Amazon Inspector Now Scans Amazon Web Services Lambda Functions for Vulnerabilities

{"value":"[Amazon Inspector](https://aws.amazon.com/inspector/) is a vulnerability management service that continually scans workloads across [Amazon Elastic Compute Cloud (Amazon EC2) ](https://aws.amazon.com/ec2/)instances, container images living in [Amazon Elastic Container Registry (Amazon ECR)](https://aws.amazon.com/ecr/), and, starting today, [Amazon Web Services Lambda](https://aws.amazon.com/lambda/) functions and Lambda layers.\n\nUntil today, customers that wanted to analyze their mixed workloads (including EC2 instances, container images, and Lambda functions) against common vulnerabilities needed to use Amazon Web Services and third-party tools. This increased the complexity of keeping all their workloads secure.\n\nIn addition, the [log4j vulnerability](https://logging.apache.org/log4j/2.x/security.html) a few months ago was a great example that scanning your functions for vulnerabilities only before deployment is not enough. Because new vulnerabilities can appear at any time, it is very important for the security of your applications that the workloads are continuously monitored and rescanned in near real-time as new vulnerabilities are published.\n\n**++Getting started++**\nThe first step to getting started with [Amazon Inspector](https://aws.amazon.com/cn/inspector/?trk=cndc-detail) is to enable it for your account or your entire [Amazon Web Services Organizations](https://aws.amazon.com/organizations/). Once activated, [Amazon Inspector](https://aws.amazon.com/cn/inspector/?trk=cndc-detail) automatically scans the functions in the selected accounts. [Amazon Inspector](https://aws.amazon.com/cn/inspector/?trk=cndc-detail) is a native Amazon Web Services service; this means that you don’t need to install a library or agent in your functions or layers for this to work.\n\n[Amazon Inspector](https://aws.amazon.com/cn/inspector/?trk=cndc-detail) is available starting today for functions and layers written in Java, NodeJS, and Python. By default, it continually scans all the functions inside your account, but if you want to exclude a particular Lambda function, you can attach the tag with the key ```InspectorExclusion``` and the value```LambdaStandardScanning```.\n\n[Amazon Inspector](https://aws.amazon.com/cn/inspector/?trk=cndc-detail) scans functions and layers initially upon deployment and automatically rescans them when there are changes in the workloads, for example, when a Lambda function is updated or when a new vulnerability ([CVE](https://cve.mitre.org/)) is published.\n\n\n\nIn addition to functions, [Amazon Inspector](https://aws.amazon.com/cn/inspector/?trk=cndc-detail) scans your Lambda layers; however, it only scans the specific layer version that is used in a function. If a layer or layer version is not used by any function, then it won’t get analyzed. If you are using third-party layers, [Amazon Inspector](https://aws.amazon.com/cn/inspector/?trk=cndc-detail) also scans them for vulnerabilities.\n\nYou can see the findings for the different functions in the [Amazon Inspector](https://aws.amazon.com/cn/inspector/?trk=cndc-detail) **Findings** console filtered **By Lambda function**. When [Amazon Inspector](https://aws.amazon.com/cn/inspector/?trk=cndc-detail) finds something, all the findings are routed to [Amazon Web Services Security Hub](https://aws.amazon.com/security-hub/) and to [Amazon EventBridge ](https://aws.amazon.com/eventbridge/)so you can build automation workflows, like sending notifications to the developers or system administrators.\n\n\n\n**++Available Now++**\n[Amazon Inspector](https://aws.amazon.com/cn/inspector/?trk=cndc-detail) support for Amazon Web Services Lambda functions and layers is generally available today in US East (Ohio), US East (N. Virginia), US West (N. California), US West (Oregon), Asia Pacific (Hong Kong), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Milan), Europe (Paris), Europe (Stockholm), Middle East (Bahrain), and South America (Sao Paulo).\n\nIf you want to try this new feature,[ there is a 15-day free trial for you](https://aws.amazon.com/inspector/pricing/). [Visit the service page](https://aws.amazon.com/inspector/) to read more about the service and the free trial.\n\n— [Marcia](https://twitter.com/mavi888uy)\n\n\n\n\n### Marcia Villalba\nMarcia Villalba is a Principal Developer Advocate for Amazon Web Services. She has almost 20 years of experience working in the software industry building and scaling applications. Her passion is designing systems that can take full advantage of the cloud and embrace the DevOps culture.","render":"<p><a href=\\"https://aws.amazon.com/inspector/\\" target=\\"_blank\\">Amazon Inspector</a> is a vulnerability management service that continually scans workloads across <a href=\\"https://aws.amazon.com/ec2/\\" target=\\"_blank\\">Amazon Elastic Compute Cloud (Amazon EC2) </a>instances, container images living in <a href=\\"https://aws.amazon.com/ecr/\\" target=\\"_blank\\">Amazon Elastic Container Registry (Amazon ECR)</a>, and, starting today, <a href=\\"https://aws.amazon.com/lambda/\\" target=\\"_blank\\">Amazon Web Services Lambda</a> functions and Lambda layers.