A company is deploying a new application on AWS. The application consists of an Amazon Elastic Kubernetes Service (Amazon EKS) cluster and an Amazon Elastic Container Registry (Amazon ECR) repository. The EKS cluster has an AWS managed node group. The company's security guidelines state that all resources on AWS must be continuously scanned for security vulnerabilities. Which solution will meet this requirement with the LEAST operational overhead?