added scan variable

main.tf

@@ -28,6 +28,11 @@ resource "aws_ecr_repository" "default" {
   count = var.enabled_ecr ? 1 : 0
   name  = module.labels.id
   tags  = module.labels.tags
+  image_tag_mutability = var.image_tag_mutability
+
+  image_scanning_configuration {
+    scan_on_push = var.scan_on_push
+  }
 }
 
 resource "aws_ecr_lifecycle_policy" "default" {

variables.tf

@@ -76,4 +76,15 @@ variable "principals_full_access" {
   type        = list
   description = "Principal ARN to provide with full access to the ECR."
   default     = []
+}
+
+variable "image_tag_mutability" {
+  type        = string
+  default     = "MUTABLE"
+  description = "The tag mutability setting for the repository. Must be one of: MUTABLE or IMMUTABLE. Defaults to MUTABLE."
+}
+variable "scan_on_push" {
+  type        = bool
+  description = "Indicates whether images are scanned after being pushed to the repository (true) or not scanned (false)."
+  default     = true
 }