Posted On: Feb 28, 2023

Amazon Inspector now supports code scanning of Lambda functions, expanding the existing capability to scan Lambda functions and associated layers for software vulnerabilities in application package dependencies. With this expanded capability, Amazon Inspector now also scans the custom proprietary application code within a Lambda function for code security vulnerabilities such as injection flaws, data leaks, weak cryptography, or missing encryption based on AWS security best practices. When code vulnerabilities are identified in the Lambda function or layer, Inspector generates actionable security findings along with impacted code snippets and remediation guidance. All findings are aggregated in the Amazon Inspector console, routed to AWS Security Hub, and pushed to Amazon EventBridge to automate workflows.

During the preview period, Lambda code scanning is available in five AWS Regions: US East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Frankfurt), and Europe (Ireland) at no additional cost to customers. Learn more about our Lambda scanning capabilities here.

Amazon Inspector is a vulnerability management service that continually scans AWS workloads for software vulnerabilities, code vulnerabilities, and unintended network exposure across your entire AWS Organization. Once activated, Amazon Inspector automatically discovers all of your Amazon Elastic Compute Cloud (EC2) instances, container images in Amazon Elastic Container Registry (ECR), and AWS Lambda functions, at scale, and continuously monitors them for known vulnerabilities, giving you a consolidated view of vulnerabilities across your compute environments.

To learn more and get started with continual vulnerability scanning of your workloads, visit: