この日の更新は 1 件のみで、Amazon Inspector の EC2 向けエージェントベーススキャン改善が発表されました。新しい Inspector VM Scanner は検出範囲を拡大し、WordPress、Apache HTTP Server、Python パッケージ、Ruby gems など より広範なソフトウェアの脆弱性を検出できるようになりました。同時に EC2 インスタンス上の CPU 使用率を削減し、本番 ワークロードへの影響を最小化します。エージェントレススキャンと同等の検出カバレッジを実現し、追加の IAM インスタンス プロファイルロールは不要で、既存の SSM Agent 構成のまま利用できます。Amazon Inspector が利用可能な全リージョンで 追加費用なしで提供されます。
Amazon Inspector: EC2 向けエージェントベーススキャンを改善、検出範囲拡大と CPU 使用率削減
Amazon Inspector now offers improved agent-based EC2 scanning with the new Inspector VM Scanner, delivering expanded detection coverage and reduced CPU utilization on your EC2 instances. Security teams can now detect vulnerabilities across a broader range of software and applications on their agent-based EC2 instances, including WordPress, Apache HTTP Server, Python packages, and Ruby gems, while consuming fewer compute resources during scans.
The Inspector VM Scanner replaces the previous scanning engine for agent-based EC2 with a modern architecture optimized for performance. Customers benefit from reduced CPU utilization during vulnerability scans, minimizing the impact on production workloads. The expanded ecosystem detection brings agent-based scanning to parity with agentless scanning coverage, ensuring consistent vulnerability findings regardless of which scanning method you use.
To get started, opt in to the Inspector VM Scanner from the Amazon Inspector console or API. Delegated administrator accounts can enable the new scanner across their entire AWS Organization, while standalone accounts can enable it individually. No additional IAM instance profile roles are required on your EC2 instances. Existing SSM Agent configurations continue to work with no changes needed.
Amazon Inspector is a vulnerability management service that continuously scans AWS workloads for software vulnerabilities and unintended network exposure. The Inspector VM Scanner for agent-based EC2 scanning is available in all AWS Regions where Amazon Inspector is available at no additional cost. Existing Amazon Inspector agent-based EC2 scanning pricing applies.
To learn more, visit: https://docs.aws.amazon.com/inspector/latest/user/inspector-vm-scanner.html