mdespriee · July 13, 2023 18:11
diff --git a/list_ecr_images_vulnerabilities.sh b/list_ecr_images_vulnerabilities.sh
 #!/bin/bash

 repositories=$(aws ecr describe-repositories | jq -r '.repositories[].repositoryName')

 for repo in $repositories
 do
    # latest image, having a version tag
    latest_image=$(aws ecr describe-images --repository-name $repo --query 'sort_by(imageDetails,& imagePushedAt)[*]' |  jq -r '.[] | select(.imageTags[] | startswith("v")) | "imageDigest=\(.imageDigest),imageTag=\(.imageTags[0])"' 2>/dev/null | tail -n 1 )

    if [ -z "$latest_image" ]; then
        continue
    fi

    echo $repo $latest_image
    findings=$(aws ecr describe-image-scan-findings --repository-name $repo --image-id $latest_image | jq '.imageScanFindings.findingSeverityCounts' )

    echo $findings

 done
	#!/bin/bash

	repositories=$(aws ecr describe-repositories \| jq -r '.repositories[].repositoryName')

	for repo in $repositories
	do
	# latest image, having a version tag
	latest_image=$(aws ecr describe-images --repository-name $repo --query 'sort_by(imageDetails,& imagePushedAt)[*]' \| jq -r '.[] \| select(.imageTags[] \| startswith("v")) \| "imageDigest=\(.imageDigest),imageTag=\(.imageTags[0])"' 2>/dev/null \| tail -n 1 )

	if [ -z "$latest_image" ]; then
	continue
	fi

	echo $repo $latest_image
	findings=$(aws ecr describe-image-scan-findings --repository-name $repo --image-id $latest_image \| jq '.imageScanFindings.findingSeverityCounts' )

	echo $findings

	done