Comments (6)
Hi @oallauddin thanks for reaching out. The AWS CLI describe-image-scan-findings involves a call to the underlying DescribeImageScanFindings API. Therefore this issue relates to the API results rather than the CLI directly.
In the Response Syntax for the API it shows results for findings
in addition to enhancedFindings
. Do the results you're expecting show up there?
Or if there is an inconsistency between the console and API results, can you also confirm that you're using the same account for both?
from aws-cli.
Hi @tim-finnigan ,
Yes. I am using the same AWS account for both.
There is inconsistency between the AWS console and API results.
The recommendation text in the API response appears to be the only thing not matching the AWS console.
All findings in the API response have a recommendation text of "None Provided".
Our ECR registry is using enhanced scanning.
I am trying to pull and display the recommendation text for each AWS inspector finding.
The API response returns an array of EnhancedImageScanning objects (enhancedFindings) when using enhanced scanning.
The Remediation and Recommendation objects are only available in an EnhancedImageScanning object.
https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_EnhancedImageScanFinding.html
https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_Remediation.html
https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_Recommendation.html
from aws-cli.
Thanks for confirming. I think we will need to reach out to the ECR team regarding this issue, as they own the underlying APIs. Before forwarding this to them, could you just provide your debug logs (with sensitive info redacted) by adding--debug
to the command? That could help with further investigation and understanding of the issue.
from aws-cli.
I reached out to AWS admins and they have started AWS support issue.
from aws-cli.
I am going to close this issue since it not AWS CLI related and is an issue with the API.
For the moment it appears we will have to use inspector2 list-findings.
AWS support is stilling looking into why the Remediation recommendation is always "None Provided".
AWS support is reaching out to the ECR and Inspector teams.
aws inspector2 list-findings --filter-criteria '{"ecrImageRepositoryName":[{"comparison":"EQUALS","value":"image-namespace/image-name"}],"ecrImageTags":[{"comparison":"EQUALS","value":"1.0.0"}]}'
The Inspector API version of the VulnerablePackage object seems to be the only way to get remediation information for a vulnerability at the moment.
Inspector API
https://docs.aws.amazon.com/inspector/v2/APIReference/API_VulnerablePackage.html
ECR API
https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_VulnerablePackage.html
Remediation object in both Inspector API and ECR API appears to always have recommendation value of "None Provided".
Inspector API
https://docs.aws.amazon.com/inspector/v2/APIReference/API_Remediation.html
ECR API
https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_Remediation.html
from aws-cli.
This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.
from aws-cli.
Related Issues (20)
- sso-region incorrect HOT 1
- Alpine 3.20 release HOT 8
- cannot import name 'SSOTokenFetcher' from 'botocore.utils' (C:\Python\Python310\lib\site-packages\botocore\utils.py) HOT 1
- Assume Role With Web Identity doesn't respect region HOT 3
- libpython3.11.so.1.0: pwritev2: symbol not found HOT 3
- Duplicate Example headings - sync HOT 1
- Segmentation Fault on ArmV8 with Crypto Extensions HOT 2
- Inaccurate AWS Bedrock User Guide HOT 3
- ec2 subcommand fails when given --tag-specifications HOT 1
- aws cli glue HOT 2
- ec2 modify-instance-attribute not working with binary file (fileb://) HOT 2
- 'aws configure get' should support sso-session configurations HOT 2
- trailing semicolon in login URL in aws sso login not friendly for recognization or click HOT 3
- sqs commands seem to ignore `AWS_ENDPOINT_URL` HOT 3
- aws cli can't connect to any region/endpoint and throws Bad file descriptor HOT 1
- `aws sesv2 list-contacts` returns an empty result when filtering with `FilteredStatus=OPT_OUT`
- Health uses invalid endpoints when region is set HOT 2
- `SSL validation` error occurs when uploading large (500GB) file HOT 1
- `AWS_USE_FIPS_ENDPOINT` should handle non-existing fips endpoints HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aws-cli.