In order to scan images, it is required to have the proper permissions to pull them from your account and perform the scanning on our computing resources. The ARN is the Amazon Resource Name that includes permissions that allow us to pull the image.
By default, running the Lambda Stack that we provide as part of the registry setup page gives us permission to pull all the images from your account. These permissions do not allow us to push images to your registry. If you wish to reduce the scope of images that we can scan, you can provide an ARN whose scope includes only the desired images.