Issue with aws_ecr_repository_images not syncing ImageScanFindings correctly

aws_ecr_repository_images is unable to get the ImageScanFindings for an ECR repository.

I am using the AWS plugin version 23.1.0 and trying to get all the ECR ImageScanFindings from ECR Repository Images. However, I can see that my ECR ImageScanFindings are not being synced correctly. Even though I have vulnerabilities, CloudQuery is unable to sync them correctly.

Additionally, I need to know why there are aws_ecr_repository_image_scan_findings and aws_ecr_repository_images tables for the same purpose.

What is the error you are getting?
Can you share the config file you are using to sync the data?

There is no error pointing; just the data is not getting replicated for that column “ImageScanFindings Summary”.

To answer your second question, aws_ecr_repository_images contains the repository images, each row being a separate image. There can be multiple findings and enhanced findings for each image (i.e., for different scan times). The plugin uses the DescribeImageScanFindings API call to fetch them.

The data type for the scan_findings table is AWS Documentation.

Are you sure you’ve looked in both findings and enhancedFindings keys inside the image_scan_findings column?