AWS Security ChangesHomeSearch

AWS inspector documentation change

Service: inspector · 2026-05-10 · Documentation medium

File: inspector/latest/user/supported.md

Summary

Added Docker to supported hardened images, clarified repository support limitations, updated RHEL vulnerability sources, and added Windows Server support for agent-based scanning.

Security assessment

This expands documentation of security features (vulnerability scanning capabilities) but doesn't address any specific security vulnerability. The Windows Server addition enhances security coverage but isn't linked to a specific security incident.

Diff

diff --git a/inspector/latest/user/supported.md b/inspector/latest/user/supported.md
index 25305873b..f12b7f5c5 100644
--- a//inspector/latest/user/supported.md
+++ b//inspector/latest/user/supported.md
@@ -23 +23 @@ For Amazon EC2 instances, Amazon Inspector can scan for package vulnerabilities
-For ECR container images, Amazon Inspector can scan for operating system and programming language package vulnerabilities. Amazon Inspector also supports hardened images provided by Chainguard, Minimus, and Echo. Amazon Inspector does not scan for toolchain vulnerabilities in Rust——the version of the programming language compiler used to build the application introduces these vulnerabilities. 
+For ECR container images, Amazon Inspector can scan for operating system and programming language package vulnerabilities. Amazon Inspector also supports hardened images provided by Chainguard, Minimus, Echo, and Docker. Amazon Inspector does not scan for toolchain vulnerabilities in Rust——the version of the programming language compiler used to build the application introduces these vulnerabilities. 
@@ -65 +65 @@ When using the agent-based scanning method, you configure the SSM agent to perfo
-Linux operating system detections are supported only for the default package manager repository (rpm and dpkg) and don't include third-party applications, extended support repositories (RHEL EUS, E4S, AUS, and TUS), and optional repositories (application streams). Amazon Inspector scans the running kernel for vulnerabilities. For some operating systems, like Ubuntu, a reboot is required for upgrades to show in active findings. 
+Linux operating system detections are supported only for the default package manager repository (rpm and dpkg) and don't include third-party applications, extended support repositories, and optional repositories (application streams) unless otherwise specified below. Amazon Inspector scans the running kernel for vulnerabilities. For some operating systems, like Ubuntu, a reboot is required for upgrades to show in active findings. 
@@ -84,3 +84,3 @@ Oracle Linux (Oracle) | 10 | Errata CVE | Yes | Yes
-Red Hat Enterprise Linux (RHEL) | 8 | RHEL VEX CVE | Yes | Yes  
-Red Hat Enterprise Linux (RHEL) | 9 | RHEL VEX CVE | Yes | Yes  
-Red Hat Enterprise Linux (RHEL) | 10 | RHEL VEX CVE | Yes | Yes  
+Red Hat Enterprise Linux (RHEL) | 8 | RHEL CVE (BaseOS & EUS/E2S/E4S) | Yes | Yes  
+Red Hat Enterprise Linux (RHEL) | 9 | RHEL CVE (BaseOS & EUS/E2S/E4S) | Yes | Yes  
+Red Hat Enterprise Linux (RHEL) | 10 | RHEL CVE (BaseOS & EUS/E2S/E4S) | Yes | Yes  
@@ -139,3 +139,3 @@ Photon OS | 5 | Errata CVE
-Red Hat Enterprise Linux (RHEL) | 8 | RHEL VEX CVE  
-Red Hat Enterprise Linux (RHEL) | 9 | RHEL VEX CVE  
-Red Hat Enterprise Linux (RHEL) | 10 | RHEL VEX CVE  
+Red Hat Enterprise Linux (RHEL) | 8 | RHEL CVE (BaseOS & EUS/E2S/E4S)  
+Red Hat Enterprise Linux (RHEL) | 9 | RHEL CVE (BaseOS & EUS/E2S/E4S)  
+Red Hat Enterprise Linux (RHEL) | 10 | RHEL CVE (BaseOS & EUS/E2S/E4S)  
@@ -224,0 +225,4 @@ Wolfi Linux | –
+Windows Server | 2016  
+Windows Server | 2019  
+Windows Server | 2022  
+Windows Server | 2025