Snyk tests and monitors your Amazon ECR container images by evaluating the tags as they are in your ECR repositories.
Prerequisites for adding images to Snyk from ECR
You must have an account with Snyk and be onboarded to your Organization by an administrator.
Ensure you have configured the integration between Snyk and your ECR repository.
Steps to add images to Snyk from ECR
Log in to your account and navigate to the relevant group and Organization you want to manage.
Go to Projects, and click Add projects. The list of integrations already configured on your account opens.
The view Which images do you want to test? opens, displaying all of the available images for the registry to which you connected, grouped by each of your repositories.
Select single or multiple images with any or all of the following methods:
Type the name of a single image for import in the Image Name field.
Select any of the repositories if you want to import all of the associated images.
Expand and collapse repositories to select multiple images.
Click Add selected repositories. A status bar appears at the top of the page as the images are imported; you can continue working in the meantime.
When the import ends, a notification of success or failure appears at the top of the page. Click Refresh to view the Projects page with the newly imported images. Images are grouped by repository and are each linked individually to a detailed Projects page.
You can now connect your Git repo to this Project in order to use your Dockerfile for enriched fix advice. For more information, see Adding your Dockerfile and testing your base image.
Amazon ECR integration works like other Snyk integrations. To continue to monitor, fix, and manage your Projects, see the relevant pages in the Snyk user documentation.
For application vulnerabilities within container images, any changes to the application will not be reflected with a manual or recurring retest. A re-import of the image is required. See Detecting application vulnerabilities in container images for more information.