Operating systems and programming languages that Amazon Inspector supports - Amazon Inspector

Operating systems and programming languages that Amazon Inspector supports

Amazon Inspector can scan software applications that are installed on the following:

  • Amazon Elastic Compute Cloud (Amazon EC2) instances.

  • Container images stored in Amazon Elastic Container Registry (Amazon ECR) repositories – For ECR container images, Amazon Inspector can scan for operating system and programming language package vulnerabilities.

  • AWS Lambda functions – For Lambda functions, Amazon Inspector can scan for code vulnerabilities.

When Amazon Inspector scans resources, Amazon Inspector sources more than 50 data feeds, generating findings for common vulnerabilities and exposures (CVEs). Examples of these sources include vendor security advisories data feeds, and threat intelligence feeds, as well as the National Vulnerability Database (NVD) and MITRE. Amazon Inspector updates vulnerability data from source feeds at least once daily.

For Amazon Inspector to scan a resource, the resource must be running a supported operating system or using a supported programming language. The topics in this section list the operating systems, programming languages, and runtimes Amazon Inspector supports for different resources and scan types. They also list discontinued operating systems.

Note

Amazon Inspector can provide only limited support for an operating system after a vendor discontinues support for the operating system.

Supported operating systems: Amazon EC2 scanning

The following table lists the operating systems Amazon Inspector supports for the scanning of Amazon EC2 instances. It lists the source of vendor security advisories for each operating system. It also helps you determine if the supported operating systems can be scanned using agent-based scanning or agentless scanning.

When using the agent-based scanning method, you configure the SSM agent to perform continuous scans on all eligible instances. Amazon Inspector recommends that you configure a version of the SSM agent greater than 3.2.2086.0. For more information, see Working with the SSM Agent in the Amazon EC2 Systems Manager User Guide.

Note

Linux operating system detections are supported only for the default package manager repository (rpm and dpkg) and don't include third-party applications, extended support repositories (BYOS RHEL, PAYG RHEL, and RHEL for SAP), and optional repositories (application streams).

Operating system Version Vendor security advisories Agentless scan support Agent-based scan support
AlmaLinux 8 ALSA Yes Yes
AlmaLinux 9 ALSA Yes Yes
Amazon Linux (AL2) AL2 ALAS Yes Yes
Amazon Linux 2023 (AL2023) AL2023 ALAS Yes Yes
Bottlerocket 1.7.0 and later GHSA, CVE No Yes
Debian Server (Bullseye) 11 DSA Yes Yes
Debian Server (Bookworm) 12 DSA Yes Yes
Fedora 39 CVE Yes Yes
Fedora 40 CVE Yes Yes
OpenSUSE Leap 15.5 CVE Yes Yes
Oracle Linux (Oracle) 7 ELSA Yes Yes
Oracle Linux (Oracle) 8 ELSA Yes Yes
Oracle Linux (Oracle) 9 ELSA Yes Yes
Red Hat Enterprise Linux (RHEL) 7 RHSA Yes Yes
Red Hat Enterprise Linux (RHEL) 8 RHSA Yes Yes
Red Hat Enterprise Linux (RHEL) 9 RHSA Yes Yes
Rocky Linux 8 RLSA Yes Yes
Rocky Linux 9 RLSA Yes Yes
SUSE Linux Enterprise Server (SLES) 12.5 SUSE CVE Yes Yes
SUSE Linux Enterprise Server (SLES) 15.5 SUSE CVE Yes Yes
Ubuntu (Xenial) 16.04 (ESM) USN, Ubuntu Pro Yes Yes
Ubuntu (Bionic) 18.04 (ESM) USN, Ubuntu Pro Yes Yes
Ubuntu (Focal) 20.04 (LTS) USN Yes Yes
Ubuntu (Jammy) 22.04 (LTS) USN Yes Yes
Ubuntu (Mantic Minotaur) 23.10 USN Yes Yes
Ubuntu (Noble Numbat) 24.04 USN Yes Yes
Windows Server 2016 MSKB No Yes
Windows Server 2019 MSKB No Yes
Windows Server 2022 MSKB No Yes
macOS (Mojave) 10.14 APPLE-SA No Yes
macOS (Catalina) 10.15 APPLE-SA No Yes
macOS (Big Sur) 11 APPLE-SA No Yes
macOS (Monterey) 12 APPLE-SA No Yes
macOS (Ventura) 13 APPLE-SA No Yes

Supported programming languages: Amazon EC2 deep inspection

Amazon Inspector currently supports the following programming languages when scanning Amazon EC2 Linux instances for vulnerabilities in third-party software packages:

Supported programming languages
  • Java (only .ear, .jar, .par, and .war archive formats)

  • JavaScript

  • Python

Amazon Inspector uses Systems Manager Distributor to deploy the plugin for deep inspection of your Amazon EC2 instance. Systems Manager Distributor and Amazon Inspector must support your Amazon EC2 instance operating system, so Amazon Inspector can perform deep inspection scans. For information about the operating systems that Systems Manager Distributor supports, see Supported package platforms and architectures in the Systems Manager User Guide.

