AWS Security ChangesHomeSearch

AWS inspector documentation change

Service: inspector · 2025-06-19 · Documentation low

File: inspector/latest/user/activate-scans.md

Summary

Updated scan type documentation with expanded coverage for EC2, ECR, Lambda, and added new Code Security scanning. Added UI visibility details and reorganized content.

Security assessment

The changes add documentation for Amazon Inspector Code Security scanning (a new security feature that scans code repositories for vulnerabilities) and expand details about existing security scanning capabilities. While these are security-related features, there's no evidence of addressing a specific vulnerability or security incident.

Diff

diff --git a/inspector/latest/user/activate-scans.md b/inspector/latest/user/activate-scans.md
index 30c6c0b04..5d465042c 100644
--- a//inspector/latest/user/activate-scans.md
+++ b//inspector/latest/user/activate-scans.md
@@ -9 +9 @@ Activating scans
-You can activate Amazon Inspector scan types at any time. When you activate a scan type, Amazon Inspector begins scanning eligible resources for the scan type immediately. The following briefly describes each scan type: 
+You can activate a scan type at any time. When you activate a scan type, Amazon Inspector begins scanning eligible resources for the scan type. 
@@ -13 +13 @@ You can activate Amazon Inspector scan types at any time. When you activate a sc
-This scan type extracts metadata from your EC2 instance before comparing the metadata against rules collected from security advisories. When you activate this scan type, Amazon Inspector scans all eligible instances in your account for package vulnerabilities and network reachability issues. 
+This scan type extracts metadata from an Amazon EC2 instance before comparing the metadata against rules collected from security advisories. When you activate this scan type, Amazon Inspector scans all eligible Amazon EC2 instances in your account for package vulnerabilities and network reachability issues. After you activate this scan type, you can view how many instances are being scanned in the **Instances** tab. 
@@ -17 +17 @@ This scan type extracts metadata from your EC2 instance before comparing the met
-This scan type scans container images in Amazon ECR. When you activate this scan type, you change the scanning configuration setting for your private registry from basic scanning to enhanced scanning. 
+This scan type scans container images and container repositories in Amazon ECR. When you activate this scan type, you change the scanning configuration setting for your private registry from basic scanning to enhanced scanning. After you activate Amazon ECR scanning, you can view how many images and repositories are being scanned in the **Container images** and **Container repositories** tabs. 
@@ -19 +19 @@ This scan type scans container images in Amazon ECR. When you activate this scan
-###### [Lambda standard scanning](https://docs.aws.amazon.com/inspector/latest/user/scanning-lambda.html#lambda-standard-scans)
+###### [Lambda standard scanning](https://docs.aws.amazon.com/inspector/latest/user/scanning-lambda.html#lambda-standard-scans) \+ [Lambda code scanning](https://docs.aws.amazon.com/inspector/latest/user/scanning-lambda.html#lambda-code-scans)
@@ -21 +21 @@ This scan type scans container images in Amazon ECR. When you activate this scan
-Lambda standard scanning is the default Lambda scan type. When you activate Lambda standard scanning, all Lambda functions in your account will be scanned for code vulnerabilities, as long as they were invoked or updated in the last 90 days. 
+Lambda standard scanning is the default Lambda scan type. When you activate Lambda standard scanning, all of your Lambda functions are scanned for software vulnerabilities, as long as they were invoked or updated in the last 90 days. After you activate Lambda standard scanning, you view how many Lambda functions are being scanned in the **Lambda functions** tab. 
@@ -23,3 +23 @@ Lambda standard scanning is the default Lambda scan type. When you activate Lamb
-###### [Lambda code scanning](https://docs.aws.amazon.com/inspector/latest/user/scanning-lambda.html#lambda-code-scans)
-
-Lambda code scanning scans custom application code in a Lambda function. When you activate Lambda code scanning, all Lambda functions in your account will be scanned for code vulnerabilities, as long as they were invoked or updated in the last 90 days. 
+Lambda code scanning scans custom application code in a Lambda function. When you activate Lambda code scanning, all of your Lambda functions will be scanned for code vulnerabilities, as long as they were invoked or updated in the last 90 days. After you activate Lambda standard scanning, you can veiw how many Lambda functions are being scanned for code vulnerabilities in the **Lambda functions** tab. 
@@ -29 +27,3 @@ Lambda code scanning scans custom application code in a Lambda function. When yo
-You can either activate Lambda standard scanning or Lambda standard scanning with Lambda code scanning. 
+You can activate Lambda standard scanning and Lambda code scanning independently or together. 
+
+###### [Amazon Inspector Code Security](https://docs.aws.amazon.com/inspector/latest/user/code-security-assessments.html)
@@ -31 +31 @@ You can either activate Lambda standard scanning or Lambda standard scanning wit
-For a more comprehensive overview of the available scan types, see [Automated resource scanning with Amazon Inspector](https://docs.aws.amazon.com/inspector/latest/user/scanning-resources.html). This section describes how to activate a scan type in Amazon Inspector. 
+This scan type scans first-party application code, third-party application dependencies, and Infrastructure as Code for vulnerabilities. When you activate Code Security, Amazon Inspector begins scanning your code repositores for code vulnerabilities based on your scan configurations. After you activate Amazon Inspector Code Security, you can view how many code repositories are being scanned in the **Code repositories** tab. 
@@ -35 +35,5 @@ For a more comprehensive overview of the available scan types, see [Automated re
-If you are the delegated administrator for Amazon Inspector in an AWS organization you can enable various Amazon Inspector scan types for multiple accounts in multiple Regions automatically using a shell script developed by Amazon Inspector [inspector2-enablement-with-cli](https://github.com/aws-samples/inspector2-enablement-with-cli) on GitHub. Otherwise, to complete this procedure for a multi-account environment through the console, complete the following steps while signed in as the Amazon Inspector delegated administrator.
+The following procedure describes how to activate a scan type in Amazon Inspector. 
+
+###### Note
+
+If you're the delegated administrator for an AWS organization, you can enable Amazon Inspector scan types for multiple accounts in multiple Regions using a shell script. For more information, see [inspector2-enablement-with-cli](https://github.com/aws-samples/inspector2-enablement-with-cli) on GitHub. Otherwise, complete the following steps while signed in as the Amazon Inspector delegated administrator. 
@@ -70 +74 @@ Automated scans
-Scanning Amazon EC2 instances
+Amazon EC2 instance scanning