Automate container image security and vulnerability scanning evidence collection. Track image vulnerabilities, access controls, and compliance status for SOC 2, ISO 27001, PCI-DSS, and HIPAA.
Continuous container security and compliance evidence collection
Read-only IAM role with ECR permissions
Create a read-only IAM role with ECR permissions including ecr:DescribeImages, ecr:DescribeRepositories, ecr:GetLifecyclePolicy, and ecr:DescribeImageScanFindings.
Configure enhanced scanning with Amazon Inspector and enable scan on push for automated vulnerability detection. Review scanning configuration for existing repositories.
Provide your AWS account ID and IAM role ARN to LowerPlane. We'll verify access and start collecting container security evidence from all ECR repositories.
LowerPlane uses read-only cross-account IAM role access and cannot push, delete, or modify any container images or repository configurations. Access is scoped to ECR metadata and scan results only. You can revoke access at any time by deleting the IAM role.
Real-time container security evidence mapped to compliance controls
| Control | Evidence Type | Service | Frequency |
|---|---|---|---|
Image Vulnerability ScansSOC 2 | Container image scan results with CVE details | AWS ECR + Amazon Inspector | On push |
Container Image InventoryISO 27001 | Complete image manifest with tags and digests | AWS ECR | Daily |
Repository Access ControlPCI-DSS | IAM policies and repository permissions | AWS ECR + IAM | Daily |
Image Lifecycle PolicySOC 2 | Automated image cleanup and retention policies | AWS ECR | Daily |
Scan Results HistoryHIPAA | Historical vulnerability findings and remediation | AWS ECR | Continuous |
Compliance StatusISO 27001 | Image compliance status and policy violations | AWS ECR + Inspector | Real-time |
Collecting evidence from all ECR repositories in your AWS account
View complete evidence mappingAWS ECR integration satisfies container security and vulnerability management controls
AWS ECR integration covers 8 SOC 2 controls focusing on change management, system operations, and security monitoring.
Essential container security compliance automation
"The AWS ECR integration automated our container security evidence collection. No more manual exports of vulnerability scans or image inventories. Auditors love seeing continuous vulnerability monitoring and "
Everything you need to know about AWS ECR integration
Still have questions?
Contact our security teamBuild comprehensive container security and DevOps compliance coverage
Connect your AWS ECR repositories in 3 minutes and start collecting container security evidence automatically
No credit card required • 14-day free trial • Setup in 3 minutes