-
Notifications
You must be signed in to change notification settings - Fork 320
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ECR: adding setting to enable image scanning while repo creation #300
Merged
bradrydzewski
merged 3 commits into
drone-plugins:master
from
rvoitenko:ecr_scan_on_push
Apr 6, 2021
Merged
ECR: adding setting to enable image scanning while repo creation #300
bradrydzewski
merged 3 commits into
drone-plugins:master
from
rvoitenko:ecr_scan_on_push
Apr 6, 2021
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…eation, but when repo already created
tboerger
approved these changes
Oct 8, 2020
any chances to get this merged ? |
Could we please have this merged, as we would like to use this feature also? |
robertstettner
approved these changes
Jan 19, 2021
@bradrydzewski anything stopping this PR from being merged? |
@bradrydzewski can we tag a release version of this? |
wULLSnpAXbWZGYDYyhWTKKspEQoaYxXyhoisqHf
pushed a commit
to wULLSnpAXbWZGYDYyhWTKKspEQoaYxXyhoisqHf/drone-docker
that referenced
this pull request
Oct 16, 2021
ECR: adding setting to enable image scanning while repo creation
wULLSnpAXbWZGYDYyhWTKKspEQoaYxXyhoisqHf
added a commit
to wULLSnpAXbWZGYDYyhWTKKspEQoaYxXyhoisqHf/drone-docker
that referenced
this pull request
Oct 22, 2021
rebased on master + applied the previous changes commit b96d524 Author: surtur <a_mirre@utb.cz> Date: Fri Oct 22 14:28:24 2021 +0200 chore: bump dind to 20.10.9 commit ca9cfe9 Author: surtur <a_mirre@utb.cz> Date: Tue Jun 8 22:32:45 2021 +0200 chore: bump docker to 20.10.7-dind commit 5dc2b56 Author: surtur <a_mirre@utb.cz> Date: Tue Apr 13 10:00:07 2021 +0200 chore: bump docker to 20.10.6-dind commit 6dc63b2 Author: surtur <a_mirre@utb.cz> Date: Wed Mar 17 02:35:29 2021 +0100 chore: bump docker to 20.10.5-dind commit 1ae4536 Author: surtur <a_mirre@utb.cz> Date: Wed Mar 17 01:11:36 2021 +0100 docker: add multiple different image tags rolling: * latest * edge-dind fixed to a commit: * ${DRONE_COMMIT_SHA:0:8} * ${DRONE_COMMIT_SHA:0:8}-edge-dind * ${DRONE_COMMIT_SHA:0:8}-linux-amd64 commit 6b86978 Author: surtur <a_mirre@utb.cz> Date: Wed Mar 17 02:22:36 2021 +0100 ci: use plugins/docker:linux-amd64 * bump from :18 * add repo tag for dry_run commit 2a52c7e Author: surtur <a_mirre@utb.cz> Date: Tue Mar 16 22:26:30 2021 +0100 chore: bump docker to 19.03.15-dind commit e5693c3 Author: surtur <a_mirre@utb.cz> Date: Tue Mar 16 21:53:51 2021 +0100 ci: dry-run on push+publish to immawanderer commit 07c40b4 Author: surtur <a_mirre@utb.cz> Date: Tue Mar 16 19:59:34 2021 +0100 jsonnet: thow out {arm,gcr,acr,heroku} stuff commit f005615 Author: surtur <a_mirre@utb.cz> Date: Tue Mar 16 19:26:12 2021 +0100 ci: edit .drone.yml to only build for linux-amd64 * rm windows pipelines as I don't have any windows runners * rm arm/arm64 pipelines as I don't have any arm runners * rm {ecr,acr,whatever} publish steps as we're not publishing anything just yet * tag the image under immawanderer, not the official plugins repo * run as a dry_run (cause we're not really publishing, right?) commit 6ec5e71 Merge: 88f8bf1 0911e6a Author: TP Honey <tp@harness.io> Date: Wed Oct 13 17:19:30 2021 +0100 Merge pull request drone-plugins#338 from tphoney/bump-go-1.13 (maint) bump git to 1.13 for build and test commit 0911e6a Author: TP Honey <tp@harness.io> Date: Wed