Document history - Amazon Inspector

Document history

The following table describes important changes in each release of the Amazon Inspector User Guide, beginning in November 2021. To receive notifications about documentation updates, you can subscribe to an RSS feed.

ChangeDescriptionDate

Updates to table of contents

Amazon Inspector reorganizes the table of contents to include a chapter for the Amazon Inspector SBOM Generator. For more information, see Amazon Inspector SBOM Generator.

November 22, 2024

Updated functionality

Amazon Inspector updates its CI/CD integration feature to support scan actions with CodePipeline. For more information, see Using Amazon Inspector Scan actions with CodePipeline.

November 22, 2024

Updated functionality

Amazon Inspector adds Sbomgen versions to Previous versions of the Amazon Inspector SBOM Generator.

November 19, 2024

Updated functionality

Amazon Inspector adds AL2 as a supported runtime. For more information, see Supported operating systems and programming languages for Amazon Inspector.

August 26, 2024

Updated functionality

Amazon Inspector added a new statement to the AmazonInspector2ServiceRolePolicy policy. The new statement allows Amazon Inspector to return function tags in AWS Lambda.

July 31, 2024

Updated functionality

Amazon Inspector releases new security controls. For more information, see Amazon Inspector controls in the AWS Security Hub User Guide.

July 11, 2024

Updated functionality

The Amazon Inspector SBOM Generator now scans Dockerfiles and Docker container images for misconfigurations that can introduce security vulnerabilities. For more information, see Amazon Inspector Dockerfile checks.

June 10, 2024

Updated functionality

Amazon Inspector updates its CI/CD integration feature to support CodeCatalyst actions, so you can add Amazon Inspector vulnerability scans to your CodeCatalyst workflows. For more information, see Using CodeCatalyst actions.

June 7, 2024

Updated functionality

Amazon Inspector includes an option to download a CSV file of CIS scan results. For more information, see Viewing and downloading CIS scan results in Center for Internet Security (CIS) scans for Amazon EC2 instances.

May 3, 2024

Updated functionality

Amazon Inspector updates its CI/CD integration feature to support GitHub Actions, so you can add Amazon Inspector vulnerability scans to your GitHub workflows. For more information, see Using Amazon Inspector with GitHub Actions.

April 29, 2024

Updated functionality

Amazon Inspector updates the managed policy AmazonInspector2FullAccess, so it creates the service-linked role AWSServiceRoleForAmazonInspector2Agentless. This allows users to perform agent-based scanning and agentless scanning when they enable Amazon Inspector.

April 24, 2024

Updated functionality

Amazon Inspector updates retention period for closed findings from 30 days to 7 days. For more information, see Understanding findings in Amazon Inspector.

February 12, 2024

Updated functionality

Amazon Inspector added a new statement to the AmazonInspector2ServiceRolePolicy policy. The new statement allows Amazon Inspector to start CIS scans for your instance.

January 23, 2024

New Policy

Amazon Inspector has added a new policy, AmazonInspector2ManagedCisPolicy policy, that you can use as part of in an instance profile to allow CIS scans on an instance.

January 23, 2024

New Feature

Amazon Inspector will now refresh the ECR re-scan duration of container images when you pull them. To change your re-scan duration based on push or pull dates see Configuring the ECR re-scan duration.

January 23, 2024

New Feature

Amazon Inspector can now run Center for Internet Security (CIS) scans on EC2 instances. For more information, see Amazon Inspector CIS scans.

January 23, 2024

New Feature

Amazon Inspector can now scan container images in your CI/CD pipelines. For more information, see CI/CD integration with Amazon Inspector.

November 30, 2023

New Policy

Amazon Inspector has added a new policy that allows Amazon Inspector to scan Amazon EBS snapshots from your EC2 instance for agentless scanning. For more information on the policy, see Agentless scanning.

November 27, 2023

New Feature

Amazon Inspector now supports scanning supported Linux Amazon EC2 instances without SSM agents through agentless scanning. For more information see Agentless scanning.

November 27, 2023

New supported resources

Amazon Inspector now supports scanning of MacOS Amazon EC2 instances. See Supported operating systems: Amazon EC2 scanning for supported MacOS versions.

October 5, 2023

New Regions

Amazon Inspector is now available in Asia Pacific (Jakarta), Africa (Cape Town), Asia Pacific (Osaka), and Europe (Zurich).

September 29, 2023

New feature

You can now exclude EC2 instances from Amazon Inspector scans using exclusion tags.

September 14, 2023

New feature

Amazon Inspector has added new permissions that allow Amazon Inspector to scan network configurations of Amazon EC2 instances that are part of Elastic Load Balancing target groups.

August 31, 2023

New feature

Amazon Inspector now provides vulnerability intelligence details for package vulnerability findings.

July 31, 2023

Updated functionality

Amazon Inspector has added new permissions that allow read-only users to export Software Bill of Materials (SBOM) for their resources.

June 29, 2023

New feature

You can now export SBOM for resources being scanned by Amazon Inspector.

June 13, 2023

New feature

Lambda code scanning is now generally available. New features have been added that allow you to encrypt code identified in your Lambda code scanning findings. Additionally Lambda code scanning now provides suggested remediation rewrites of your code.

