Amazon Inspector provides you with CycloneDX namespaces and property names that you can use with SBOMs.
This section describes all of the custom key/value properties that might be added to components in CycloneDX SBOMs.
For more information, see CycloneDX property taxonomy
amazon:inspector:sbom_scanner namespace taxonomy
The Amazon Inspector Scan API uses the amazon:inspector:sbom_scanner namespace and has the following properties:
| Property | Description |
|---|---|
amazon:inspector:sbom_scanner:cisa_kev_date_added |
Indicates when the vulnerability was added to the CISA Known Exploited Vulnerabilities catalog. |
amazon:inspector:sbom_scanner:cisa_kev_date_due |
Indicates when the vulnerability fix is due according to the CISA Known Exploited Vulnerabilities catalog. |
amazon:inspector:sbom_scanner:critical_vulnerabilities |
Count of the total number of critical severity vulnerabilities found in the SBOM. |
amazon:inspector:sbom_scanner:exploit_available |
Indicates if an exploit is available for the given vulnerability. |
amazon:inspector:sbom_scanner:exploit_last_seen_in_public |
Indicates when an exploit was last seen in public for the given vulnerability. |
amazon:inspector:sbom_scanner:fixed_version: |
Provides the fixed version of the indicated component for the given vulnerability. |
amazon:inspector:sbom_scanner:high_vulnerabilities |
Count of the total number of high severity vulnerabilities found in the SBOM. |
amazon:inspector:sbom_scanner:info |
Provides scan context for a given component, for example: "Component scanned: no vulnerabilities found." |
amazon:inspector:sbom_scanner:is_malicious |
Indicates if OpenSSF identifies affected components as malicious. |
amazon:inspector:sbom_scanner:low_vulnerabilities |
Count of the total number of low severity vulnerabilities found in the SBOM. |
amazon:inspector:sbom_scanner:medium_vulnerabilities |
Count of the total number of medium severity vulnerabilities found in the SBOM. |
amazon:inspector:sbom_scanner:path |
The path to the file that yields the subject package information. |
amazon:inspector:sbom_scanner:priority |
The recommended priority for fixing a given vulnerability. The values in descending order are "IMMEDIATE", "URGENT", "MODERATE", and "STANDARD". |
amazon:inspector:sbom_scanner:priority_intelligence |
The quality of intelligence used to determine the priority for a given vulnerability. The values include "VERIFIED" or "UNVERIFIED". |
amazon:inspector:sbom_scanner:warning |
Provides context for a why a given component was not scanned, for example: "Component skipped: no purl provided." |
amazon:inspector:sbom_generator namespace taxonomy
The Amazon Inspector SBOM Generator uses the amazon:inspector:sbom_generator namespace and has the following properties:
| Property | Description |
|---|---|
amazon:inspector:sbom_generator:cpu_architecture |
The CPU architecture of the system being inventoried (x86_64). |
amazon:inspector:sbom_generator:ec2:instance_id |
The Amazon EC2 instance ID. |
amazon:inspector:sbom_generator:live_patching_enabled |
A boolean value indicating whether live patching is enabled on Amazon EC2 Amazon Linux. |
amazon:inspector:sbom_generator:live_patched_cves |
A list of CVEs patched through live patching on Amazon EC2 Amazon Linux. |
amazon:inspector:sbom_generator:dockerfile_finding: |
Indicates that an Amazon Inspector finding in a component is related to Dockerfile checks. |
amazon:inspector:sbom_generator:image_id |
The hash belonging to the container image config file (also known as the Image ID). |
amazon:inspector:sbom_generator:image_arch |
The architecture of the container image. |
amazon:inspector:sbom_generator:image_author |
The author of the container image. |
amazon:inspector:sbom_generator:image_docker_version |
The docker version used to build the container image. |
amazon:inspector:sbom_generator:is_duplicate_package |
Indicates that the subject package was found by more than one file scanner. |
amazon:inspector:sbom_generator:duplicate_purl |
Indicates the duplicated package PURL found by another scanner. |
amazon:inspector:sbom_generator:kernel_name |
The kernel name of the system being inventoried. |
amazon:inspector:sbom_generator:kernel_version |
The kernel version of the system being inventoried. |
amazon:inspector:sbom_generator:kernel_component |
A boolean value indicating whether a subject package is a kernel component |
amazon:inspector:sbom_generator:running_kernel |
A boolean value that indicates if a subject package is the running kernel |
amazon:inspector:sbom_generator:layer_diff_id |
The hash of the uncompressed container image layer. |
amazon:inspector:sbom_generator:replaced_by |
The value that replaces the current Go module. |
amazon:inspector:sbom_generator:os_hostname |
The hostname of the system being inventoried. |
amazon:inspector:sbom_generator:source_file_scanner |
The scanner that found the file that contains package information, for example: /var/lib/dpkg/status. |
amazon:inspector:sbom_generator:source_package_collector |
The collector that extracted the package name and version from a specific file. |
amazon:inspector:sbom_generator:source_path |
The path to the file that the subject package information was extracted from. |
amazon:inspector:sbom_generator:file_size_bytes |
Indicates file size of a given artifact. |
amazon:inspector:sbom_generator:unresolved_version |
Indicates a version string that has not been resolved by package manager.. |
amazon:inspector:sbom_generator:experimental:transitive_dependency |
Indicates indirect dependencies from a package manager. |
