ECR Image security scan in CI


Now that AWS ECR supports security scans on push, I was trying to find how this security scan can be utilized in my pipeline.

In my pipeline I test code, build image and then push it to existing ECR registry with the tag latest. Then when it’s ready, new image is deployed to ECS.

My question: How have others implemented the deployment to ECS Fargate only with images that have passed security scans in ECR? Is there some orb that does it nicely, eg. waits for the scan to finish and so on.

Br Jaakko