June 13, 2023

Updated functionality

Amazon Inspector added a new statement to the AmazonInspector2ReadOnlyAccess policy. The new statements allows read-only users to retrieve details of Lambda code scanning status and findings for their account.

May 2, 2023

New feature

Amazon Inspector has added Vulnerability database search which allows you to check if Amazon Inspector covers a specific CVE.

May 1, 2023

Updated functionality

Amazon Inspector has added new permissions to the AmazonInspector2ServiceRolePolicy policy that allow Amazon Inspector to create AWS CloudTrail service-linked channels in your account when you activate Lambda scanning. This allows Amazon Inspector to monitor CloudTrail events in your account.

April 30, 2023

Updated functionality

Amazon Inspector added a new statement to the AmazonInspector2FullAccess policy. The new statement allows users to retrieve details of code vulnerability findings from Lambda code scanning.

April 17, 2023

Updated functionality

Amazon Inspector added a new statement to the AmazonInspector2ServiceRolePolicy policy. The new statement allows Amazon Inspector to send information to Amazon EC2 Systems Manager about the custom paths you have defined for Amazon EC2 deep inspection.

April 17, 2023

New feature

Amazon Inspector adds additional support for Linux EC2 instances in the form of Amazon Inspector deep inspection, which scans your instances for package vulnerabilities in application programming language packages.

April 17, 2023

Updated functionality

Amazon Inspector added a new statement to the AmazonInspector2ServiceRolePolicy policy. The new statements allows Amazon Inspector to request scans of the developer code in AWS Lambda functions, and receive scan data from Amazon CodeGuru Security. Additionally Amazon Inspector has added permissions to review IAM policies. Amazon Inspector uses this information to scan Lambda functions for code vulnerabilities.

February 28, 2023

New feature

Amazon Inspector adds additional support for Lambda functions in the form of Lambda code scanning, which scan the developer code of your Lambda functions for security vulnerabilities.

February 28, 2023

Updated functionality

Amazon Inspector added a new statement to the AmazonInspector2ServiceRolePolicy policy. The new statement allows Amazon Inspector to retrieve information from CloudWatch about when an AWS Lambda function was last invoked. uses this information to focus scans on the Lambda functions in your environment that have been active in the last 90 days.

February 20, 2023

Updated functionality

Amazon Inspector added a new statement to the AmazonInspector2ServiceRolePolicy policy. The new statement allows Amazon Inspector to retrieve information about your AWS Lambda functions. Amazon Inspector uses this information to scan your Lambda functions for security vulnerabilities.

November 28, 2022

New feature

Amazon Inspector adds support for Scanning AWS Lambda functions.

November 28, 2022

Updated content

Added procedures, policy examples, and tips for exporting findings reports from Amazon Inspector to an Amazon Simple Storage Service (Amazon S3) bucket.

October 14, 2022

New content

Added information about assessing Amazon Inspector coverage of your AWS environment by using the Amazon Inspector console. The information includes descriptions of Status values for individual resources in your environment.

October 7, 2022

New feature

Amazon Inspector now provides additional details about how to remediate package vulnerabilities. New fields have been added to finding details. The new fields provide context about whether a fix is available through a package update. If a fix is available, the Suggested remediation section of a finding shows the commands that you can run to make the fix.

September 2, 2022

Updated functionality

Amazon Inspector added a new action to the AmazonInspector2ServiceRolePolicy policy. The new action allows Amazon Inspector to describe SSM association executions. Amazon Inspector also added additional resource scoping to allow Amazon Inspector to create, update, delete, and start SSM associations with AmazonInspector2 owned SSM documents.

August 31, 2022

New feature

Amazon Inspector now supports scans for Windows instances. Amazon Inspector can now scan SSM managed instances running supported Windows operating systems. Scans of Windows hosts are performed by the Amazon Inspector SSM plugin, which is installed and invoked through new SSM associations automatically created by Amazon Inspector.

August 31, 2022

Updated functionality

Amazon Inspector updated the resource scoping of the AmazonInspector2ServiceRolePolicy policy to allow Amazon Inspector to collect software inventory in other AWS partitions.

August 12, 2022

Updated functionality

In the AmazonInspector2ServiceRolePolicy policy, Amazon Inspector restructured the resource scoping of the actions allowing Amazon Inspector to create, delete, and update SSM associations.

August 10, 2022

New feature

Amazon Inspector now supports changing your ECR automated re-scan duration setting. The Amazon ECR automated re-scan duration setting determines how long Amazon Inspector continuously monitors images pushed into repositories. When an image is older than the scan duration, Amazon Inspector will no longer scan the image and close all existing findings for it. All new accounts will automatically have their ECR automated re-scan duration set to lifetime. Previously created accounts had an ECR automated re-scan duration of 30 days, but you can now choose from 30‐day, 180‐day, or lifetime durations for scans.

June 25, 2022

New functionality

Amazon Inspector added a new AWS managed policy, the AmazonInspector2ReadOnlyAccess policy, to allow read-only access to Amazon Inspector functionality.

January 21, 2022

General availability

This is the initial public release of the Amazon Inspector User Guide.

November 29, 2021