans container images only in AWS Elastic Container Registry (ECR) registries. More registries will be supported soon.
Connect an AWS ECR registry
- Go to the “Aqua DTA > Registries” or “Aqua VS > Registries” screen.
- Click on “Connect a Registry”.
- Use our CloudFormation stack to create cross account access from your AWS account to the desired service.
- Once the CloudFormation stack is done, go to the output screen in AWS and copy output string that represent your Registries ARN and paste it in the “Connect a Registry” screen.
- Once you set up a registry it will appear in the Registries screen after several minutes. Images that are in the scope of the ARN will be scanned and appear in the Images screen.
- The service will automatically re-scan the registry for new images. In addition, previously scanned images in Aqua VS service will be re-scanned to ensure you have the latest results.
- Image scanning takes place in the background. Its duration may vary depending on factors such as image size, number of resources, AWS region network, and others. When scanning a registry, it is recommended that you wait 24 hours before reviewing the results.
- During the early preview of the Secure the Build services, only part of the images will be scanned from your account registries