Supported operating systems and programming languages for Amazon Inspector - Amazon Inspector

Supported operating systems and programming languages for Amazon Inspector

Amazon Inspector can scan software applications that are installed on the following:

  • Amazon Elastic Compute Cloud (Amazon EC2) instances

    Note

    For Amazon EC2 instances, Amazon Inspector can scan for package vulnerabilities in operating systems that support agent-based scanning. Amazon Inspector can also scan for package vulnerabilities in operating systems and programming languages that support hybrid scanning. Amazon Inspector does not scan for toolchain vulnerabilities. The version of the programming language compiler used to build the application introduces these vulnerabilities.

  • Container images stored in Amazon Elastic Container Registry (Amazon ECR) repositories

    Note

    For ECR container images, Amazon Inspector can scan for operating system and programming language package vulnerabilities. Amazon Inspector does not scan for toolchain vulnerabilities. The version of the programming language compiler used to build the application introduces these vulnerabilities.

  • AWS Lambda functions

    Note

    For Lambda functions, Amazon Inspector can scan for programming language package vulnerabilities and code vulnerabilities. Amazon Inspector does not scan for toolchain vulnerabilities. The version of the programming language compiler used to build the application introduces these vulnerabilities.

When Amazon Inspector scans resources, Amazon Inspector sources more than 50 data feeds to generate findings for common vulnerabilities and exposures (CVEs). Examples of these sources include vendor security advisories data feeds and threat intelligence feeds, as well as the National Vulnerability Database (NVD) and MITRE. Amazon Inspector updates vulnerability data from source feeds at least once daily.

For Amazon Inspector to scan a resource, the resource must be running a supported operating system or using a supported programming language. The topics in this section list the operating systems, programming languages, and runtimes Amazon Inspector supports for different resources and scan types. They also list discontinued operating systems.

Note

Amazon Inspector can provide only limited support for an operating system after a vendor discontinues support for the operating system.

Supported operating systems

This section lists the operating systems Amazon Inspector supports.

Supported operating systems: Amazon EC2 scanning

The following table lists the operating systems Amazon Inspector supports for the scanning of Amazon EC2 instances. It specifies the vendor security advisory for each operating system and which operating systems support agent-based scanning and agentless scanning.

Note

When using the agent-based scanning method, you configure the SSM agent to perform continuous scans on all eligible instances. Amazon Inspector recommends that you configure a version of the SSM agent that's greater than 3.2.2086.0. For more information, see Working with the SSM Agent in the Amazon EC2 Systems Manager User Guide.

Linux operating system detections are supported only for the default package manager repository (rpm and dpkg) and don't include third-party applications, extended support repositories (BYOS RHEL, PAYG RHEL, and RHEL for SAP), and optional repositories (application streams).

Operating system Version Vendor security advisories Agentless scan support Agent-based scan support
AlmaLinux 8 ALSA Yes Yes
AlmaLinux 9 ALSA Yes Yes
Amazon Linux (AL2) AL2 ALAS Yes Yes
Amazon Linux 2023 (AL2023) AL2023 ALAS Yes Yes
Bottlerocket 1.7.0 and later GHSA, CVE No Yes
Debian Server (Bullseye) 11 DSA Yes Yes
Debian Server (Bookworm) 12 DSA Yes Yes
Fedora 40 CVE Yes Yes
OpenSUSE Leap 15.5 CVE Yes Yes
OpenSUSE Leap 15.6 CVE Yes Yes
Oracle Linux (Oracle) 7 ELSA Yes Yes
Oracle Linux (Oracle) 8 ELSA Yes Yes
Oracle Linux (Oracle) 9 ELSA Yes Yes
Red Hat Enterprise Linux (RHEL) 8 RHSA Yes Yes
Red Hat Enterprise Linux (RHEL) 9 RHSA Yes Yes
Rocky Linux 8 RLSA Yes Yes
Rocky Linux 9 RLSA Yes Yes
SUSE Linux Enterprise Server (SLES) 12.5 SUSE CVE Yes Yes
SUSE Linux Enterprise Server (SLES) 15.5 SUSE CVE Yes Yes
SUSE Linux Enterprise Server (SLES) 15.6 SUSE CVE Yes Yes
Ubuntu (Xenial) 16.04 (ESM) USN, Ubuntu Pro Yes Yes
Ubuntu (Bionic) 18.04 (ESM) USN, Ubuntu Pro Yes Yes
Ubuntu (Focal) 20.04 (LTS) USN Yes Yes
Ubuntu (Jammy) 22.04 (LTS) USN Yes Yes
Ubuntu (Noble Numbat) 24.04 USN Yes Yes
Ubuntu (Oracular Oriole) 24.10 USN Yes Yes
Windows Server 2016 MSKB No Yes
Windows Server 2019 MSKB No Yes
Windows Server 2022 MSKB No Yes
macOS (Mojave) 10.14 APPLE-SA No Yes
macOS (Catalina) 10.15 APPLE-SA No Yes
macOS (Big Sur) 11 APPLE-SA No Yes
macOS (Monterey) 12 APPLE-SA No Yes
macOS (Ventura) 13 APPLE-SA No Yes
macOS (Sonoma) 14 APPLE-SA No Yes