Oct 13 14:49:29 2021 +0100 (maint) bump git to 1.13 for build and test commit 88f8bf1 Merge: 607b04a 2d70a1f Author: TP Honey <tp@harness.io> Date: Wed Oct 13 14:32:03 2021 +0100 Merge pull request drone-plugins#337 from tphoney/prep_v19.03.9 (maint) v19.03.9 release prep commit 2d70a1f Author: TP Honey <tp@harness.io> Date: Wed Oct 13 14:24:58 2021 +0100 (maint) v19.03.9 release prep commit 607b04a Merge: 72ef7b1 e44c2d4 Author: Eoin McAfee <83226740+eoinmcafee00@users.noreply.github.com> Date: Thu Sep 23 15:52:24 2021 +0100 Merge pull request drone-plugins#333 from jimsheldon/ecr-externalid adding support for externalId commit e44c2d4 Author: Jim Sheldon <jim.sheldon@meltwater.com> Date: Fri Sep 17 15:33:05 2021 -0400 adding support for externalId commit 72ef7b1 Author: Brad Rydzewski <bradley.rydzewski@harness.io> Date: Mon Aug 2 22:15:39 2021 -0400 log available credentials before login commit fbbeec5 Author: Brad Rydzewski <bradley.rydzewski@harness.io> Date: Mon Aug 2 21:42:22 2021 -0400 use Replace instead of ReplaceAll commit b1d8698 Author: Brad Rydzewski <bradley.rydzewski@harness.io> Date: Mon Aug 2 21:28:37 2021 -0400 print login failure reason to output commit d4cf9f2 Author: Brad Rydzewski <brad.rydzewski@gmail.com> Date: Sun Jul 11 15:50:43 2021 -0400 remove pull always commit f753800 Merge: dd359df c10d367 Author: Brad Rydzewski <brad.rydzewski@gmail.com> Date: Sun Jul 11 15:39:35 2021 -0400 Merge pull request drone-plugins#325 from drone-plugins/revert-322-update-seccomp Revert "Update seccomp to 20.10 docker" commit c10d367 Author: Brad Rydzewski <brad.rydzewski@gmail.com> Date: Sun Jul 11 15:38:04 2021 -0400 Revert "Update seccomp to 20.10 docker (drone-plugins#322)" This reverts commit dd359df. commit dd359df Author: techknowlogick <matti@mdranta.net> Date: Wed Jul 7 15:03:54 2021 -0400 Update seccomp to 20.10 docker (drone-plugins#322) * Update seccomp to 20.10 docker commit 729aa5d Merge: f08821b db5c216 Author: TP Honey <tp@harness.io> Date: Wed Jul 7 19:52:19 2021 +0100 Merge pull request drone-plugins#323 from tphoney/docker_rate_limit (maint) CI, remove the dry run steps, due to rate limiting commit db5c216 Author: TP Honey <tp@harness.io> Date: Wed Jul 7 19:37:30 2021 +0100 (maint) CI, remove the dry run steps, due to rate limiting commit f08821b Merge: 0f6bd8a 5760e7b Author: Brad Rydzewski <brad.rydzewski@gmail.com> Date: Tue Apr 6 15:55:56 2021 -0400 Merge pull request drone-plugins#300 from rvoitenko/ecr_scan_on_push ECR: adding setting to enable image scanning while repo creation commit 5760e7b Merge: 3501d9a 7ade37a Author: Roman Voitenko <r00mka@gmail.com> Date: Sat Feb 20 13:32:16 2021 +0100 Merge branch 'master' into ecr_scan_on_push commit 3501d9a Author: Roman Voitenko <roman.voitenko@konsult.atg.se> Date: Thu Oct 1 10:43:25 2020 +0200 add possibility to turn on/off image scanning not only during repo creation, but when repo already created commit d8b6b48 Author: Roman Voitenko <roman.voitenko@konsult.atg.se> Date: Wed Sep 30 23:32:23 2020 +0200 add possibility to turn on ECR image scanning for repos created by ecr plugin
wULLSnpAXbWZGYDYyhWTKKspEQoaYxXyhoisqHf
pushed a commit
to wULLSnpAXbWZGYDYyhWTKKspEQoaYxXyhoisqHf/drone-docker
that referenced
this pull request
Nov 5, 2021
ECR: adding setting to enable image scanning while repo creation
