{"id":38011356,"url":"https://github.com/jdamata/ecrgate","last_synced_at":"2026-01-16T19:20:49.040Z","repository":{"id":57520172,"uuid":"250384987","full_name":"jdamata/ecrgate","owner":"jdamata","description":"Simplify the building, pushing and scanning of docker images into AWS ECR","archived":false,"fork":false,"pushed_at":"2022-02-22T00:30:54.000Z","size":14599,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-06-20T12:43:24.606Z","etag":null,"topics":["ci","cicd","docker","ecr","security"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jdamata.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-03-26T22:23:58.000Z","updated_at":"2022-02-22T00:18:05.000Z","dependencies_parsed_at":"2022-09-05T09:41:38.100Z","dependency_job_id":null,"html_url":"https://github.com/jdamata/ecrgate","commit_stats":null,"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/jdamata/ecrgate","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jdamata%2Fecrgate","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jdamata%2Fecrgate/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jdamata%2Fecrgate/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jdamata%2Fecrgate/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jdamata","download_url":"https://codeload.github.com/jdamata/ecrgate/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jdamata%2Fecrgate/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28481675,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-16T11:59:17.896Z","status":"ssl_error","status_checked_at":"2026-01-16T11:55:55.838Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ci","cicd","docker","ecr","security"],"created_at":"2026-01-16T19:20:48.336Z","updated_at":"2026-01-16T19:20:49.023Z","avatar_url":"https://github.com/jdamata.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![CircleCI](https://circleci.com/gh/jdamata/ecrgate.svg?style=svg)](https://circleci.com/gh/jdamata/ecrgate)\n[![codecov](https://codecov.io/gh/jdamata/ecrgate/branch/master/graph/badge.svg)](https://codecov.io/gh/jdamata/ecrgate)\n[![Go Report Card](https://goreportcard.com/badge/github.com/jdamata/ecrgate)](https://goreportcard.com/report/github.com/jdamata/ecrgate)\n[![GPLv3 License](https://img.shields.io/badge/License-GPL%20v3-yellow.svg)](https://opensource.org/licenses/)\n\n# ecrgate\necrgate is used to simplify the building, pushing and scanning of docker images into AWS ECR. It can build docker images, create AWS ECR repositories, push docker images, check AWS ECR scan results, etc...\n\nThe main usage for this tool is in CI pipelines where we want to fail a pipeline if a docker image does not pass specific thresholds of vulnerabilities.\n\n## Installation\n\nLinux:\n```bash\nwget https://github.com/jdamata/ecrgate/releases/latest/download/ecrgate-linux-amd64\nchmod u+x ecrgate-linux-amd64\nmv ecrgate-linux-amd64 ~/bin/ecrgate\n```\n\nMac:\n```bash\nwget https://github.com/jdamata/ecrgate/releases/latest/download/ecrgate-darwin-amd64\nchmod u+x ecrgate-darwin-amd64\nmv ecrgate-darwin-amd64 ~/bin/ecrgate\n```\n\n## Flags\n--repo is the only required flag.\n\n```bash\n$ go run main.go --help\nBuild, push and gate docker image promotion to ECR\n\nUsage:\n  ecrgate [flags]\n\nFlags:\n  -a, --accounts strings    List of AWS account ids to allow pulling images from\n  -c, --clean               Delete image from ECR if scan fails threshold\n      --critical int        Acceptable threshold for CRITICAL level results\n  -d, --dockerfile string   Path to Dockerfile (default \"./Dockerfile\")\n  -h, --help                help for ecrgate\n  -i, --image               Existing docker image to pull down instead of building a new one\n      --high int            Acceptable threshold for HIGH level results (default 3)\n      --info int            Acceptable threshold for INFORMATIONAL level results (default 25)\n      --low int             Acceptable threshold for LOW level results (default 10)\n      --medium int          Acceptable threshold for MEDIUM level results (default 5)\n  -r, --repo string         ECR repo to create and push image to\n  -t, --tag string          Docker tag to build (default \"latest\")\n  -s, --disable_scan        Skip checking AWS ECR scan results\n      --version             version for ecrgate\n```\n\n## Examples\n\n```bash\n# Use ecrgate defaults and local dir for Dockerfile\necrgate --repo joel-test\n\n# Specify path to Dockerfile, docker tag and delete image on failed scan\necrgate --repo joel-test --dockerfile example/ --tag $(git describe --abbrev=0 --tags) --clean\n\n# Specify threshold levels\necrgate --repo joel-test --dockerfile example/ --tag $(git rev-parse --short HEAD) --clean \\ \n  --info 10 --low 5 --medium 3 --high 2 --critical 1\n\n# Use a remote image instead of building a local one\necrgate --repo ingress-nginx --image quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.30.0\n```\n\n## Requirements\n- Docker\n- AWS credentials\n\nSample IAM policy:\n```\n{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Sid\": \"Stmt1585513157885\",\n      \"Action\": [\n        \"ecr:BatchDeleteImage\",\n        \"ecr:CreateRepository\",\n        \"ecr:DescribeImageScanFindings\",\n        \"ecr:DescribeRepositories\",\n        \"ecr:GetAuthorizationToken\",\n        \"ecr:PutImageScanningConfiguration\",\n        \"ecr:PutImageTagMutability\"\n      ],\n      \"Effect\": \"Allow\",\n      \"Resource\": \"*\"\n    }\n  ]\n}\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjdamata%2Fecrgate","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjdamata%2Fecrgate","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjdamata%2Fecrgate/lists"}