AWS Security ChangesHomeSearch

AWS inspector documentation change

Service: inspector · 2025-04-11 · Documentation medium

File: inspector/latest/user/scanning-ec2.md

Summary

Added note clarifying exclusion of container runtime directories like /var/lib/docker/ from EC2 scans.

Security assessment

Clarifies scan scope limitations but does not address a specific vulnerability. Security documentation improvement about coverage boundaries.

Diff

diff --git a/inspector/latest/user/scanning-ec2.md b/inspector/latest/user/scanning-ec2.md
index 7d1a1fe38..de2aec3f1 100644
--- a//inspector/latest/user/scanning-ec2.md
+++ b//inspector/latest/user/scanning-ec2.md
@@ -14,0 +15,4 @@ Amazon Inspector uses the scan methods that you activate for your account. When
+###### Note
+
+Amazon EC2 scanning does not scan filesystem directories related to virtual environment even if they are provisioned through deep inspection. For example, the path `/var/lib/docker/` is not scanned because it's commonly used for container run times. 
+