Note

Deep inspection is not supported for Bottlerocket operating systems.

Supported operating systems: CIS scanning

The following table lists the operating systems Amazon Inspector currently supports for CIS scans. It also lists the CIS benchmark version that's used to perform scans of that operating system.

Operating system Version CIS benchmark version
Amazon Linux 2 AL2 2.0.0
Amazon Linux 2023 AL2023 1.0.0
Red Hat Enterprise Linux (RHEL) 8 3.0.0
Red Hat Enterprise Linux (RHEL) 9 1.0.0
Rocky Linux 8 2.0.0
Rocky Linux 9 1.0.0
Ubuntu (Bonic) 18.04 (LTS) 2.1.0
Ubuntu (Focal) 20.04 (LTS) 2.0.1
Ubuntu (Jammy) 22.04 (LTS) 1.0.0
Windows Server 2019 2.0.0
Windows Server 2022 2.0.0

Supported operating systems: Amazon ECR scanning with Amazon Inspector

Amazon Inspector currently supports scanning the following operating systems when scanning container images in Amazon ECR repositories:. The table also lists the source of the vendor security advisories for each operating system.

Operating system Version Vendor security advisories
Alpine Linux (Alpine) 3.16 Alpine SecDB
Alpine Linux (Alpine) 3.17 Alpine SecDB
Alpine Linux (Alpine) 3.18 Alpine SecDB
Alpine Linux (Alpine) 3.19 Alpine SecDB
Alpine Linux (Alpine) 3.20 Alpine SecDB
AlmaLinux 8 ALSA
AlmaLinux 9 ALSA
Amazon Linux (AL2) AL2 ALAS
Amazon Linux 2023 (AL2023) AL2023 ALAS
Debian Server (Bullseye) 11 DSA
Debian Server (Bookworm) 12 DSA
Fedora 39 CVE
Fedora 40 CVE
OpenSUSE Leap 15.5 CVE
Oracle Linux (Oracle) 7 ELSA
Oracle Linux (Oracle) 8 ELSA
Oracle Linux (Oracle) 9 ELSA
Photon OS 4 PHSA
Photon OS 5 PHSA
Red Hat Enterprise Linux (RHEL) 7 RHSA
Red Hat Enterprise Linux (RHEL) 8 RHSA
Red Hat Enterprise Linux (RHEL) 9 RHSA
Rocky Linux 8 RLSA
Rocky Linux 9 RLSA
SUSE Linux Enterprise Server (SLES) 12.5 SUSE CVE
SUSE Linux Enterprise Server (SLES) 15.5 SUSE CVE
Ubuntu (Xenial) 16.04 (ESM) USN, Ubuntu Pro
Ubuntu (Bionic) 18.04 (ESM) USN, Ubuntu Pro
Ubuntu (Focal) 20.04 (LTS) USN
Ubuntu (Jammy) 22.04 (LTS) USN
Ubuntu (Mantic Minotaur) 23.10 USN
Ubuntu (Noble Numbat) 24.04 USN

Supported programming languages: Amazon ECR scanning

Amazon Inspector currently supports the following programming languages when scanning container images in Amazon ECR repositories:

  • C#

  • Go

  • Java

  • JavaScript

  • PHP

  • Python

  • Ruby

  • Rust

Supported runtimes: Amazon Inspector Lambda standard scanning

Amazon Inspector Lambda standard scanning currently supports the following programming languages when scanning Lambda functions for vulnerabilities in third-party software packages:

  • Java

    • java8

    • java8.al2

    • java11

    • java17

    • java21

  • Node.js

    • nodejs12.x

    • nodejs14.x

    • nodejs16.x

    • nodejs18.x

    • nodejs20.x

  • Python

    • python3.7

    • python3.8

    • python3.9

    • python3.10

    • python3.11

    • python3.12

  • Go

    • go1.x

  • Ruby

    • ruby2.7

    • ruby3.2

    • ruby3.3

  • .NET

    • .NET 6

    • .NET 8

Supported runtimes: Amazon Inspector Lambda code scanning

Amazon Inspector Lambda code scanning currently supports the following programming languages when scanning Lambda functions for vulnerabilities in code:

  • Java

    • java8

    • java8.al2

    • java11

    • java17

  • Node.js

    • nodejs12.x

    • nodejs14.x

    • nodejs16.x

    • nodejs18.x

    • nodejs20.x

  • Python

    • python3.7

    • python3.8

    • python3.9

    • python3.10

    • python3.11

    • python3.12

  • Ruby

    • ruby2.7

    • ruby3.2

    • ruby3.3

  • .NET

    • .NET 6

    • .NET 8

Discontinued operating systems

Standard vendor support for the operating systems listed in the following tables has been discontinued by the vendor. In the tables, the Discontinued column indicates when the vendor discontinued standard support for an operating system.

