Amazon ECR Pull Through Cache Now Supports Referrer Discovery and Sync
Amazon Web Services has enhanced its Elastic Container Registry (ECR) pull through cache feature to automatically discover and sync OCI referrers from upstream registries. The update enables automatic caching of image signatures, Software Bills of Materials (SBOMs), and attestations in private ECR repositories, eliminating the need for manual intervention when working with these security and compliance artifacts. Previously, developers using ECR's pull through cache had to manually list and fetch referrers from upstream repositories, as the service would not automatically return or sync these critical metadata components. The new capability allows the pull through cache to reach upstream during referrers API requests and automatically cache the related artifacts in private repositories. This enhancement streamlines container security workflows by enabling end-to-end image signature verification, SBOM discovery, and attestation retrieval to work seamlessly with pull through cache repositories. The feature is now available across all AWS regions that support Amazon ECR pull through cache functionality.
Why It Matters
This update addresses a significant gap in container registry workflows that has forced developers to implement workarounds for security and compliance processes. By automating the sync of OCI referrers like signatures and SBOMs, AWS is making it easier for organizations to maintain secure container supply chains while using cached registries. This is particularly important as container security scanning and software bill of materials become standard requirements in enterprise environments, and eliminates friction that previously existed between performance optimization (caching) and security best practices.
This summary is generated using AI analysis of the original press release. Always refer to the original source for complete details.