From 7b5774d988a84a236837469a9b2dd5b68c24e62b Mon Sep 17 00:00:00 2001
From: Brian Loyal <bloyal@amazon.com>
Date: Mon, 18 Apr 2022 16:18:43 -0500
Subject: [PATCH] Add image scanning on push to ECR repositories

---
 sagemaker_studio_image_build/codebuild.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/sagemaker_studio_image_build/codebuild.py b/sagemaker_studio_image_build/codebuild.py
index a9c99b7..b43785c 100644
--- a/sagemaker_studio_image_build/codebuild.py
+++ b/sagemaker_studio_image_build/codebuild.py
@@ -118,7 +118,10 @@ def _wait_for_build(self, build_id, poll_seconds=10):
     def _create_repo_if_required(self):
         client = self.session.client("ecr")
         try:
-            client.create_repository(repositoryName=self.repo_name)
+            client.create_repository(
+                repositoryName=self.repo_name,
+                imageScanningConfiguration={"scanOnPush": True},
+            )
             print(f"Created ECR repository {self.repo_name}")
         except client.exceptions.RepositoryAlreadyExistsException as e:
             pass