Amazon ECR

To enable the integration between Amazon ECR and Snyk, we will take advantage of the Snyk: Developer-First Security on the AWS Cloud AWS Quick Start.

Snyk's integration for Amazon Elastic Container Registry (ECR) is enabled between one Amazon ECR registry and one Snyk organization. To integrate with multiple registries, create a unique Snyk organization for each registry.

Obtain your Snyk API token

From the Snyk console, navigate to Settings and under the General menu Copy your Organization ID.

Enable the integration

You have the option of establishing cross-account access to enable Snyk's Amazon ECR integration as a 1-click deployment. This options is available as an official AWS Quick Start and eliminates the need for manual configuration. By clicking on the Launch Stack button below, you will be redirected to the AWS CloudFormation console where you will be prompted to complete the following steps:

  • Create stack, click Next

  • Specify stack details, click Next

  • Configure stack options, click Next

  • Scroll to bottom section under Capabilities and check the box and click Create stack

When you are ready, click here to deploy!

The installation takes approximately 1 minute to complete.

Gathering outputs

When complete, the AWS CloudFormation template will provide two necessary values in the Outputs tab. You will copy these values.

Accessing the integrations menu

From the Snyk app, navigate to the Integrations menu then click ECR.

Inputting values

Paste the two values perviously copied from the CloudFormation console's Outputs tab into the respective fields, then click Save.

Adding images

Once successfully connected, you will receive a confirmation message and a button to Add your ECR images to Snyk. Click the button.

Scan repositories

You will be able to browse all repositories associated with the AWS region selected when the integration was enabled. Select the desired repository, then click the Add selected repositories button.

Let's proceed to the next section.