Overview
Amazon Inspector is a managed vulnerability management service that continuously scans AWS workloads to identify security issues and deviations from best practices. It integrates with AWS services to provide automated, event-driven assessments without manual scheduling.
Supported Resources & Use Cases
- EC2 Instances
- Requires the SSM Agent.
- Evaluates unintended network accessibility and OS-level vulnerabilities.
- Amazon ECR Container Images
- Scans images automatically at push or on demand.
- Detects known vulnerabilities in packages and dependencies.
- AWS Lambda Functions
- Analyzes function code and package dependencies for vulnerabilities.
- Runs scans upon deployment or code update.
Key Capabilities
- Continuous and Event-Driven Scanning – Automatically triggered when workloads change.
- CVE-Based Vulnerability Detection – Uses an up-to-date Common Vulnerabilities and Exposures database.
- Risk Scoring – Assigns severity scores to help prioritize remediation efforts.
- Network Reachability Analysis – For EC2, evaluates inbound and outbound paths that could expose the instance.
Integration & Reporting
- AWS Security Hub – Consolidates Inspector findings with other security data for centralized visibility.
- Amazon EventBridge – Enables automation by routing findings to workflows, notifications, or remediation functions.
Benefits
- No need for manual scans or separate tooling for EC2, ECR, and Lambda.
- Real-time vulnerability detection integrated into the CI/CD process.
- Supports compliance efforts by continuously evaluating workloads against known risks.