AWS inspector medium security documentation change
Summary
Added documentation about false positive CVEs (CVE-2025-47914 and CVE-2025-58181) in SBOM Generator, introduced AWS Organizations policy support for centralized governance, updated managed policies, and made minor URL/text corrections.
Security assessment
The change explicitly addresses two CVEs (security vulnerabilities) by informing users they are false positives in SBOM Generator. This directly relates to security incident communication. The AWS Organizations policy addition documents security controls for centralized governance.
Diff
diff --git a/inspector/latest/user/doc-history.md b/inspector/latest/user/doc-history.md index b0959a068..6da451ca2 100644 --- a//inspector/latest/user/doc-history.md +++ b//inspector/latest/user/doc-history.md @@ -10,0 +11,2 @@ Change| Description| Date +Updates for Amazon Inspector SBOM Generator| Amazon Inspector is aware of a scenario where the Amazon Inspector SBOM Generator might generate vulnerability findings for `CVE-2025-47914` and `CVE-2025-58181`. It was confirmed the Amazon Inspector SBOM Generator is not impacted by these CVEs. We are presently working on improvements to resolve these detections. In the mean time, customers may safely ignore or suppress these vulnerabilities. | November 20, 2025 +New feature| Amazon Inspector now supports AWS Organizations policies for centralized enablement and governance across organization accounts. Organization policies allow you to automatically enable Amazon Inspector scan types across your organization and prevent unauthorized modifications. For more information, see [Getting started tutorial](https://docs.aws.amazon.com/inspector/latest/user/getting_started_tutorial.html) and [Managing multiple accounts](https://docs.aws.amazon.com/inspector/latest/user/managing-multiple-accounts.html). | November 19, 2025 @@ -12 +14 @@ Updates for Amazon Inspector SBOM Generator| Amazon Inspector is made aware of -Updated policies| Amazon Inspector adds new permissions to the managed policies [`AmazonInspector2FullAccess_v2`](https://docs.aws.amazon.com/inspector/latest/user/security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonInspector2FullAccessV2) and [`AmazonInspector2ReadOnlyAccess`](https://docs.aws.amazon.com/inspector/latest/user/security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonInspector2ReadOnlyAccess). The permissions allow viewing of Inspector organizational policies and delegation configurations established through AWS Organizations policies. For more information, see [AWS managed policies for Amazon Inspector](https://docs.aws.amazon.com/inspector/latest/user/security-iam-awsmanpol.html). | November 14, 2025 +Updated policies| Amazon Inspector adds new permissions to the managed policies [`AmazonInspector2FullAccess_v2`](https://docs.aws.amazon.com/inspector/latest/user/security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonInspector2FullAccessV2) and [`AmazonInspector2ReadOnlyAccess`](https://docs.aws.amazon.com/inspector/latest/user/security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonInspector2ReadOnlyAccess). The permissions allow viewing of Amazon Inspector organizational policies and delegation configurations established through AWS Organizations policies. For more information, see [AWS managed policies for Amazon Inspector](https://docs.aws.amazon.com/inspector/latest/user/security-iam-awsmanpol.html). | November 14, 2025 @@ -36,3 +38,3 @@ Updates to table of contents| Amazon Inspector adds new topic to Amazon Inspect -Updated functionality| Amazon Inspector adds nodejs202.x and python3.13 to its list of supported runtimes for Lambda standard scanning. For more information, see [Supported operating systems and programming languages for Amazon Inspector](https://docs.aws.amazon.com/inspector/latest/user/supported.html). | January 24, 2025 -Updated functionality| Amazon Inspector removes Oracle Linux (Oracle) 7 and SUSE Linux Enterprise Server (SLES) 15.5 from its list of supported operating systems for Amazon EC2 and Amazon ECR. For more information, see [Supported operating systems and programming languages for Amazon Inspector](https://docs.aws.amazon.com/inspector/latest/user/supported.html). | December 31, 2024 -Updated functionality| Amazon Inspector adds Ubuntu 24.10 to its list of supported operating systems for Amazon EC2 and Amazon ECR. For more information, see [Supported operating systems and programming languages for Amazon Inspector](https://docs.aws.amazon.com/inspector/latest/user/supported.html). | December 12, 2024 +Updated functionality| Amazon Inspector adds nodejs202.x and python3.13 to its list of supported runtimes for Lambda standard scanning. For more information, see [Supported operating systems and programming languages for Amazon Inspector](https://docs.aws.amazon.com//inspector/latest/user/supported.html). | January 24, 2025 +Updated functionality| Amazon Inspector removes Oracle Linux (Oracle) 7 and SUSE Linux Enterprise Server (SLES) 15.5 from its list of supported operating systems for Amazon EC2 and Amazon ECR. For more information, see [Supported operating systems and programming languages for Amazon Inspector](https://docs.aws.amazon.com//inspector/latest/user/supported.html). | December 31, 2024 +Updated functionality| Amazon Inspector adds Ubuntu 24.10 to its list of supported operating systems for Amazon EC2 and Amazon ECR. For more information, see [Supported operating systems and programming languages for Amazon Inspector](https://docs.aws.amazon.com//inspector/latest/user/supported.html). | December 12, 2024 @@ -43,2 +45,2 @@ Updates to table of contents| Amazon Inspector reorganizes the table of content -Updated functionality| Amazon Inspector removes Fedora 39 from its list of supported operating systems for Amazon EC2 and Amazon ECR. For more information, see [Supported operating systems and programming languages for Amazon Inspector](https://docs.aws.amazon.com/inspector/latest/user/supported.html). | November 22, 2024 -Updated functionality| Amazon Inspector removes Alpine 3.17 from its list of supported operating systems for Amazon ECR. For more information, see [Supported operating systems and programming languages for Amazon Inspector](https://docs.aws.amazon.com/inspector/latest/user/supported.html). | November 22, 2024 +Updated functionality| Amazon Inspector removes Fedora 39 from its list of supported operating systems for Amazon EC2 and Amazon ECR. For more information, see [Supported operating systems and programming languages for Amazon Inspector](https://docs.aws.amazon.com//inspector/latest/user/supported.html). | November 22, 2024 +Updated functionality| Amazon Inspector removes Alpine 3.17 from its list of supported operating systems for Amazon ECR. For more information, see [Supported operating systems and programming languages for Amazon Inspector](https://docs.aws.amazon.com//inspector/latest/user/supported.html). | November 22, 2024 @@ -46 +48 @@ Updated functionality| Amazon Inspector adds Sbomgen versions to [Previous vers -Updated functionality| Amazon Inspector adds AL2 as a supported runtime. For more information, see [Supported operating systems and programming languages for Amazon Inspector](https://docs.aws.amazon.com/inspector/latest/user/supported.html). | August 26, 2024 +Updated functionality| Amazon Inspector adds AL2 as a supported runtime. For more information, see [Supported operating systems and programming languages for Amazon Inspector](https://docs.aws.amazon.com//inspector/latest/user/supported.html). | August 26, 2024 @@ -65 +67 @@ New feature| You can now [exclude EC2 instances from Amazon Inspector scans usin -New feature| Amazon Inspector has added new permissions that allow Amazon Inspector to scan network configurations of Amazon EC2 instances that are part of Elastic Load Balancing target groups.| August 31, 2023 +New feature| Amazon Inspector has added new permissions that allow Amazon Inspector to scan network configurations of Amazon EC2 instances that are part of ELB target groups.| August 31, 2023