{"id":25428344,"url":"https://github.com/homoluctus/ecranner","last_synced_at":"2025-10-31T17:30:33.570Z","repository":{"id":57425533,"uuid":"210656177","full_name":"homoluctus/ecranner","owner":"homoluctus","description":"Scan the vulnerability of Docker images stored in ECR","archived":false,"fork":false,"pushed_at":"2019-10-07T04:33:43.000Z","size":1411,"stargazers_count":3,"open_issues_count":0,"forks_count":1,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-02-12T03:37:13.034Z","etag":null,"topics":["aws","docker","ecr","python","security","trivy"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/homoluctus.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-09-24T17:06:48.000Z","updated_at":"2023-04-15T20:04:39.000Z","dependencies_parsed_at":"2022-08-29T22:51:08.659Z","dependency_job_id":null,"html_url":"https://github.com/homoluctus/ecranner","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/homoluctus%2Fecranner","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/homoluctus%2Fecranner/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/homoluctus%2Fecranner/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/homoluctus%2Fecranner/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/homoluctus","download_url":"https://codeload.github.com/homoluctus/ecranner/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239221262,"owners_count":19602378,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","docker","ecr","python","security","trivy"],"created_at":"2025-02-17T01:38:35.525Z","updated_at":"2025-10-31T17:30:33.480Z","avatar_url":"https://github.com/homoluctus.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ECRanner\n\n![](https://github.com/homoluctus/ecranner/workflows/Test/badge.svg)\n![GitHub release (latest by date including pre-releases)](https://img.shields.io/github/v/release/homoluctus/ecranner?include_prereleases)\n![GitHub](https://img.shields.io/github/license/homoluctus/ecranner)\n\nThis is that scan the vulnerability of Docker images stored in ECR.\u003cbr\u003e\n\n# Table of contents\n- [Feature](#feature)\n- [Get Started](#get-started)\n  - [Install Prerequirements](#install-prerequirements)\n  - [Install ECRanner](#install-ecranner)\n  - [Write ecranner.yml](#write-ecranner.yml)\n  - [Execute](#execute)\n- [Command options](#command-options)\n- [Configuration Parameter](#configuration-parameter)\n  - [v1.0](#v10)\n\n# Feature\n- Pull Docker Image From ECR\n- Support multi account\n- Vulnerability Scan\n  - [Trivy](https://github.com/aquasecurity/trivy) detects software (OS package and application library) vulnerabilities in Docker Image\n- Slack Integration\n  - Push vulnerability information to Slack. Slack UI is as following:\n\n    \u003cimg src=\"https://raw.githubusercontent.com/homoluctus/ecranner/master/slack_ui.png\" alt=\"Slack-UI\" width=\"70%\"\u003e\n\n# Get Started\n## Install Prerequirements\n\n- [Trivy](https://github.com/aquasecurity/trivy)\n- Git (Used with Trivy)\n\n## Install ECRanner\n\n```\npip install ecranner\n```\n\n## Write ecranner.yml\n\nA `ecranner.yml` looks like this:\n\n```\naws:\n  stg:\n    account_id: xxxxxxxxx\n    region: us-east-1\n    aws_access_key_id: xxxxxxxxx\n    aws_secret_access_key: xxxxxxxxx\n    images:\n      - image:latest\n      - image:1.0-dev\n  prod:\n    account_id: xxxxxxxxx\n    region: us-east-1\n    aws_access_key_id: xxxxxxxxx\n    aws_secret_access_key: xxxxxxxxx\n    images:\n      - image:1.4\n      - image:5.3\n\ntrivy:\n  path: ~/user/.local/bin/trivy\n  options: --severity CRITICAL -q\n```\n\n## Execute\n\n```\necranner\n```\n\nYou execute the above and then output the scan result to the console as follows:\n\n```\n[ { 'Target': 'image_name:latest'\n              '(alpine 3.10.1)',\n    'Vulnerabilities': [ { 'Description': 'aa_read_header in '\n                                          'libavformat/aadec.c in FFmpeg '\n                                          'before 3.2.14 and 4.x before 4.1.4 '\n                                          'does not check for sscanf failure '\n                                          'and consequently allows use of '\n                                          'uninitialized variables.',\n                           'FixedVersion': '4.1.4-r0',\n                           