wULLSnpAXbWZGYDYyhWTKKspEQoaYxXyhoisqHf
pushed a commit
to wULLSnpAXbWZGYDYyhWTKKspEQoaYxXyhoisqHf/drone-docker
that referenced
this pull request
Feb 21, 2022
ECR: adding setting to enable image scanning while repo creation
wULLSnpAXbWZGYDYyhWTKKspEQoaYxXyhoisqHf
added a commit
to wULLSnpAXbWZGYDYyhWTKKspEQoaYxXyhoisqHf/drone-docker
that referenced
this pull request
Apr 1, 2022
rebased on master + applied the previous changes commit b96d524 Author: surtur <a_mirre@utb.cz> Date: Fri Oct 22 14:28:24 2021 +0200 chore: bump dind to 20.10.9 commit ca9cfe9 Author: surtur <a_mirre@utb.cz> Date: Tue Jun 8 22:32:45 2021 +0200 chore: bump docker to 20.10.7-dind commit 5dc2b56 Author: surtur <a_mirre@utb.cz> Date: Tue Apr 13 10:00:07 2021 +0200 chore: bump docker to 20.10.6-dind commit 6dc63b2 Author: surtur <a_mirre@utb.cz> Date: Wed Mar 17 02:35:29 2021 +0100 chore: bump docker to 20.10.5-dind commit 1ae4536 Author: surtur <a_mirre@utb.cz> Date: Wed Mar 17 01:11:36 2021 +0100 docker: add multiple different image tags rolling: * latest * edge-dind fixed to a commit: * ${DRONE_COMMIT_SHA:0:8} * ${DRONE_COMMIT_SHA:0:8}-edge-dind * ${DRONE_COMMIT_SHA:0:8}-linux-amd64 commit 6b86978 Author: surtur <a_mirre@utb.cz> Date: Wed Mar 17 02:22:36 2021 +0100 ci: use plugins/docker:linux-amd64 * bump from :18 * add repo tag for dry_run commit 2a52c7e Author: surtur <a_mirre@utb.cz> Date: Tue Mar 16 22:26:30 2021 +0100 chore: bump docker to 19.03.15-dind commit e5693c3 Author: surtur <a_mirre@utb.cz> Date: Tue Mar 16 21:53:51 2021 +0100 ci: dry-run on push+publish to immawanderer commit 07c40b4 Author: surtur <a_mirre@utb.cz> Date: Tue Mar 16 19:59:34 2021 +0100 jsonnet: thow out {arm,gcr,acr,heroku} stuff commit f005615 Author: surtur <a_mirre@utb.cz> Date: Tue Mar 16 19:26:12 2021 +0100 ci: edit .drone.yml to only build for linux-amd64 * rm windows pipelines as I don't have any windows runners * rm arm/arm64 pipelines as I don't have any arm runners * rm {ecr,acr,whatever} publish steps as we're not publishing anything just yet * tag the image under immawanderer, not the official plugins repo * run as a dry_run (cause we're not really publishing, right?) commit 6ec5e71 Merge: 88f8bf1 0911e6a Author: TP Honey <tp@harness.io> Date: Wed Oct 13 17:19:30 2021 +0100 Merge pull request drone-plugins#338 from tphoney/bump-go-1.13 (maint) bump git to 1.13 for build and test commit 0911e6a Author: TP Honey <tp@harness.io> Date: Wed Oct 13 14:49:29 2021 +0100 (maint) bump git to 1.13 for build and test commit 88f8bf1 Merge: 607b04a 2d70a1f Author: TP Honey <tp@harness.io> Date: Wed Oct 13 14:32:03 2021 +0100 Merge pull request drone-plugins#337 from tphoney/prep_v19.03.9 (maint) v19.03.9 release prep commit 2d70a1f Author: TP Honey <tp@harness.io> Date: Wed Oct 13 14:24:58 2021 +0100 (maint) v19.03.9 release prep commit 607b04a Merge: 72ef7b1 e44c2d4 Author: Eoin McAfee <83226740+eoinmcafee00@users.noreply.github.com> Date: Thu Sep 23 15:52:24 2021 +0100 Merge pull request drone-plugins#333 from jimsheldon/ecr-externalid adding support for externalId commit e44c2d4 Author: Jim Sheldon <jim.sheldon@meltwater.com> Date: Fri Sep 17 15:33:05 2021 -0400 adding support for externalId commit 72ef7b1 Author: Brad Rydzewski <bradley.rydzewski@harness.io> Date: Mon Aug 2 22:15:39 2021 -0400 log available credentials before login commit fbbeec5 Author: