I have tried to automate ECR image scanning using AWS CLI. But I was stuck in the scanning step. When I call aws ecr start-image-scan, it starts the scanning. But how I know the scanning is finish. My images are large and it takes few minutes. Could someone help me to figure out this. I am using Python
It is simple. You have to call aws ecr wait image-scan-complete api call after you start the scanning.
This aws ecr wait image-scan-complete command will wait till the scan is completed.
def wait_scan_results(repo_name, image_Digest):
wait_scan_cmd = f"aws ecr wait image-scan-complete --repository-name {repo_name} --image-id imageDigest={image_Digest}"
wait_scan = subprocess.Popen(wait_scan_cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, shell=True)
wait_scan.stdout.read().decode('utf-8')
Please check https://www.youtube.com/watch?v=D5Aaj2uPeeo , this shows how to automate ECR image scanning from A to Z using Python