AWS Security ChangesHomeSearch

AWS inspector documentation change

Service: inspector · 2025-04-01 · Documentation low

File: inspector/latest/user/sbom-generator.md

Summary

Added documentation about default scanner groups for different subcommands and how to use additional scanners to enhance detection capabilities

Security assessment

The change documents enhanced scanning capabilities, which is a security feature, but there is no evidence of addressing a specific security vulnerability.

Diff

diff --git a/inspector/latest/user/sbom-generator.md b/inspector/latest/user/sbom-generator.md
index 9d4ae577d..cb8e0b5cb 100644
--- a/inspector/latest/user/sbom-generator.md
+++ b/inspector/latest/user/sbom-generator.md
@@ -248,0 +249,32 @@ This command authenticates to Amazon Inspector using the ARN for an IAM role.
+### Use additional scanners to enhance detection capabilities
+
+The Amazon Inspector SBOM Generator applies predefined scanners based on the command being used. 
+
+###### Default scanner groups
+
+Each Amazon Inspector SBOM Generator subcommand applies the following default scanner groups automatically. 
+
+  * For the `directory` subcommand: binary, programming-language-packages, dockerfile scanner groups 
+
+  * For the `localhost` subcommand: os, programming-language-packages, extra-ecosystems scanner groups 
+
+  * For the `container` subcommand: os, programming-language-packages, extra-ecosystems, dockerfile, binary scanner groups 
+
+
+
+
+###### Special scanners
+
+To include scanners beyond the default scanner groups, use the `--additional-scanners` option followed by the name of the scanner to be added. The following is an example command showing how to do this. 
+    
+    
+    # Add WordPress installation scanner to directory scan
+    ./inspector-sbomgen directory --path /path/to/directory/ --additional-scanners wordpress-installation -o output.jso
+                
+
+The following is an example command showing how to add multiple scanners with a comma-separated list. 
+    
+    
+    ./inspector-sbomgen container --image image:tag --additional-scanners scanner1,scanner2 -o output.json
+                
+