AWS – Amazon Inspector launches code security to shift security left in development
Today, Amazon Web Services (AWS) announces the general availability of Amazon Inspector code security capabilities, helping you secure your applications before they reach production. This new feature, with native integration to GitHub and GitLab, helps you rapidly identify and prioritize security vulnerabilities and misconfigurations across your application source-code, dependencies, and infrastructure as code (IaC). You can evaluate source-code as builders push or pull code changes in repositories, within CI/CD pipelines, or through scheduled scans. Findings from these scans are surfaced both in the Amazon Inspector console for an aggregated view across the organization and within the source code management platform as fast feedback for the developers.
This expansion builds upon existing Amazon Inspector capabilities for scanning Amazon EC2 instances, container images in Elastic Container Registry (ECR), and AWS Lambda functions to provide consistent vulnerability management from compute running on AWS to your code. Amazon Inspector delivers three core capabilities: Static Application Security Testing (SAST) for analyzing application source-code, Software Composition Analysis (SCA) for evaluating third-party dependencies, and Infrastructure as Code (IaC) scanning for validating infrastructure definitions.
Amazon Inspector code scanning is available in 10 Regions including: US East (N. Virginia), US West (Oregon), US East (Ohio), Asia Pacific (Sydney), Asia Pacific (Tokyo), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Stockholm), and Asia Pacific (Singapore). To learn more and get started with Inspector code security, visit:
Read More for the details.
