Automated and continual vulnerability management at scale

What is Amazon Inspector?

Amazon Inspector automatically discovers workloads, such as Amazon EC2 instances, containers, and Lambda functions, and scans them for software vulnerabilities and unintended network exposure.

Benefits of Amazon Inspector

Detect software vulnerabilities

Detect software vulnerabilities and unintended network exposure in AWS workloads such as Amazon EC2, AWS Lambda functions, and container images in Amazon ECR and within continuous integration and continuous delivery (CI/CD) tools, in near-real time.

Manage SBOM exports centrally

Incorporate security earlier in the development cycles and centrally manage software bill of materials (SBOM) exports for all monitored resources.

Prioritize remediation

Use the Amazon Inspector risk score to prioritize remediation reducing mean time to remediate (MTTR).

Maximize vulnerability assessment coverage

Seamlessly scan EC2 instances switching between agent-based and agentless scanning

Use cases

Quickly discover zero-day vulnerabilities in compute workloads

Automate discovery, expedite vulnerability routing, and shorten MTTR with over 50 sources of vulnerability intelligence.

Prioritize patch remediation

Use current common vulnerabilities and exposures (CVE) information and network accessibility to create contextual risk scores to prioritize and resolve vulnerable resources.

Meet compliance requirements

Support compliance requirements and best practices for NIST CSF, PCI DSS, and other regulations with Amazon Inspector scans.

Shift security earlier in development cycle

Embed vulnerability scanning in your developer tools and export a consolidated SBOM for monitored resources.