Posted On: Nov 27, 2023

Amazon Inspector now offers continuous monitoring of your Amazon EC2 instances for software vulnerabilities without installing an agent or additional software. Currently, Amazon Inspector leverages the widely deployed AWS Systems Manager (SSM) Agent to assess your EC2 instances for third-party software vulnerabilities. With this new capability, you can expand your vulnerability assessment coverage across your EC2 infrastructure with Amazon Inspector agentless scanning for EC2 instances that do not have SSM Agents installed or configured. For agentless scanning, Amazon Inspector takes snapshots of EBS volumes to collect software application inventory from the instances to perform vulnerability assessments. Once you enable EC2 scanning within Amazon Inspector, it automatically discovers all your EC2 instances and starts evaluating them for software vulnerabilities. Customers can enable agentless scanning by simply visiting the EC2 settings page within the Amazon Inspector console and selecting hybrid scan mode. In hybrid scan mode, Amazon Inspector relies on SSM Agents to collect information from instances to perform vulnerability assessments, and automatically switches to agentless scanning for instances that do not have SSM Agents installed or configured. 

Amazon Inspector is a vulnerability management service that continually scans AWS workloads for software vulnerabilities, code vulnerabilities, and unintended network exposure across your entire AWS Organization. 

Amazon Inspector agentless vulnerability assessments for Amazon EC2 in preview is available in three commercial Regions including US East (N. Virginia), US West (Oregon), and Europe (Ireland).

To learn more and get started with continual vulnerability scanning of your workloads, visit: