ecr_scan_reporter package ¶

Submodules ¶

ecr_scan_reporter.cli module ¶

Console script for ecr_scan_reporter.

ecr_scan_reporter.cli. main ( ) [source] ¶: Console script for ecr_scan_reporter.

ecr_scan_reporter.common module ¶

ecr_scan_reporter.common. chunked_iterable ( iterable , size ) [source] ¶

Function to make chunks from iterable type Source

Parameters

iterable –
size –

Returns

ecr_scan_reporter.ecr_scan_reporter module ¶

ecr_scan_reporter.ecr_scan_reporter. import_thresholds ( ) [source] ¶: Function to set thresholds from env vars or use from default :return:

ecr_scan_reporter.ecr_scan_reporter. parse_scan_report ( event , thresholds ) [source] ¶

Parameters

event ( dict ) –
thresholds ( dict ) –

Returns

ecr_scan_reporter.images_scanner module ¶

Module to define images to scan.

ecr_scan_reporter.images_scanner. define_images_to_scan ( images , duration_override = None , duration_env_key = None ) [source] ¶

Return the list of images that need to get a scan started

Parameters

images ( list ) –
duration_override ( str ) –
duration_env_key ( str ) –

Returns

List of images past the timestamp

Return type

list

ecr_scan_reporter.images_scanner. get_duration ( duration_exp = None , env_key = None ) [source] ¶

Function to define the time delta

Parameters

duration_exp ( str ) –
env_key ( str ) –

Returns

ecr_scan_reporter.images_scanner. list_all_images ( repo_name , images = None , next_token = None , ecr_session = None ) [source] ¶

Retrieves all the images of a given repository

Parameters

repo_name ( str ) –
images –
next_token –
ecr_session ( boto3.session.Session ) –

Returns

ecr_scan_reporter.images_scanner. scan_repo_images ( repo , repo_images = None , duration_override = None , no_scan_images = False , ecr_session = None ) [source] ¶

ecr_scan_reporter.images_scanner. trigger_images_scan ( repo_name , images_to_scan , ecr_session = None ) [source] ¶

Function to trigger the image scanning

Parameters

repo_name ( str ) – Name of the repository in your account registry
images_to_scan ( list ) – List of images to get a scan started for
ecr_session ( boto3.session.Session ) – override session

Returns

ecr_scan_reporter.images_scanner. update_all_images_timestamp ( repo_name , source_images , batch = False , ecr_session = None ) [source] ¶

Function to describe images to retrieve additional information (imagePushedAt) to then be able to evaluate whether we want to scan that image

Parameters

repo_name ( str ) –
source_images ( list ) –
batch ( bool ) –
ecr_session ( boto3.session.Session ) –

ecr_scan_reporter.images_scanner. update_image_info ( image , detail ) [source] ¶

Function to update the image definition to UHD - Utterly Helpful Definition

Parameters

image ( dict ) –
detail ( dict ) –

Returns

ecr_scan_reporter.lambda_functions module ¶

Lambda function handler

ecr_scan_reporter.lambda_functions. findings_handler ( event , context ) [source] ¶

Entry point fo lambda function

Parameters

event ( dict ) –
context –

Returns

ecr_scan_reporter.lambda_functions. format_mail_message ( reason , report ) [source] ¶

Function to format a nice mail message with the breakdown of findings and thresholds

Parameters

reason ( str ) –
report ( tuple ) –

Returns

The mail string

Return type

str

ecr_scan_reporter.lambda_functions. repo_images_scanning_handler ( event , context ) [source] ¶

Lambda handler triggered by SQS Jobs getting into the queue

Parameters

event ( dict ) –
context ( dict ) –

ecr_scan_reporter.lambda_functions. scans_job_handler ( event , context ) [source] ¶

Entry point for lambda function that will list the repositories and if SQS is defined, will dispatch singular scanning jobs.

Parameters

event ( dict ) –
context ( dict ) –

Returns

ecr_scan_reporter.repos_scanner module ¶

Main module.

ecr_scan_reporter.repos_scanner. filter_repos_from_regexp ( repos_list , repos_names_filter = None ) [source] ¶

Function to filter repositories based their name and a regular expression

Parameters

repos_list –
repos_names_filter –

Returns

ecr_scan_reporter.repos_scanner. job_dispatcher ( queue_url , repos , sqs_session = None ) [source] ¶

Sends a new job in SQS to distribute the images listing and scan for a given repository

Parameters

queue_url ( str ) –
repos ( list [ dict ] ) –
sqs_session ( boto3.session.Session ) –

Returns

ecr_scan_reporter.repos_scanner. list_ecr_repos ( repos = None , next_token = None , ecr_session = None ) [source] ¶

Function to retrieve all the ECR repositories

Parameters

repos –
next_token –
ecr_session ( boto3.session.Session ) –

Returns

ecr_scan_reporter.services_scanner module ¶

ecr_scan_reporter.services_scanner. build_services_images_registries ( roles = None , lambda_session = None ) [source] ¶

ecr_scan_reporter.services_scanner. handle_ecs_discovery ( roles = None , lambda_session = None ) [source] ¶

ecr_scan_reporter.services_scanner. list_all_task_definitions ( definitions = None , next_token = None , ecs_session = None ) [source] ¶

Simple recursive function to list all the task definitions into an account+region.

Parameters

definitions ( list ) –
next_token ( str ) –
ecs_session ( boto3.session.Session ) –

Returns

list of active task definitions

Return type

list

ecr_scan_reporter.services_scanner. list_container_definitions_images ( task_definition , ecs_session = None ) [source] ¶

Simple function to list the images of a given task definition

Parameters

task_definition ( str ) –
ecs_session ( boto3.session.Session ) –

Returns

list of images

Return type

list

ecr_scan_reporter.services_scanner. transform_image_description ( images ) [source] ¶: Function to update all images based on URL to get tag/digest etc. :param list[str] images: :return:

Module contents ¶

Top-level package for ECR Scan Reporter.