cdk-teams-webhook-handler v0.2.13

cdk-ecr-image-scan-handler

Get automated email notifications from vulnerable ECR images.

Usage

In your ECR repository setup, create a SNS topic:

  const onImageScanCompletedTopic = new sns.Topic(stack, 'RepositoryScanTopic', {
    topicName: 'ecr-repository-scan-completed-topic',
    displayName: 'Notifications about ECR Repository scans',
  });

Hook each ECR repository to that topic:

  const ecrRepository = new ecr.Repository(stack, 'DemoEcrRepository', {
    repositoryName: name,
    imageScanOnPush: true,
  });
  ecrRepository.onImageScanCompleted('DemoScanCompleted', {
    target: new targets.SnsTopic(onImageScanCompletedTopic),
  });

To get reports about vulnerabilities, set up the handler for the previously created topic:

import { EcrImageScanResultHandler } from 'cdk-ecr-image-scan-handler';

const mockApp = new App();
const stack = new Stack(mockApp, 'app-stack');

new EcrImageScanResultHandler(stack, 'ecr-scan-result-handler', {
  fromAddress: 'from@address.com', // Use SES for validating the addresses
  toAddress: 'to@address.com',
  notificationTopicArn: 'arn:aws:sns:eu-central-1:112233445566:ecr-repository-scan-completed-topic',
});