Supported operating systems: Amazon ECR scanning with Amazon Inspector

The following table lists the operating systems Amazon Inspector supports for the scanning of container images in Amazon ECR repositories. It also specifies the vendor security advisory for each operating system.

Operating system Version Vendor security advisories
Alpine Linux (Alpine) 3.18 Alpine SecDB
Alpine Linux (Alpine) 3.19 Alpine SecDB
Alpine Linux (Alpine) 3.20 Alpine SecDB
AlmaLinux 8 ALSA
AlmaLinux 9 ALSA
Amazon Linux (AL2) AL2 ALAS
Amazon Linux 2023 (AL2023) AL2023 ALAS
Debian Server (Bullseye) 11 DSA
Debian Server (Bookworm) 12 DSA
Fedora 40 CVE
OpenSUSE Leap 15.5 CVE
OpenSUSE Leap 15.6 CVE
Oracle Linux (Oracle) 7 ELSA
Oracle Linux (Oracle) 8 ELSA
Oracle Linux (Oracle) 9 ELSA
Photon OS 4 PHSA
Photon OS 5 PHSA
Red Hat Enterprise Linux (RHEL) 8 RHSA
Red Hat Enterprise Linux (RHEL) 9 RHSA
Rocky Linux 8 RLSA
Rocky Linux 9 RLSA
SUSE Linux Enterprise Server (SLES) 12.5 SUSE CVE
SUSE Linux Enterprise Server (SLES) 15.5 SUSE CVE
SUSE Linux Enterprise Server (SLES) 15.6 SUSE CVE
Ubuntu (Xenial) 16.04 (ESM) USN, Ubuntu Pro
Ubuntu (Bionic) 18.04 (ESM) USN, Ubuntu Pro
Ubuntu (Focal) 20.04 (LTS) USN
Ubuntu (Jammy) 22.04 (LTS) USN
Ubuntu (Noble Numbat) 24.04 USN
Ubuntu (Oracular Oriole) 24.10 USN

Supported operating systems: CIS scanning

The following table lists the operating systems Amazon Inspector supports for CIS scans. It also specifies the CIS benchmark version for each operating system.

Operating system Version CIS benchmark version
Amazon Linux 2 AL2 2.0.0
Amazon Linux 2023 AL2023 1.0.0
Red Hat Enterprise Linux (RHEL) 8 3.0.0
Red Hat Enterprise Linux (RHEL) 9 1.0.0
Rocky Linux 8 2.0.0
Rocky Linux 9 1.0.0
Ubuntu (Bonic) 18.04 (LTS) 2.1.0
Ubuntu (Focal) 20.04 (LTS) 2.0.1
Ubuntu (Jammy) 22.04 (LTS) 1.0.0
Windows Server 2016 3.0.0
Windows Server 2019 2.0.0
Windows Server 2022 2.0.0

Discontinued operating systems

The following tables list which operatings systems have been discontinued and when they were discontinued.

Even though Amazon Inspector doesn't provide full support for the following discontinued operating systems, Amazon Inspector continues to scan the Amazon EC2 instances and Amazon ECR container images running them. As a security best practice, we recommend moving to the supported version of a discontinued operating system. Findings that Amazon Inspector generates for a discontinued operating system should be used for informational purposes only.

