Amazon Inspector is designed to manage vulnerabilities by continuously scanning your AWS workloads for software vulnerabilities and unintended network exposure across your entire organization.
Upon activation, Amazon Inspector automatically detects all your Amazon Elastic Compute Cloud (EC2) instances, container images in Amazon Elastic Container Registry (ECR), and AWS Lambda functions on a large scale. It then continuously monitors them for known vulnerabilities, providing you with a unified view of vulnerabilities across your compute environments.
It also provides a highly-contextualized vulnerability risk score by correlating vulnerability information with environmental factors such as external network accessibility to help you prioritize the highest risks to address.
Amazon Inspector now allows customers to search its vulnerability intelligence database if any Inspector scanning type is activated. With this expanded capability, customers can retrieve the details for any vulnerability stored in the Inspector vulnerability database and covered by Inspector’s scanning engine by simply providing a Common Vulnerability and Enumerations (CVE) ID. This allows customers to confirm the CVEs covered by the Inspector scanning engine and do preliminary research on a CVE. Inspector customers can access the search capabilities using both the Inspector console and APIs.