App-Embedded scanning

App-Embedded Defenders can scan their workloads for compliance issues.
App-Embedded Defender support the following types of compliance checks:
  • Image compliance checks.
  • Custom compliance checks.
To see compliance scan reports, go to
Monitor > Compliance > Images > Deployed
. You can filter the table by:
  • App-Embedded: Select
     — Narrows the results to just images protected by App-Embedded Defenders.
  • App ID
     — Narrows the list to specific images. App IDs are listed under the table’s
    For ECS Fargate tasks, the App ID is partially constructed from the task name. AWS Fargate tasks can run multiple containers. All containers in a Fargate task have the same App ID.
    For all other workloads protected by App-Embedded Defender, the App ID is partially constructed from app name, which is a deploy-time configuration set in the App ID field of the embed workflow.
You can use wildcards to filter the table by app/image name. For example, if the app name is dvwa, then you could find all deployments with Repository: dvwa*. This filter would show dvwa:0438dc81a9144fab8cf09320b0e1922b and dvwa:538359b5f7f54559ab227375fe68cd7a.