Show vulnerable ECR images in use #75
Description
Is your feature request related to a problem? Please describe.
Images stored in ECR are scanned with Inspector2 for security vulnerabilities. When new vulnerabilities are detected in images, I would like to know which of the affected images are currently in use in any of the deployed EKS clusters. This will help evaluate the attack surface and prioritize the efforts for remediating the security threats.
Describe the solution you'd like
As a part of the security pattern configuring container image vulnerability scanning with Amazon inspector, we can create an EventBridge event that will be triggered every time a new EKS cluster is created. The event will asynchronously invoke an Orchestrator Lambda that will create an Image-Verifier Lambda function specific to a particular EKS cluster. The Image-Verifier Lambda function will be invoked every time a new vulnerability is detected by Inspector2 and will check if any of the affected images are currently in use in a specific EKS cluster. In case the image is in use, the Image-Verifier Lambda will use SNS to notify interested parties.
Describe alternatives you've considered
We can utilize partner solutions as an alternative.
Additional context
Add any other context or screenshots about the feature request here.