Activating a scan type
You can activate Amazon Inspector scan types at any time. When you activate a scan type, Amazon Inspector begins scanning eligible resources for the scan type immediately. The following briefly describes each scan type:
Amazon EC2 scanning
This scan type extracts metadata from your EC2 instance before comparing the metadata against rules collected from security advisories. When you activate this scan type, Amazon Inspector scans all eligible instances in your account for package vulnerabilities and network reachability issues.
Amazon ECR scanning
This scan type scans container images in Amazon ECR. When you activate this scan type, you change the scanning configuration setting for your private registry from basic scanning to enhanced scanning.
Lambda standard scanning
Lambda standard scanning is the default Lambda scan type. When you activate Lambda standard scanning, all Lambda functions in your account will be scanned for code vulnerabilities, as long as they were invoked or updated in the last 90 days.
Lambda code scanning
Lambda code scanning scans custom application code in a Lambda function. When you activate Lambda code scanning, all Lambda functions in your account will be scanned for code vulnerabilities, as long as they were invoked or updated in the last 90 days.
Note
You can either activate Lambda standard scanning or Lambda standard scanning with Lambda code scanning.
For a more comprehensive overview of the available scan types, see Automated resource scanning with Amazon Inspector. This section describes how to activate a scan type in Amazon Inspector.
Activating scans
If you are the delegated administrator for Amazon Inspector in an AWS organization you can
enable various Amazon Inspector scan types for multiple accounts in multiple Regions
automatically using a shell script developed by Amazon Inspector inspector2-enablement-with-cli
