AWS inspector documentation change
Summary
Added note clarifying exclusion of container runtime directories like /var/lib/docker/ from EC2 scans.
Security assessment
Clarifies scan scope limitations but does not address a specific vulnerability. Security documentation improvement about coverage boundaries.
Diff
diff --git a/inspector/latest/user/scanning-ec2.md b/inspector/latest/user/scanning-ec2.md index 7d1a1fe38..de2aec3f1 100644 --- a//inspector/latest/user/scanning-ec2.md +++ b//inspector/latest/user/scanning-ec2.md @@ -14,0 +15,4 @@ Amazon Inspector uses the scan methods that you activate for your account. When +###### Note + +Amazon EC2 scanning does not scan filesystem directories related to virtual environment even if they are provisioned through deep inspection. For example, the path `/var/lib/docker/` is not scanned because it's commonly used for container run times. +