diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6c7978cd..50604f41 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,7 +1,9 @@
 # Change Log
 
-## v0.68 (unreleased)
 
+## v0.68
+- [#408](https://github.com/awslabs/amazon-s3-find-and-forget/pull/408) Enable 
+  Scan On Push for the ECR Repository
 - [#407](https://github.com/awslabs/amazon-s3-find-and-forget/issues/407):
   Upgrade frontend dependencies
 - [#409](https://github.com/awslabs/amazon-s3-find-and-forget/issues/409):
diff --git a/templates/deletion_flow.yaml b/templates/deletion_flow.yaml
index ff8ac3c1..09190690 100644
--- a/templates/deletion_flow.yaml
+++ b/templates/deletion_flow.yaml
@@ -67,6 +67,9 @@ Resources:
 
   ECRRepository:
     Type: AWS::ECR::Repository
+    Properties:
+      ImageScanningConfiguration:
+        ScanOnPush: true
 
   ECSTaskExecutionRole:
     Type: AWS::IAM::Role
diff --git a/templates/template.yaml b/templates/template.yaml
index 553935b3..bc8e16db 100644
--- a/templates/template.yaml
+++ b/templates/template.yaml
@@ -1,6 +1,6 @@
 AWSTemplateFormatVersion: "2010-09-09"
 Transform: AWS::Serverless-2016-10-31
-Description: Amazon S3 Find and Forget (uksb-1q2j8beb0) (version:v0.67) (tag:main)
+Description: Amazon S3 Find and Forget (uksb-1q2j8beb0) (version:v0.68) (tag:main)
 
 Parameters:
   AccessControlAllowOriginOverride:
@@ -206,7 +206,7 @@ Conditions:
 Mappings:
   Solution:
     Constants:
-      Version: 'v0.67'
+      Version: 'v0.68'
 
 Resources:
   TempBucket: