Document history for the Amazon Inspector User Guide
The following table describes the important changes to the documentation since the last release of Amazon Inspector. For notification about updates to this documentation, you can subscribe to an RSS feed.
| Change | Description | Date |
|---|---|---|
Updated functionality | Amazon Inspector updates retention period for closed findings from 30 days to 7 days. For more information, see Understanding findings in Amazon Inspector. | February 12, 2024 |
Updated functionality | Amazon Inspector added a new statement to the AmazonInspector2ServiceRolePolicy policy. The new statement allows Amazon Inspector to start CIS scans for your instance. | January 23, 2024 |
New Policy | Amazon Inspector has added a new policy, AmazonInspector2ManagedCisPolicy policy, that you can use as part of in an instance profile to allow CIS scans on an instance. | January 23, 2024 |
New Feature | Amazon Inspector will now refresh the ECR re-scan duration of container images when you pull them. To change your re-scan duration based on push or pull dates see Configuring the ECR re-scan duration. | January 23, 2024 |
New Feature | Amazon Inspector can now run Center for Internet Security (CIS) scans on EC2 instances. For more information, see Amazon Inspector CIS scans. | January 23, 2024 |
New Feature | Amazon Inspector can now scan container images in your CI/CD pipelines. For more information, see CI/CD integration with Amazon Inspector. | November 30, 2023 |
New Policy | Amazon Inspector has added a new policy that allows Amazon Inspector to scan Amazon EBS snapshots from your EC2 instance for agentless scanning. For more information on the policy, see Agentless scanning. | November 27, 2023 |
New Feature | Amazon Inspector now supports scanning supported Linux Amazon EC2 instances without SSM agents through agentless scanning. For more information see Agentless scanning. | November 27, 2023 |
New supported resources | Amazon Inspector now supports scanning of MacOS Amazon EC2 instances. See Supported operating systems: Amazon EC2 scanning for supported MacOS versions. | October 5, 2023 |
New Regions | Amazon Inspector is now available in Asia Pacific (Jakarta), Africa (Cape Town), Asia Pacific (Osaka), and Europe (Zurich). | September 29, 2023 |
New feature | You can now exclude EC2 instances from Amazon Inspector scans using exclusion tags. | September 14, 2023 |
New feature | Amazon Inspector has added new permissions that allow Amazon Inspector to scan network configurations of Amazon EC2 instances that are part of Elastic Load Balancing target groups. | August 31, 2023 |
New feature | Amazon Inspector now provides vulnerability intelligence details for package vulnerability findings. | July 31, 2023 |
Updated functionality | Amazon Inspector has added new permissions that allow read-only users to export Software Bill of Materials (SBOM) for their resources. | June 29, 2023 |
New feature | You can now export SBOM for resources being scanned by Amazon Inspector. | June 13, 2023 |
New feature | Lambda code scanning is now generally available. New features have been added that allow you to encrypt code identified in your Lambda code scanning findings. Additionally Lambda code scanning now provides suggested remediation rewrites of your code. | June 13, 2023 |
Updated functionality | Amazon Inspector added a new statement to the AmazonInspector2ReadOnlyAccess policy. The new statements allows read-only users to retrieve details of Lambda code scanning status and findings for their account. | May 2, 2023 |
New feature | Amazon Inspector has added Vulnerability database search which allows you to check if Amazon Inspector covers a specific CVE. | May 1, 2023 |
Updated functionality | Amazon Inspector has added new permissions to the AmazonInspector2ServiceRolePolicy policy that allow Amazon Inspector to create AWS CloudTrail service-linked channels in your account when you activate Lambda scanning. This allows Amazon Inspector to monitor CloudTrail events in your account. | April 30, 2023 |
Updated functionality | Amazon Inspector added a new statement to the AmazonInspector2FullAccess policy. The new statement allows users to retrieve details of code vulnerability findings from Lambda code scanning. | April 17, 2023 |
Updated functionality | Amazon Inspector added a new statement to the AmazonInspector2ServiceRolePolicy policy. The new statement allows Amazon Inspector to send information to Amazon EC2 Systems Manager about the custom paths you have defined for Amazon EC2 deep inspection. | April 17, 2023 |
New feature | Amazon Inspector adds additional support for Linux EC2 instances in the form of Amazon Inspector deep inspection, which scans your instances for package vulnerabilities in application programming language packages. | April 17, 2023 |
Updated functionality | Amazon Inspector added a new statement to the AmazonInspector2ServiceRolePolicy policy. The new statements allows Amazon Inspector to request scans of the developer code in AWS Lambda functions, and receive scan data from Amazon CodeGuru Security. Additionally Amazon Inspector has added permissions to review IAM policies. Amazon Inspector uses this information to scan Lambda functions for code vulnerabilities. | February 28, 2023 |
New feature | Amazon Inspector adds additional support for Lambda functions in the form of Lambda code scanning, which scan the developer code of your Lambda functions for security vulnerabilities. | February 28, 2023 |
Updated functionality | Amazon Inspector added a new statement to the AmazonInspector2ServiceRolePolicy policy. The new statement allows Amazon Inspector to retrieve information from CloudWatch about when an AWS Lambda function was last invoked. uses this information to focus scans on the Lambda functions in your environment that have been active in the last 90 days. | February 20, 2023 |
Updated functionality | Amazon Inspector added a new statement to the AmazonInspector2ServiceRolePolicy policy. The new statement allows Amazon Inspector to retrieve information about your AWS Lambda functions. Amazon Inspector uses this information to scan your Lambda functions for security vulnerabilities. | November 28, 2022 |
New feature | Amazon Inspector adds support for Scanning AWS Lambda functions. | November 28, 2022 |
Updated content | Added procedures, policy examples, and tips for exporting findings reports from Amazon Inspector to an Amazon Simple Storage Service (Amazon S3) bucket. | October 14, 2022 |
New content | Added information about assessing Amazon Inspector coverage of your AWS environment by using the Amazon Inspector console. The information includes descriptions of Status values for individual resources in your environment. | October 7, 2022 |
New feature | Amazon Inspector now provides additional details about how to remediate package vulnerabilities. New fields have been added to finding details. The new fields provide context about whether a fix is available through a package update. If a fix is available, the Suggested remediation section of a finding shows the commands that you can run to make the fix. | September 2, 2022 |
Updated functionality | Amazon Inspector added a new action to the AmazonInspector2ServiceRolePolicy policy. The
new action allows Amazon Inspector to describe SSM association executions. Amazon Inspector also
added additional resource scoping to allow Amazon Inspector to create, update, delete, and
start SSM associations with | August 31, 2022 |
New feature | Amazon Inspector now supports scans for Windows instances. Amazon Inspector can now scan SSM managed instances running supported Windows operating systems. Scans of Windows hosts are performed by the Amazon Inspector SSM plugin, which is installed and invoked through new SSM associations automatically created by Amazon Inspector. | August 31, 2022 |
Updated functionality | Amazon Inspector updated the resource scoping of the AmazonInspector2ServiceRolePolicy policy to allow Amazon Inspector to collect software inventory in other AWS partitions. | August 12, 2022 |
Updated functionality | In the AmazonInspector2ServiceRolePolicy policy, Amazon Inspector restructured the resource scoping of the actions allowing Amazon Inspector to create, delete, and update SSM associations. | August 10, 2022 |
New feature | Amazon Inspector now supports changing your ECR automated re-scan duration setting. The Amazon ECR automated re-scan duration setting determines how long Amazon Inspector continuously monitors images pushed into repositories. When an image is older than the scan duration, Amazon Inspector will no longer scan the image and close all existing findings for it. All new accounts will automatically have their ECR automated re-scan duration set to lifetime. Previously created accounts had an ECR automated re-scan duration of 30 days, but you can now choose from 30‐day, 180‐day, or lifetime durations for scans. | June 25, 2022 |
New functionality | Amazon Inspector added a new AWS managed policy, the AmazonInspector2ReadOnlyAccess policy, to allow read-only access to Amazon Inspector functionality. | January 21, 2022 |
General availability | This is the initial public release of the Amazon Inspector User Guide. | November 29, 2021 |
