ECR

Amazon Elastic Container Registry (ECR) is a Docker container registry that allows developers to store, manage, and deploy Docker container images.

Usage of ECR in Delivery Shield

  • Delivery Shield gets notified for every build run in a pipeline. To identify the image for every build, it connects to the ECR repo and pulls the newly built image.

  • Once the image is pulled, it runs security scans on it. The scanned results are available in the Vulnerability Management page, and Artifact section of the DBOM page.

  • Delivery Shield also collects metadata such as Artifact SHA to perform artifact integrity checks and ensure the security in the supply chain. This information gets populated in the DBOM page for audit purposes.

To Integrate ECR in Delivery Shield:

  1. Navigate to Config > Integrations.

  2. In the Artifact panel, click on ECR.

You can use the toggle button provided below the integration tile to enable or disable it as needed.

  1. The ECR integration page is displayed.

  2. Click +New Account.

  1. Enter the Account Name, Approved Artifact Repo name, AWS AccessKey, AWS SecretKey, Region and Host Url.

  • Account Name - The name of the user docker account.

  • Approved Artifact Repo name - The name of the approved artifact repository from which the images are deployed. Security issues are raised by SSD if you try to deploy images from a different repository.

  • Host Url - The Host Url for the given account.

  1. Click Save. The ECR account gets added.

  2. You can edit the entered values. Click the three dots provided at the end of each added account. Click Edit.

  1. Enter the new values and click Update.

The new values get updated.

PreviousQuayNextDocker

Last updated