In December, AWS launched support for Inspector v2, which overlaps with ECR Container Scanning and Inspector Classic. This means if you connected AWS before December 18, 2021 and have enabled Inspector v2 (instructions), you'll need to adjust Vanta's permissions to re-enable fetching scans.

To do this, go to AWS:

  1. Navigate to IAM Policies in the AWS console.
  2. Search for the VantaAdditionalPermissions policy. (You created this when linking AWS.)Screen_Shot_2021-12-17_at_10.48.14_AM.png
  3. Open the policy, then click Edit policy and go to the "JSON" tab.
  4. Below "Action", add the following (if not already present):
"ecr:DescribeImages",
"ecr:DescribeImageScanFindings",
"ecr:ListTagsForResource",
"ecr:BatchGetRepositoryScanningConfiguration",
"inspector2:BatchGet*",
"inspector2:Get*",
"inspector2:Describe*",
"inspector2:List*",

Scans should start to populate again within a few hours.