Operating system support for Amazon EC2 scanning Operating system support for Amazon ECR scanning Programming language support for Amazon ECR scanning Programming language support for AWS Lambda scanning Discontinued operating systems

Operating systems and programming languages supported by Amazon Inspector

Amazon Inspector can scan software applications installed on Amazon Elastic Compute Cloud (Amazon EC2) instances, container images stored in Amazon Elastic Container Registry (Amazon ECR) repositories and AWS Lambda functions. For container images in Amazon ECR, Amazon Inspector can scan for both operating system and programming language package vulnerabilities. When Amazon Inspector scans resources, it uses its own purpose-built scanning engine and it sources more than 50 data feeds to generate findings for Common Vulnerabilities and Exposures (CVEs). Sources include vendor security advisories, NVD, MITRE, open-source feeds, internal research, and licensed data feeds.

For Amazon Inspector to scan a resource, the resource must be running a supported operating system or use a supported programming language. The topics in this section list the operating systems and programming languages that Amazon Inspector currently supports. They also list operating systems that Amazon Inspector previously supported but have since been discontinued by vendors. Amazon Inspector can provide only limited support for an operating system after a vendor discontinues support for the operating system.

Topics

Supported operating systems: Amazon EC2 scanning
Supported operating systems: Amazon ECR scanning
Supported programming languages: Amazon ECR scanning
Supported programming languages: AWS Lambda function scanning
Discontinued operating systems

Supported operating systems: Amazon EC2 scanning

The following table lists the operating systems that Amazon Inspector currently supports for scans of Amazon Elastic Compute Cloud (Amazon EC2) instances, and the source of the vendor security advisories for each one.

Operating system	Version	Vendor security advisories
Amazon Linux 2 (AL2)	AL2	ALAS
Amazon Linux 2022 (AL2022)	AL2022	ALAS
Bottlerocket	1.7.0 and later	GHSA, CVE
CentOS Linux (CentOS)	7	CESA
CentOS Linux (CentOS)	8	RHSA
Debian Server (Bullseye)	11	DSA
Debian Server (Buster)	10	DSA
Oracle Linux (Oracle)	7	ELSA
Oracle Linux (Oracle)	8	ELSA
Oracle Linux (Oracle)	9	ELSA
Red Hat Enterprise Linux (RHEL)	7	RHSA
Red Hat Enterprise Linux (RHEL)	8	RHSA
Red Hat Enterprise Linux (RHEL)	9	RHSA
Rocky Linux	8	RLSA
SUSE Linux Enterprise Server (SLES)	12	SUSE CVE
SUSE Linux Enterprise Server (SLES)	15	SUSE CVE
Ubuntu (Trusty)	14.04 (ESM)	USN
Ubuntu (Xenial)	16.04 (ESM)	USN
Ubuntu (Bionic)	18.04 (LTS)	USN
Ubuntu (Focal)	20.04 (LTS)	USN
Ubuntu (Jammy)	22.04 (LTS)	USN
Windows Server 2012	2012	MSKB
Windows Server 2012 R2	2012 R2	MSKB
Windows Server 2016	2016	MSKB
Windows Server 2019	2019	MSKB
Windows Server 2022	2022	MSKB

Supported operating systems: Amazon ECR scanning

The following table lists the operating systems that Amazon Inspector currently supports for scans of container images in Amazon Elastic Container Registry (Amazon ECR) repositories, and the source of the vendor security advisories for each one.