</p>\\n<p>Until today, customers that wanted to analyze their mixed workloads (including EC2 instances, container images, and Lambda functions) against common vulnerabilities needed to use Amazon Web Services and third-party tools. This increased the complexity of keeping all their workloads secure.</p>\n<p>In addition, the <a href=\\"https://logging.apache.org/log4j/2.x/security.html\\" target=\\"_blank\\">log4j vulnerability</a> a few months ago was a great example that scanning your functions for vulnerabilities only before deployment is not enough. Because new vulnerabilities can appear at any time, it is very important for the security of your applications that the workloads are continuously monitored and rescanned in near real-time as new vulnerabilities are published.</p>\\n<p><strong><ins>Getting started</ins></strong><br />\\nThe first step to getting started with Amazon Inspector is to enable it for your account or your entire <a href=\\"https://aws.amazon.com/organizations/\\" target=\\"_blank\\">Amazon Web Services Organizations</a>. Once activated, [Amazon Inspector](https://aws.amazon.com/cn/inspector/?trk=cndc-detail) automatically scans the functions in the selected accounts. [Amazon Inspector](https://aws.amazon.com/cn/inspector/?trk=cndc-detail) is a native Amazon Web Services service; this means that you don’t need to install a library or agent in your functions or layers for this to work.</p>\\n<p>Amazon Inspector is available starting today for functions and layers written in Java, NodeJS, and Python. By default, it continually scans all the functions inside your account, but if you want to exclude a particular Lambda function, you can attach the tag with the key <code>InspectorExclusion</code> and the value<code>LambdaStandardScanning</code>.</p>\\n<p>Amazon Inspector scans functions and layers initially upon deployment and automatically rescans them when there are changes in the workloads, for example, when a Lambda function is updated or when a new vulnerability (<a href=\\"https://cve.mitre.org/\\" target=\\"_blank\\">CVE</a>) is published.</p>\\n<p><img src=\\"https://dev-media.amazoncloud.cn/37626f4a01864fc09ff16c86b034011f_image.png\\" alt=\\"image.png\\" /></p>\n<p>In addition to functions, Amazon Inspector scans your Lambda layers; however, it only scans the specific layer version that is used in a function. If a layer or layer version is not used by any function, then it won’t get analyzed. If you are using third-party layers, Amazon Inspector also scans them for vulnerabilities.</p>\n<p>You can see the findings for the different functions in the Amazon Inspector <strong>Findings</strong> console filtered <strong>By Lambda function</strong>. When [Amazon Inspector](https://aws.amazon.com/cn/inspector/?trk=cndc-detail) finds something, all the findings are routed to <a href=\\"https://aws.amazon.com/security-hub/\\" target=\\"_blank\\">Amazon Web Services Security Hub</a> and to <a href=\\"https://aws.amazon.com/eventbridge/\\" target=\\"_blank\\">Amazon EventBridge </a>so you can build automation workflows, like sending notifications to the developers or system administrators.</p>\\n<p><img src=\\"https://dev-media.amazoncloud.cn/92f2382827c943f4911b5b78eae2e6dc_image.png\\" alt=\\"image.png\\" /></p>\n<p><strong><ins>Available Now</ins></strong><br />\\nAmazon Inspector support for Amazon Web Services Lambda functions and layers is generally available today in US East (Ohio), US East (N. Virginia), US West (N. California), US West (Oregon), Asia Pacific (Hong Kong), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Milan), Europe (Paris), Europe (Stockholm), Middle East (Bahrain), and South America (Sao Paulo).</p>\n<p>If you want to try this new feature,<a href=\\"https://aws.amazon.com/inspector/pricing/\\" target=\\"_blank\\"> there is a 15-day free trial for you</a>. <a href=\\"https://aws.amazon.com/inspector/\\" target=\\"_blank\\">Visit the service page</a> to read more about the service and the free trial.</p>\\n<p>— <a href=\\"https://twitter.com/mavi888uy\\" target=\\"_blank\\">Marcia</a></p>\\n<p><img src=\\"https://dev-media.amazoncloud.cn/a6f71c8506134be4a7b5ad0a36000d3a_marcia-profile%281%29.jpg\\" alt=\\"marciaprofile1.jpg\\" /></p>\n<h3><a id=\\"Marcia_Villalba_31\\"></a>Marcia Villalba</h3>\\n<p>Marcia Villalba is a Principal Developer Advocate for Amazon Web Services. She has almost 20 years of experience working in the software industry building and scaling applications. Her passion is designing systems that can take full advantage of the cloud and embrace the DevOps culture.</p>\n"}