Devolutions.CIEM

0.3.28

Checks/Aws/Test-EcrRepositoriesScanVulnerabilitiesInLatestImage.ps1

                                function Test-EcrRepositoriesScanVulnerabilitiesInLatestImage {

    <#

    .SYNOPSIS

        ECR repository latest image is scanned with no vulnerabilities at or above the configured minimum severity

    .DESCRIPTION

        **Amazon ECR repositories** are assessed on the most recent pushed image to confirm a vulnerability scan exists, completed successfully, and that no results meet or exceed the configured minimum severity (e.g., `CRITICAL`, `HIGH`, `MEDIUM`).

    .PARAMETER Check

        CIEMCheck object containing check metadata.

    #>

    [CmdletBinding()]

    [OutputType([PSCustomObject[]])]

    param(

        [Parameter(Mandatory)]

        [CIEMCheck]$Check

    )

    $ErrorActionPreference = 'Stop'

    # TODO: Implement check logic based on Prowler check: ecr_repositories_scan_vulnerabilities_in_latest_image

    [CIEMScanResult]::Create($Check, 'MANUAL', 'This check requires manual implementation. See Prowler check ecr_repositories_scan_vulnerabilities_in_latest_image for reference.', 'N/A', 'ecr Resources')

}