---
title: Amazon ECR should be scanning all images for vulnerabilities
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Amazon ECR should be scanning all
  images for vulnerabilities
---

# Amazon ECR should be scanning all images for vulnerabilities

{% alert level="danger" %}
This rule is part of a beta feature. To learn more, [contact Support](https://docs.datadoghq.com/help/).
{% /alert %}
 
## Description{% #description %}

Container images should be scanned for vulnerabilities prior to deployment to an EKS cluster. Scanning for vulnerabilities and remediating them prior to a deployment can increase your security posture for your EKS cluster.

**Note**: If you use a different scanning tool for images, this rule can be muted or turned off.

## Remediation{% #remediation %}

For each ECR repository, do the following:

```
  aws ecr create-repository --repository-name <repo-name> \
  --image-scanning-configuration scanOnPush=true \
  --region <region-name>
```