AWS inspector documentation change
Summary
Added documentation about unresolved hashes in SBOM exports when dependencies use version ranges/dynamic references
Security assessment
The change documents existing limitations in vulnerability scanning capabilities (unresolved hashes) rather than addressing a specific vulnerability. While it relates to security visibility, there's no evidence of fixing an active security issue. The documentation improvement helps users understand SBOM coverage limitations.
Diff
diff --git a/inspector/latest/user/sbom-export.md b/inspector/latest/user/sbom-export.md index a99650a75..508714c01 100644 --- a//inspector/latest/user/sbom-export.md +++ b//inspector/latest/user/sbom-export.md @@ -10,0 +11,2 @@ A software bill of materials (SBOM) is a nested inventory of all the open-source +Some software components and package managers use version ranges or dynamic references instead of fixed versions for dependencies. This practice creates unresolved hashes, where Amazon Inspector identifies a hash or jar file but cannot map it to a specific name and version for vulnerability detection. Amazon Inspector now includes these unresolved hashes in Software Bill of Materials (SBOM) exports. While these packages cannot be scanned for vulnerabilities, their hash values are available within the exported components list. +