AWS inspector documentation change
Summary
Added documentation about default scanner groups for different subcommands and how to use additional scanners to enhance detection capabilities
Security assessment
The change documents enhanced scanning capabilities, which is a security feature, but there is no evidence of addressing a specific security vulnerability.
Diff
diff --git a/inspector/latest/user/sbom-generator.md b/inspector/latest/user/sbom-generator.md index 9d4ae577d..cb8e0b5cb 100644 --- a/inspector/latest/user/sbom-generator.md +++ b/inspector/latest/user/sbom-generator.md @@ -248,0 +249,32 @@ This command authenticates to Amazon Inspector using the ARN for an IAM role. +### Use additional scanners to enhance detection capabilities + +The Amazon Inspector SBOM Generator applies predefined scanners based on the command being used. + +###### Default scanner groups + +Each Amazon Inspector SBOM Generator subcommand applies the following default scanner groups automatically. + + * For the `directory` subcommand: binary, programming-language-packages, dockerfile scanner groups + + * For the `localhost` subcommand: os, programming-language-packages, extra-ecosystems scanner groups + + * For the `container` subcommand: os, programming-language-packages, extra-ecosystems, dockerfile, binary scanner groups + + + + +###### Special scanners + +To include scanners beyond the default scanner groups, use the `--additional-scanners` option followed by the name of the scanner to be added. The following is an example command showing how to do this. + + + # Add WordPress installation scanner to directory scan + ./inspector-sbomgen directory --path /path/to/directory/ --additional-scanners wordpress-installation -o output.jso + + +The following is an example command showing how to add multiple scanners with a comma-separated list. + + + ./inspector-sbomgen container --image image:tag --additional-scanners scanner1,scanner2 -o output.json + +