AWS inspector documentation change
Summary
Added section explaining ECR image state requirements (ACTIVE status) for scanning
Security assessment
Documents existing scanning limitations rather than fixing security issues. Provides important context about security coverage boundaries.
Diff
diff --git a/inspector/latest/user/scanning_resources_configure_duration_setting_ecr.md b/inspector/latest/user/scanning_resources_configure_duration_setting_ecr.md index 4df455174..56c9ee2ef 100644 --- a//inspector/latest/user/scanning_resources_configure_duration_setting_ecr.md +++ b//inspector/latest/user/scanning_resources_configure_duration_setting_ecr.md @@ -4,0 +5,2 @@ +Understanding ECR container image states + @@ -75,0 +78,6 @@ The image push date duration determines how long Amazon Inspector will continuou +## Understanding ECR container image states + +Inspector only scans `ACTIVE` images in ECR container images. ECR container images in an `ARCHIVED` status are not scanned. To learn more about scanning behaviors, see [Scan behaviors for Amazon ECR scanning](./scanning-ecr.html#ecr-scan-behavior). + +When an ECR container image's image status in ECR transitions to `ACTIVE`, Inspector uses the `lastActivatedAt` field to monitor rescan duration. +