AWS – Amazon Inspector expands ECR support for minimal container base images and enhanced detections
Today, we are excited to announce support for scratch, distroless (Debian/Ubuntu based), and Chainguard image scanning with Amazon Inspector. With the expanded support for ECR images, Amazon Inspector extends its security coverage to minimal and security-focused container bases, enabling teams to maintain robust security practices even with highly optimized container environments.
For ECR scanning, Amazon Inspector expands scanning to additional ecosystems including Go toolchain, Oracle JDK & JRE, Amazon Corretto, Apache Tomcat, Apache httpd, WordPress (core, themes, plugins), Google Puppeteer (Chrome embedding), and Node.js runtime. This enhancement helps customers identify vulnerabilities in ecosystem components and gain visibility into third party software. The same functionality is also available via the Amazon Inspector SBOM Scan API.
Additionally, Amazon Inspector now supports identifying discontinued operating systems running on Amazon EC2 instances and Amazon ECR container images. Amazon Inspector will generate a finding on resources using a discontinued operating system solely for informational purposes, aiding in the prioritization of risk mitigation strategies.
Amazon Inspector is a vulnerability management service that continually scans AWS workloads including Amazon EC2 instances, container images, and AWS Lambda functions for software vulnerabilities, code vulnerabilities, and unintended network exposure across your entire AWS organization.
Enhanced detections, and support for additional operating systems for ECR scanning is available in all commercial and AWS GovCloud (US) Regions where Amazon Inspector is available.
Read More for the details.
