Understanding findings in Amazon Inspector - Amazon Inspector

Understanding findings in Amazon Inspector

In Amazon Inspector, a finding is a detailed report about a vulnerability that affects one of your AWS resources. Amazon Inspector generates a finding whenever it detects a vulnerability in an Amazon EC2 instance, a container image in an Amazon ECR repository, or an AWS Lambda function. Each finding has the name of the detected vulnerability and provides a severity rating, information about the affected resource, and details such as how to remediate the reported vulnerability.

Amazon Inspector continually scans your compute environment and stores your active findings until it detects that they are remediated. A remediated finding is automatically detected and closed, and then deleted after 30 days. A finding is assigned one of the following states:


The finding is identified by Amazon Inspector and has not been remediated. Active findings are subject to suppression rules and, if applicable, the status is changed to Suppressed.


The finding meets one or more criteria of one or more suppression rules. Suppressed findings are hidden from most views, except for the Suppressed findings list. For more information about suppressed findings, see Suppressing Amazon Inspector findings with suppression rules.


After a vulnerability is remediated, Amazon Inspector automatically detects it and changes the state of the finding to closed. Closed findings are deleted after 30 days if there are no other changes.