A corporation X is looking for a solution that provides automatic scanning of operating system and programming language package vulnerabilities for all its container images stored on Amazon Elastic Container Registry (Amazon ECR). The images should only be scanned once when they are pushed onto the repository. Which of the following options is the right fit for the given requirements?