Posted On: Apr 12, 2023

Customers can now use EC2 Image Builder to easily scan custom Amazon Machine Images (AMIs) and Container images in their image pipelines to evaluate the impact of CVEs (Common Vulnerabilities and Exposures). You no longer have to manage custom scripts that identify CVEs on your images during image build process, to analyze next steps and mitigate the impact of CVEs. With this feature, powered by Amazon Inspector, you are provided a security overview of your AMIs and Container images that details the affected resources, vulnerability details, and known remediations.

To access this feature, you need to enable Amazon Inspector for your AWS account. You can go to the Image Builder Console to activate security scanning for your AWS account. Once Amazon Inspector scanning is activated, Image Builder will generate a security overview of your images on the next build of image pipelines in that account. You can also manually run required image pipelines to generate the latest security overview of images. Security findings are accessible in the Console, as well as via CLI, API, CloudFormation, and CDK.

Image vulnerability scanning is available in AWS Regions where Amazon Inspector is currently available. Get started on this feature from the EC2 Image Builder Console, CLI, API, CloudFormation, or CDK, and learn more about the service in the EC2 Image Builder documentation. You can find information about Amazon Inspector integration with EC2 Image Builder on the feature documentation page. Also, learn more about upcoming EC2 Image Builder features on our public roadmap.