Merge pull request #5 from pzi/feature/document-IAM-permissions

Add required permissions section to README
alexjurkiewicz · Aug 3, 2020 · b5a27b5 · b5a27b5
2 parents 2f77256 + 45f64d3
commit b5a27b5
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -34,6 +34,12 @@ Scan an image uploaded to ECR and fail if vulnerabilities are found.
 | informational | Number of informational vulnerabilities detected. |
 | unknown | Number of unknown vulnerabilities detected. |
 
+## Required ECR permissions
+
+To use this GitHub action in your workflow, your ECR role/user will need to have the following permissions:
+- `ecr:DescribeImageScanFindings`
+- `ecr:StartImageScan` (unless [**scan on push**](https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning.html#scanning-repository) is enabled)
+
 ## Example
 
 This example builds a docker image, uploads it to AWS ECR, then scans it for vulnerabilities.