feat(bootstrap): ECR ScanOnPush is now enabled by default (#17994)

PatMyron · web-flow · commit 7588b517eb17 · 2022-01-04T14:34:45.000Z
[`AWS::ECR::Repository.ImageScanningConfiguration`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
diff --git a/packages/aws-cdk/lib/api/bootstrap/bootstrap-template.yaml b/packages/aws-cdk/lib/api/bootstrap/bootstrap-template.yaml
@@ -202,6 +202,8 @@ Resources:
   ContainerAssetsRepository:
     Type: AWS::ECR::Repository
     Properties:
+      ImageScanningConfiguration:
+        ScanOnPush: true
       RepositoryName:
         Fn::If:
           - HasCustomContainerAssetsRepositoryName
@@ -491,7 +493,7 @@ Resources:
       Type: String
       Name:
         Fn::Sub: '/cdk-bootstrap/${Qualifier}/version'
-      Value: '9'
+      Value: '10'
 Outputs:
   BucketName:
     Description: The name of the S3 bucket owned by the CDK toolkit stack