'InstalledVersion': '4.1.3-r1',\n                           'PkgName': 'ffmpeg',\n                           'References': [ 'https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.1.4',\n                                           'https://github.com/FFmpeg/FFmpeg/commit/ed188f6dcdf0935c939ed813cf8745d50742014b',\n                                           'https://github.com/FFmpeg/FFmpeg/compare/a97ea53...ba11e40',\n                                           'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12730',\n                                           'http://www.securityfocus.com/bid/109317',\n                                           'https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/9b4004c054964a49c7ba44583f4cee22486dd8f2'],\n                           'Severity': 'HIGH',\n                           'Title': '',\n                           'VulnerabilityID': 'CVE-2019-12730'}\n```\n\n# Command options\n\n|option|required|default|description|\n|:--:|:--:|:--:|:--|\n|-f, --file|false|`./ecranner.yml`|Filepath to configuration in YAML.\u003cbr\u003eSpecify this option if you change configuration filename.|\n|--env-file|false|`./.env`|Specify .env file path.\u003cbr\u003eAutomatically load .env file if this file is found in current directory.|\n|--slack|false|N/A|Send the scan result to Slack.\u003cbr\u003eIf you use this option, set incoming webhooks url as system environment variable like this:\u003cbr\u003e`export SLACK_WEBHOOK=https://xxxxxxxxxx`|\n|--rm|false|N/A|Remove images after scan with Trivy.|\n|-q, --quiet|false|N/A|Suppress logging message.|\n|--no-cache|false|N/A|***Implement in the future, so you can not use this option***\u003cbr\u003eDisable to store cache.\u003cbr\u003eThis command does not use cache, but Trivy command use cache.|\n|-h, --help|false|N/A|Show command option usage.|\n\n# Configuration Parameter\nSpecify to use parameter in `ecranner.yml`.\n\n## v1.0\n\n\u003cdetails\u003e\n\u003csummary\u003eVersion 1.0 configuration parameters\u003c/summary\u003e\n\n# ToC\n- [version](#version)\n- [aws](#aws)\n  - [aws.\\\u003cid\\\u003e](#awsid)\n  - [aws.\\\u003cid\\\u003e.account_id](#awsidaccount_id)\n  - [aws.\\\u003cid\\\u003e.region](#awsidregion)\n  - [aws.\\\u003cid\\\u003e.aws_access_key_id](#awsidaws_access_key_id)\n  - [aws.\\\u003cid\\\u003e.aws_secret_access_key](#awsidaws_secret_access_key)\n  - [aws.\\\u003cid\\\u003e.images](#awsidimages)\n- [trivy](#trivy)\n  - [trivy.path](#trivypath)\n  - [trivy.options](#trivyoptions)\n\n# Configuration Parameter\n## `version`\nSpefify version `1.0` as follows:\n\n```yaml\nversion: '1.0'\n```\n\n## `aws`\nFirst, declare that this configuration is for AWS.\n\n## `aws.\u003cid\u003e`\n`\u003cid\u003e` must be unique.\u003cbr\u003e\nYou are free to decide which word is `\u003cid\u003e`.\n\n## `aws.\u003cid\u003e.account_id`\nYour AWS account ID.\n\n## `aws.\u003cid\u003e.region`\nSpecify the region where docker images to be pulled is stored.\n\n## `aws.\u003cid\u003e.aws_access_key_id`\nYour IAM user's AWS access key ID.\u003cbr\u003e\nAbsolutely, you should not use AWS Root account for ECRanner.\n\n## `aws.\u003cid\u003e.aws_secret_access_key`\nYour IAM user's AWS secret access key.\n\n## `aws.\u003cid\u003e.images`\nSpecify docker images that you want to pull.\u003cbr\u003e\nPull docker image with `latest` tag if not specify tag.\n\n```yaml\naws:\n  # omit\n  images:\n    - alpine:3.10\n    - ubuntu:18.04\n```\n\n## `trivy`\nSet configuration for Trivy command.\n\n## `trivy.path`\nSpecify the path of trivy command.\u003cbr\u003e\nYou does not need to specify the path if trivy is installed in $PATH.\n\n## `trivy.options`\nSet trivy command options as a one line string.\u003cbr\u003e\nTo send the scan result to Slack, the `-f json` option is already set.\u003cbr\u003e\nYou can specify all options except this option.\u003cbr\u003e\nPlease see [Trivy documentation](https://github.com/aquasecurity/trivy#examples) in details.\n\n```yaml\ntrivy:\n  options: --severity HIGH,CRITICAL -q --clear-cache\n```\n\u003c/details\u003e","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhomoluctus%2Fecranner","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhomoluctus%2Fecranner","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhomoluctus%2Fecranner/lists"}