In accordance with vendor policy, the following operating systems no longer receive patch updates. New security advisories might not be released for discontinued operating systems. Vendors can remove existing security advisories and detections from their feeds for operating systems that reach the end of standard support. As a result, Amazon Inspector can stop generating findings for known CVEs.

Discontinued operating systems: Amazon EC2 scanning

Operating system Version Discontinued
Amazon Linux (AL1) 2012 December 31, 2021
CentOS Linux (CentOS) 7 June 30, 2024
CentOS Linux (CentOS) 8 December 31, 2021
Debian Server (Stretch) 9 June 30, 2022
Debian Server (Buster) 10 June 30, 2024
Fedora 35 December 13, 2022
Fedora 36 May 16, 2023
Fedora 37 December 15, 2023
Fedora 38 May 21, 2024
Fedora 39 November 26, 2024
OpenSUSE Leap 15.2 December 1, 2021
OpenSUSE Leap 15.3 December 1, 2022
OpenSUSE Leap 15.4 December 7, 2023
Oracle Linux (Oracle) 6 March 1, 2021
Red Hat Enterprise Linux (RHEL) 7 June 30, 2024
SUSE Linux Enterprise Server (SLES) 12 June 30, 2016
SUSE Linux Enterprise Server (SLES) 12.1 May 31, 2017
SUSE Linux Enterprise Server (SLES) 12.2 March 31, 2018
SUSE Linux Enterprise Server (SLES) 12.3 June 30, 2019
SUSE Linux Enterprise Server (SLES) 12.4 June 30, 2020
SUSE Linux Enterprise Server (SLES) 15 December 31, 2019
SUSE Linux Enterprise Server (SLES) 15.1 January 31, 2021
SUSE Linux Enterprise Server (SLES) 15.2 December 31, 2021
SUSE Linux Enterprise Server (SLES) 15.3 December 31, 2022
SUSE Linux Enterprise Server (SLES) 15.4 December 31, 2023
Ubuntu (Trusty) 14.04 (ESM) April 1, 2024
Ubuntu (Groovy) 20.10 July 22, 2021
Ubuntu (Hirsute) 21.04 January 20, 2022
Ubuntu (Impish) 21.10 July 31, 2022
Ubuntu (Kinetic) 22.10 July 20, 2023
Ubuntu (Lunar Lobster) 23.04 January 25, 2024
Ubuntu (Mantic Minotaur) 23.10 July 11, 2024
Windows Server 2012 October 10, 2023
Windows Server 2012 R2 October 10, 2023

Discontinued operating systems: Amazon ECR scanning

Operating system Version Discontinued
Alpine Linux (Alpine) 3.12 May 1, 2022
Alpine Linux (Alpine) 3.13 November 1, 2022
Alpine Linux (Alpine) 3.14 May 1, 2023
Alpine Linux (Alpine) 3.15 November 1, 2023
Alpine Linux (Alpine) 3.16 May 23, 2024
Alpine Linux (Alpine) 3.17 November 22, 2024
Amazon Linux (AL1) 2012 December 31, 2021
CentOS Linux (CentOS) 7 June 30, 2024
CentOS Linux (CentOS) 8 December 31, 2021
Debian Server (Stretch) 9 June 30, 2022
Debian Server (Buster) 10 June 30, 2024
Fedora 35 December 13, 2022
Fedora 36 May 16, 2023
Fedora 37 December 15, 2023
Fedora 38 May 21, 2024
Fedora 39 November 26, 2024
OpenSUSE Leap 15.2 December 1, 2021
OpenSUSE Leap 15.3 December 1, 2022
OpenSUSE Leap 15.4 December 7, 2023
Oracle Linux (Oracle) 6 March 1, 2021
Photon OS 3 March 1, 2024
Red Hat Enterprise Linux (RHEL) 7 June 30, 2024
SUSE Linux Enterprise Server (SLES) 12 June 30, 2016
SUSE Linux Enterprise Server (SLES) 12.1 May 31, 2017
SUSE Linux Enterprise Server (SLES) 12.2 March 31, 2018
SUSE Linux Enterprise Server (SLES) 12.3 June 30, 2019
SUSE Linux Enterprise Server (SLES) 12.4 June 30, 2020
SUSE Linux Enterprise Server (SLES) 15 December 31, 2019
SUSE Linux Enterprise Server (SLES) 15.1 January 31, 2021
SUSE Linux Enterprise Server (SLES) 15.2 December 31, 2021
SUSE Linux Enterprise Server (SLES) 15.3 December 31, 2022
SUSE Linux Enterprise Server (SLES) 15.4 December 31, 2023
Ubuntu (Trusty) 14.04 (ESM) April 1, 2024
Ubuntu (Groovy) 20.10 July 22, 2021
Ubuntu (Hirsute) 21.04 January 20, 2022
Ubuntu (Impish) 21.10 July 31, 2022
Ubuntu (Kinetic) 22.10 July 20, 2023
Ubuntu (Lunar Lobster) 23.04 January 25, 2024
Ubuntu (Mantic Minotaur) 23.10 July 11, 2024

