Show vulnerable ECR images in use

[aliaksei-ivanou]

Is your feature request related to a problem? Please describe.
Images stored in ECR are scanned with Inspector2 for security vulnerabilities. When new vulnerabilities are detected in images, I would like to know which of the affected images are currently in use in any of the deployed EKS clusters. This will help evaluate the attack surface and prioritize the efforts for remediating the security threats.

Describe the solution you'd like
As a part of the security pattern configuring container image vulnerability scanning with Amazon inspector, we can create an EventBridge event that will be triggered every time a new EKS cluster is created. The event will asynchronously invoke an Orchestrator Lambda that will create an Image-Verifier Lambda function specific to a particular EKS cluster. The Image-Verifier Lambda function will be invoked every time a new vulnerability is detected by Inspector2 and will check if any of the affected images are currently in use in a specific EKS cluster. In case the image is in use, the Image-Verifier Lambda will use SNS to notify interested parties.

Describe alternatives you've considered
We can utilize partner solutions as an alternative.

Additional context
Add any other context or screenshots about the feature request here.

[github-actions]

This issue has been automatically marked as stale because it has been open 60 days
with no activity. Remove stale label or comment or this issue will be closed in 10 days

[github-actions]

Issue closed due to inactivity.