From 45f64d36220943833f90f5916a8c931019e9e75b Mon Sep 17 00:00:00 2001
From: Patrik Affentranger <patrik@hatchd.com.au>
Date: Fri, 31 Jul 2020 17:12:45 +0800
Subject: [PATCH] Add required permissions section to README

---
 README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/README.md b/README.md
index 10381e4..da40063 100644
--- a/README.md
+++ b/README.md
@@ -34,6 +34,12 @@ Scan an image uploaded to ECR and fail if vulnerabilities are found.
 | informational | Number of informational vulnerabilities detected. |
 | unknown | Number of unknown vulnerabilities detected. |
 
+## Required ECR permissions
+
+To use this GitHub action in your workflow, your ECR role/user will need to have the following permissions:
+- `ecr:DescribeImageScanFindings`
+- `ecr:StartImageScan` (unless [**scan on push**](https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning.html#scanning-repository) is enabled)
+
 ## Example
 
 This example builds a docker image, uploads it to AWS ECR, then scans it for vulnerabilities.