Operating system	Version	Vendor security advisories
Alpine Linux (Alpine)	3.12	Alpine Secdb
Alpine Linux (Alpine)	3.13	Alpine Secdb
Alpine Linux (Alpine)	3.14	Alpine Secdb
Alpine Linux (Alpine)	3.15	Alpine Secdb
Alpine Linux (Alpine)	3.16	Alpine Secdb
Amazon Linux 2 (AL2)	AL2	ALAS
Amazon Linux 2022 (AL2022)	AL2022	ALAS
CentOS Linux (CentOS)	7	CESA
CentOS Linux (CentOS)	8	RHSA
Debian Server (Bullseye)	11	DSA
Debian Server (Buster)	10	DSA
OpenSUSE Leap (SUSE Leap)	15.2	SUSE CVE
OpenSUSE Leap (SUSE Leap)	15.3	SUSE CVE
Oracle Linux (Oracle)	7	ELSA
Oracle Linux (Oracle)	8	ELSA
Oracle Linux (Oracle)	9	ELSA
Red Hat Enterprise Linux (RHEL)	7	RHSA
Red Hat Enterprise Linux (RHEL)	8	RHSA
Red Hat Enterprise Linux (RHEL)	9	RHSA
SUSE Linux Enterprise Server (SLES)	12	SUSE CVE
SUSE Linux Enterprise Server (SLES)	15	SUSE CVE
Ubuntu (Trusty)	14.04 (ESM)	USN
Ubuntu (Xenial)	16.04 (ESM)	USN
Ubuntu (Bionic)	18.04 (LTS)	USN
Ubuntu (Focal)	20.04 (LTS)	USN
Ubuntu (Jammy)	22.04 (LTS)	USN

Supported programming languages: Amazon ECR scanning

For container images in Amazon Elastic Container Registry (Amazon ECR) repositories, Amazon Inspector can scan software packages for the following programming languages:

C#
Go
Java
JavaScript
PHP
Python
Ruby
Rust

Supported programming languages: AWS Lambda function scanning

For AWS Lambda functions, Amazon Inspector can scan for the following programming languages:

Java
- Java 8
- Java 11
NodeJS
- NodeJS 12
- NodeJS 14
- NodeJS 16
Python
- Python 3.7
- Python 3.8
- Python 3.9

Discontinued operating systems

Standard vendor support for the operating systems listed in the following tables has been discontinued by the vendor. In the tables, the Discontinued column indicates when the vendor discontinued standard support for an operating system.

Amazon Inspector previously provided full support for these operating systems and will continue to scan Amazon Elastic Compute Cloud (Amazon EC2) instances and Amazon Elastic Container Registry (Amazon ECR) container images that are running them. However, in accordance with vendor policy, the operating systems are no longer updated with patches and, in many cases, new security advisories are no longer released for them. In addition, some vendors remove existing security advisories and detections from their feeds when an affected operating system reaches the end of standard support. Consequently, Amazon Inspector might stop generating findings for known CVEs. Any findings that Amazon Inspector does generate for a discontinued operating system should be used for informational purposes only.

As a security best practice and for continued Amazon Inspector coverage, we encourage you to move to a current, supported version of an operating system.

Discontinued operating systems: Amazon EC2 scanning

Operating system	Version	Vendor security advisories	Discontinued
Amazon Linux AMI (AL1)	AL1	ALAS	December 31, 2020
Debian Server (Stretch)	9	DSA	June 30, 2022
Oracle Linux (Oracle)	6	ELSA	March 1, 2021
Ubuntu (Groovy)	20.10	USN	July 22, 2021
Ubuntu (Hirsute)	21.04	USN	January 20, 2022
Ubuntu (Impish)	21.10	USN	July 31, 2022

Discontinued operating systems: Amazon ECR scanning

Operating system	Version	Vendor security advisories	Discontinued
Amazon Linux (AL1)	2018.03	ALAS	December 31, 2021
Debian Server (Stretch)	9	DSA	June 30, 2022
Oracle Linux (Oracle)	6	ELSA	March 1, 2021
Ubuntu (Groovy)	20.10	USN	July 22, 2021
Ubuntu (Hirsute)	21.04	USN	January 20, 2022
Ubuntu (Impish)	21.10	USN	July 31, 2022

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Security Hub integration

Disabling Amazon Inspector