Supported programming languages

This section lists the programming launguages Amazon Inspector supports.

Supported programming languages: Amazon EC2 agentless scanning

Amazon Inspector currently supports the following programming languages when performing agentless scans on eligible Amazon EC2 instances. For more information, see agentless scanning.

Note

Amazon Inspector doesn't scan for tooolchain vulnerabilities in Go and Rust. The version of the programming language compiler used to build the application introduces these vulnerabilities.

  • C#

  • Go

  • Java

  • JavaScript

  • PHP

  • Python

  • Ruby

  • Rust

Supported programming languages: Amazon EC2 deep inspection

Amazon Inspector currently supports the following programming languages when performing deep inspection scans on Amazon EC2 Linux instances. For more information, see Amazon Inspector deep inspection for Linux-based Amazon EC2 instances.

  • Java (.ear, .jar, .par, and .war archive formats)

  • JavaScript

  • Python

Amazon Inspector uses Systems Manager Distributor to deploy the plugin for deep inspection of your Amazon EC2 instance.

Note

Deep inspection is not supported for Bottlerocket operating systems.

To perform deep inspection scans, Systems Manager Distributor and Amazon Inspector must support your Amazon EC2 instance operating system. For information about supported operating systems in Systems Manager Distributor, see Supported package platforms and architectures in the Systems Manager User Guide.

Supported programming languages: Amazon ECR scanning

Amazon Inspector currently supports the following programming languages when scanning container images in Amazon ECR repositories:

Note

Amazon Inspector doesn't scan for tooolchain vulnerabilities in Go and Rust. The version of the programming language compiler used to build the application introduces these vulnerabilities.

  • C#

  • Go

  • Java

  • JavaScript

  • PHP

  • Python

  • Ruby

  • Rust

Supported runtimes

This section lists the runtimes Amazon Inspector supports.

Supported runtimes: Amazon Inspector Lambda standard scanning

Amazon Inspector Lambda standard scanning currently supports the following runtimes for the programming languages it can use when scanning Lambda functions for vulnerabilities in third-party software packages:

Note

Amazon Inspector doesn't scan for tooolchain vulnerabilities in Go and Rust. The version of the programming language compiler used to build the application introduces these vulnerabilities.

  • Go

    • go1.x

  • Java

    • java8

    • java8.al2

    • java11

    • java17

    • java21

  • .NET

    • .NET 6

    • .NET 8

  • Node.js

    • nodejs12.x

    • nodejs14.x

    • nodejs16.x

    • nodejs18.x

    • nodejs20.x

  • Python

    • python3.7

    • python3.8

    • python3.9

    • python3.10

    • python3.11

    • python3.12

  • Ruby

    • ruby2.7

    • ruby3.2

    • ruby3.3

  • Custom runtimes

    • AL2

    • AL2023

Supported runtimes: Amazon Inspector Lambda code scanning

Amazon Inspector Lambda code scanning currently supports the following runtimes for the programming languages it can use when scanning Lambda functions for vulnerabilities in code:

  • Java

    • java8

    • java8.al2

    • java11

    • java17

  • .NET

    • .NET 6

    • .NET 8

  • Node.js

    • nodejs12.x

    • nodejs14.x

    • nodejs16.x

    • nodejs18.x

    • nodejs20.x

  • Python

    • python3.7

    • python3.8

    • python3.9

    • python3.10

    • python3.11

    • python3.12

  • Ruby

    • ruby2.7

    • ruby3.2

    • ruby3.3