Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"aws ecr describe-image-scan-findings --max-items" does not work for enhanced image scan configuration #8661

Closed
twhiteman opened this issue May 1, 2024 · 4 comments
Closed

"aws ecr describe-image-scan-findings --max-items" does not work for enhanced image scan configuration #8661

twhiteman opened this issue May 1, 2024 · 4 comments
Assignees
@tim-finnigan
Labels
bug This issue is a bug. ecr paginator service-api This issue is due to a problem in a service API, not the SDK implementation.

Comments

@twhiteman
Copy link

Describe the bug

I have enabled ECR enhanced image scanning and I have an image that has been pushed and scanned, which contains 4 vulnerabilities (as shown in the ECR console UI).

If I run the following command everything works as expected (it returns all 4 vulnerabilities):

$ aws ecr describe-image-scan-findings --repository-name REPO --image-id imageTag=IMAGETAG | jq '.imageScanFindings.enhancedFindings | length'
4

If I add --max-items CLI parameter, it returns more than I asked for (it returns 4 vulnerabilities, expected 2):

$ aws ecr describe-image-scan-findings --repository-name REPO --image-id imageTag=IMAGETAG --max-items 2  | jq '.imageScanFindings.enhancedFindings | length'
4

Expected Behavior

See description.

Current Behavior

See description.

Reproduction Steps

See description.

Possible Solution

No response

Additional Information/Context

No response

CLI version used

aws-cli/2.15.43 Python/3.11.8 Linux/6.2.0-35-generic exe/x86_64.ubuntu.22 prompt/off

Environment details (OS name and version, etc.)

Linux Ubuntu 22.04
@twhiteman twhiteman added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels May 1, 2024
@tim-finnigan tim-finnigan self-assigned this May 3, 2024
@tim-finnigan
Copy link
Contributor

tim-finnigan commented May 3, 2024
edited
Loading

Hi @twhiteman thanks for reaching out. Here is the describe-image-scan-findings documentation for reference.

I believe the issue here is that enhancedFindings in the API response is a nested list under imageScanFindings, so --max-items won't get applied directly. I think this command accomplishes what you're trying to do:

aws ecr describe-image-scan-findings --repository-name aws-batch-demo --image-id imageTag=latest | jq '.imageScanFindings.enhancedFindings | .[:2]'

For more information on how --max-items is used you can refer to the CLI pagination documentation. I think the DescribeImageScanFindings API is somewhat unique compared to other APIs in that it includes both enhancedFindings and basic findings in the response output.

I actually reached out to the ECR team a while back (tracked in aws/aws-sdk#370) asking for clarification on how maxResults gets applied. It looks like that clarification was never added so I just reached out again regarding that.

@tim-finnigan tim-finnigan added service-api This issue is due to a problem in a service API, not the SDK implementation. paginator ecr response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. and removed needs-triage This issue or PR still needs to be triaged. labels May 3, 2024
@amberkushwaha
Copy link

aws ecr image describe scan for the main portal values in it paste drop or click to add files in it.security policy.labels in it are also different foer differen traige and vogue files of it.302029 is still in the bandage process do verifythe settings in it for further initiation and prototype bounding courses in it.

@github-actions github-actions bot removed the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label May 7, 2024
@tim-finnigan
Copy link
Contributor

I'm not clear on the comment above but it looks like this issue can be closed, as my earlier comment provides a workaround and describes why --max-items isn't getting applied. If further clarity is needed here please use the Provide feedback link on the API documentation page or CLI pagination page

@github-actions GitHub Actions
Copy link

github-actions bot commented May 7, 2024

This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tim-finnigan tim-finnigan

Labels
bug This issue is a bug. ecr paginator service-api This issue is due to a problem in a service API, not the SDK implementation.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@twhiteman @tim-finnigan @amberkushwaha