Dynatrace integrates with AWS Elastic Container Registry (ECR) to enable visibility, orchestration, and prioritization of cross-container-registry vulnerability findings. This integration provides a single pane of glass for container image scans of your containerized applications and is part of a larger effort to enrich vulnerability findings with runtime context.
In complex multicloud environments, vulnerability findings are often siloed between build-time and run-time tooling. Thus, getting a holistic view of security risks is challenging.
Dynatrace addresses this issue by providing unified ingest and analysis of container vulnerability findings across cloud and container registries. This ensures that SecDevOps has a continuous and comprehensive understanding of its security posture.
In addition, security findings detected during the build phase and in your artifact registries, such as AWS ECR, might not be relevant to your production-critical applications. By enriching runtime context from the monitored entities, Dynatrace helps filter out the noise, prioritize critical findings, and focus your remediation efforts on what truly matters for your production environment.
Key Steps in the Integration Process
Container image scanning
AWS ECR scans container images for vulnerabilities. You can choose between basic and enhanced scanning.
Data ingestion
The vulnerability findings are pushed into the Dynatrace platform through AWS Event Bridge via the dedicated security ingest endpoint powered by OpenPipelineTM. You can set it up using an AWS CloudFormation template provided by Dynatrace. For instructions, see the documentation.
Data mapping
The ingested data is mapped according to the Dynatrace Semantic Dictionary, ensuring a unified format for analysis.
Analysis and automation
Once the findings are ingested, you can visualize, analyze, and automate in Dynatrace with Dashboards, Notebooks, and Workflows.
Use cases
Once security findings and scan events are ingested into Dynatrace Grailâ„¢, you can analyze them and perform automation tasks, leveraging the uniform data format.
AWS ECR ingested data can be consumed as follows:
- Dashboards: Use the provided sample dashboards or create custom visualizations of the security findings and scan events.
- Notebooks and Security Investigator: Use vulnerability findings as an additional dimension for threat hunting and forensic investigations.
- Workflows: Automate the orchestration of critical vulnerability findings by creating alerts and tickets.
Explore individual use cases in Dynatrace Documentation:
- Visualize and contextualize security findings
- Automate and orchestrate security findings
- Discover coverage gaps in security scans
Get started
Visit Dynatrace Documentation and get started setting up your AWS ECR data integration.
Explore the AWS ECR integration in Dynatrace Hub.
Looking for answers?
Start a new discussion or ask for help in our Q&A forum.
Go to forum