Brad Rydzewski <bradley.rydzewski@harness.io> Date: Mon Aug 2 21:42:22 2021 -0400 use Replace instead of ReplaceAll commit b1d8698 Author: Brad Rydzewski <bradley.rydzewski@harness.io> Date: Mon Aug 2 21:28:37 2021 -0400 print login failure reason to output commit d4cf9f2 Author: Brad Rydzewski <brad.rydzewski@gmail.com> Date: Sun Jul 11 15:50:43 2021 -0400 remove pull always commit f753800 Merge: dd359df c10d367 Author: Brad Rydzewski <brad.rydzewski@gmail.com> Date: Sun Jul 11 15:39:35 2021 -0400 Merge pull request drone-plugins#325 from drone-plugins/revert-322-update-seccomp Revert "Update seccomp to 20.10 docker" commit c10d367 Author: Brad Rydzewski <brad.rydzewski@gmail.com> Date: Sun Jul 11 15:38:04 2021 -0400 Revert "Update seccomp to 20.10 docker (drone-plugins#322)" This reverts commit dd359df. commit dd359df Author: techknowlogick <matti@mdranta.net> Date: Wed Jul 7 15:03:54 2021 -0400 Update seccomp to 20.10 docker (drone-plugins#322) * Update seccomp to 20.10 docker commit 729aa5d Merge: f08821b db5c216 Author: TP Honey <tp@harness.io> Date: Wed Jul 7 19:52:19 2021 +0100 Merge pull request drone-plugins#323 from tphoney/docker_rate_limit (maint) CI, remove the dry run steps, due to rate limiting commit db5c216 Author: TP Honey <tp@harness.io> Date: Wed Jul 7 19:37:30 2021 +0100 (maint) CI, remove the dry run steps, due to rate limiting commit f08821b Merge: 0f6bd8a 5760e7b Author: Brad Rydzewski <brad.rydzewski@gmail.com> Date: Tue Apr 6 15:55:56 2021 -0400 Merge pull request drone-plugins#300 from rvoitenko/ecr_scan_on_push ECR: adding setting to enable image scanning while repo creation commit 5760e7b Merge: 3501d9a 7ade37a Author: Roman Voitenko <r00mka@gmail.com> Date: Sat Feb 20 13:32:16 2021 +0100 Merge branch 'master' into ecr_scan_on_push commit 3501d9a Author: Roman Voitenko <roman.voitenko@konsult.atg.se> Date: Thu Oct 1 10:43:25 2020 +0200 add possibility to turn on/off image scanning not only during repo creation, but when repo already created commit d8b6b48 Author: Roman Voitenko <roman.voitenko@konsult.atg.se> Date: Wed Sep 30 23:32:23 2020 +0200 add possibility to turn on ECR image scanning for repos created by ecr plugin
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hello!
AWS has added support of automatic ECR images scanning for vulnerabilities last year(https://aws.amazon.com/about-aws/whats-new/2019/10/announcing-image-scanning-for-amazon-ecr/). This can be enabled during repo creation or for already existing repos.
I have a lot of ECR repos created by ecr-plugin via "create_repository: true" setting.
But I run into the problem when I wanted to enable image scanning on all this repos. As these repos were created/managed by ecr-plugin I think it would be mistake to manage scan setting for these repos with some other automation tool like terraform. Because this increase complexity and split management of ECR repos between two tools.
So I've added new setting scan_on_push which is false by default. When you have this setting set to true together with "create_repository: true" ecr-plugin will create repo with enabled image scanning:
Update: I have added possibility not only to enable image scanning during repo creation but for already created by ecr-plugin repos. So changing scan_on_push setting will be respected any time you change it in your pipeline.