Amazon Inspector previously provided full support for these operating systems and will continue to scan Amazon EC2 instances and Amazon ECR container images that are running them. However, in accordance with vendor policy, the operating systems are no longer updated with patches and, in many cases, new security advisories are no longer released for them. In addition, some vendors remove existing security advisories and detections from their feeds when an affected operating system reaches the end of standard support. Consequently, Amazon Inspector might stop generating findings for known CVEs. Any findings that Amazon Inspector does generate for a discontinued operating system should be used for informational purposes only.

As a security best practice and for continued Amazon Inspector coverage, we encourage you to move to a current, supported version of an operating system.

Discontinued operating systems: Amazon EC2 scanning

Operating system Version Discontinued
Amazon Linux (AL1) 2012 December 31, 2021
CentOS Linux (CentOS) 7 June 30, 2024
CentOS Linux (CentOS) 8 December 31, 2021
Debian Server (Stretch) 9 June 30, 2022
Debian Server (Buster) 10 June 30, 2024
Fedora 35 December 13, 2022
Fedora 36 May 16, 2023
Fedora 37 December 15, 2023
Fedora 38 May 21, 2024
OpenSUSE Leap 15.2 December 1, 2021
OpenSUSE Leap 15.3 December 1, 2022
OpenSUSE Leap 15.4 December 7, 2023
Oracle Linux (Oracle) 6 March 1, 2021
SUSE Linux Enterprise Server (SLES) 12 June 30, 2016
SUSE Linux Enterprise Server (SLES) 12.1 May 31, 2017
SUSE Linux Enterprise Server (SLES) 12.2 March 31, 2018
SUSE Linux Enterprise Server (SLES) 12.3 June 30, 2019
SUSE Linux Enterprise Server (SLES) 12.4 June 30, 2020
SUSE Linux Enterprise Server (SLES) 15 December 31, 2019
SUSE Linux Enterprise Server (SLES) 15.1 January 31, 2021
SUSE Linux Enterprise Server (SLES) 15.2 December 31, 2021
SUSE Linux Enterprise Server (SLES) 15.3 December 31, 2022
SUSE Linux Enterprise Server (SLES) 15.4 December 31, 2023
Ubuntu (Trusty) 14.04 (ESM) April 1, 2024
Ubuntu (Groovy) 20.10 July 22, 2021
Ubuntu (Hirsute) 21.04 January 20, 2022
Ubuntu (Impish) 21.10 July 31, 2022
Ubuntu (Kinetic) 22.10 July 20, 2023
Ubuntu (Lunar Lobster) 23.04 January 25, 2024
Windows Server 2012 October 10, 2023
Windows Server 2012 R2 October 10, 2023

Discontinued operating systems: Amazon ECR scanning

Operating system Version Discontinued
Alpine Linux (Alpine) 3.12 May 1, 2022
Alpine Linux (Alpine) 3.13 November 1, 2022
Alpine Linux (Alpine) 3.14 May 1, 2023
Alpine Linux (Alpine) 3.15 November 1, 2023
Amazon Linux (AL1) 2012 December 31, 2021
CentOS Linux (CentOS) 7 June 30, 2024
CentOS Linux (CentOS) 8 December 31, 2021
Debian Server (Stretch) 9 June 30, 2022
Debian Server (Buster) 10 June 30, 2024
Fedora 35 December 13, 2022
Fedora 36 May 16, 2023
Fedora 37 December 15, 2023
Fedora 38 May 21, 2024
OpenSUSE Leap 15.2 December 1, 2021
OpenSUSE Leap 15.3 December 1, 2022
OpenSUSE Leap 15.4 December 7, 2023
Oracle Linux (Oracle) 6 March 1, 2021
Photon OS 3 March 1, 2024
SUSE Linux Enterprise Server (SLES) 12 June 30, 2016
SUSE Linux Enterprise Server (SLES) 12.1 May 31, 2017
SUSE Linux Enterprise Server (SLES) 12.2 March 31, 2018
SUSE Linux Enterprise Server (SLES) 12.3 June 30, 2019
SUSE Linux Enterprise Server (SLES) 12.4 June 30, 2020
SUSE Linux Enterprise Server (SLES) 15 December 31, 2019
SUSE Linux Enterprise Server (SLES) 15.1 January 31, 2021
SUSE Linux Enterprise Server (SLES) 15.2 December 31, 2021
SUSE Linux Enterprise Server (SLES) 15.3 December 31, 2022
SUSE Linux Enterprise Server (SLES) 15.4 December 31, 2023
Ubuntu (Trusty) 14.04 (ESM) April 1, 2024
Ubuntu (Groovy) 20.10 July 22, 2021
Ubuntu (Hirsute) 21.04 January 20, 2022
Ubuntu (Impish) 21.10 July 31, 2022
Ubuntu (Kinetic) 22.10 July 20, 2023
Ubuntu (Lunar Lobster) 23.04 January 25, 2024