ECR now supports encryption of images using AWS KMS keys
Amazon Elastic Container Registry (ECR) now supports the use of customer master keys (CMK) managed by AWS Key Management Service (KMS) to encrypt container images stored in your ECR repositories. AWS KMS is a simple to use key management service that makes it easy for you to create, manage, and control keys to encrypt and decrypt your data. By choosing KMS-based encryption of your container images at rest, you can meet stronger security and compliance requirements around audit, access control and monitoring of encrypted ECR image access using these keys.
Source:: Amazon AWS