Ingest Amazon ECR vulnerability findings and scan events
Latest DynatracePreview
In the following, you'll learn how to ingest container vulnerability findings and scan events from AWS Elastic Container Registry (ECR) into Grail and analyze them on the Dynatrace platform.
Goal
Get insights from Dynatrace for Amazon ECR vulnerability findings.
Easily work with your data on the Dynatrace platform.
How it works
Be sure to check Prerequisites before getting started.
1. Container images are scanned
Details
Container image vulnerabilities are automatically reported in Amazon ECR.
Action required
Set up the desired Amazon ECR scan type. You have two options:
You feed the data from Amazon ECR into Grail via our security events OpenPipeline ingest endpoint, using an event forwarder that you can easily set up with an AWS CloudFormation template provided by Dynatrace.
The DynatraceDomain variable with your actual domain name
optional You can customize the DynatraceOpenPipelineEndpointPath variable. If not set, it defaults to /platform/ingest/v1/events.security?type=container_finding&provider_product=aws_ecr.
The DynatraceDomain variable with your actual domain name
optional You can customize the following variables:
DynatraceOpenPipelineEndpointPath: Defines the OpenPipeline endpoint path. If not set, it defaults to /platform/ingest/v1/events.security.
AwsInspectorResourceTypes: Defines for which resource types the Lambda function sends events to Dynatrace. You can provide multiple resource types with a comma-separated list. If not set, it defaults to AWS_ECR_CONTAINER_IMAGE.
Use our sample dashboard or create specific queries to discover container scanning gaps and eliminate blind spots in your Software Development Lifecycle (SDLC)