Header background

Enrich Amazon ECR vulnerability findings with runtime context

Dynatrace integrates with AWS Elastic Container Registry (ECR) to enable visibility, orchestration, and prioritization of cross-container-registry vulnerability findings. This integration provides a single pane of glass for container image scans of your containerized applications and is part of a larger effort to enrich vulnerability findings with runtime context.

In complex multicloud environments, vulnerability findings are often siloed between build-time and run-time tooling. Thus, getting a holistic view of security risks is challenging.

Dynatrace addresses this issue by providing unified ingest and analysis of container vulnerability findings across cloud and container registries. This ensures that SecDevOps has a continuous and comprehensive understanding of its security posture.

In addition, security findings detected during the build phase and in your artifact registries, such as Amazon ECR, might not be relevant to your production-critical applications. By enriching runtime context from the monitored entities, Dynatrace helps filter out the noise, prioritize critical findings, and focus your remediation efforts on what truly matters for your production environment.

AWS services integration with Dynatrace OpenPipeline

Key Steps in the Integration Process

Container image scanning

Amazon ECR scans container images for vulnerabilities. You can choose between basic and enhanced scanning.

Data ingestion

The vulnerability findings are pushed into the Dynatrace platform through AWS Event Bridge via the dedicated security ingest endpoint powered by OpenPipelineTM. You can set it up using an AWS CloudFormation template provided by Dynatrace. For instructions, see the documentation.

Data mapping

The ingested data is mapped according to the Dynatrace Semantic Dictionary, ensuring a unified format for analysis.

Analysis and automation

Once the findings are ingested, you can visualize, analyze, and automate in Dynatrace with Dashboards, Notebooks, and Workflows.

Use cases

Once security findings and scan events are ingested into Dynatrace Grailâ„¢, you can analyze them and perform automation tasks, leveraging the uniform data format.

Amazon ECR ingested data can be consumed as follows:

  • Dashboards: Use the provided sample dashboards or create custom visualizations of the security findings and scan events.
  • Notebooks and Security Investigator: Use vulnerability findings as an additional dimension for threat hunting and forensic investigations.
  • Workflows: Automate the orchestration of critical vulnerability findings by creating alerts and tickets.

Explore individual use cases in Dynatrace Documentation:

Get started

Visit Dynatrace Documentation and get started setting up your Amazon ECR data integration.