AWS Security ChangesHomeSearch

AWS inspector documentation change

Service: inspector · 2025-11-22 · Documentation low

File: inspector/latest/user/scanning_resources_configure_duration_setting_ecr.md

Summary

Added section explaining ECR image state requirements (ACTIVE status) for scanning

Security assessment

Documents existing scanning limitations rather than fixing security issues. Provides important context about security coverage boundaries.

Diff

diff --git a/inspector/latest/user/scanning_resources_configure_duration_setting_ecr.md b/inspector/latest/user/scanning_resources_configure_duration_setting_ecr.md
index 4df455174..56c9ee2ef 100644
--- a//inspector/latest/user/scanning_resources_configure_duration_setting_ecr.md
+++ b//inspector/latest/user/scanning_resources_configure_duration_setting_ecr.md
@@ -4,0 +5,2 @@
+Understanding ECR container image states
+
@@ -75,0 +78,6 @@ The image push date duration determines how long Amazon Inspector will continuou
+## Understanding ECR container image states
+
+Inspector only scans `ACTIVE` images in ECR container images. ECR container images in an `ARCHIVED` status are not scanned. To learn more about scanning behaviors, see [Scan behaviors for Amazon ECR scanning](./scanning-ecr.html#ecr-scan-behavior). 
+
+When an ECR container image's image status in ECR transitions to `ACTIVE`, Inspector uses the `lastActivatedAt` field to monitor rescan duration. 
+