Scan for known CVEs vulnerabilities from the online CVE database, as well as misconfigurations and deviations from best practices.
See also the Container Scanning page.
aquasecurity/trivyhttps://www.aquasec.com/blog/trivy-now-scans-amazon-machine-images-amis/
See Trivy doc.
Not as well suited as Trivy, needs to scan a running instance booted from an AMI or a filesystem extract of an AMI.
Checkov by Bridgecrew is an open-source infrastructure-as-code scanning tool by Bridgecrew that also includes capabilities for AMI scanning to catch misconfigurations and compliance issues.
https://aws.amazon.com/inspector/
Scans AMIs and EC2 instances for vulnerabilities and deviations from security best practices.
Full suite of propietary cloud-native security tools by the creators of Trivy - includes scanning for AMI vulnerabilities and compliance checks within AWS environments.
Comprehensive security auditing, including AMI scanning, for AWS environments.
https://www.tenable.com/products/tenable-io
By the creators of the famous and widely used open source security scanner Nessus that has been around forever.
Proprietary tools by the creators of Grype that includes deep container and AMI scanning capabilities to detect vulnerabilities, enforce security policies, and ensure compliance in AWS.
https://snyk.io/product/infrastructure-as-code-security/
Snyk provides security for infrastructure-as-code, including AMI scanning, to catch potential misconfigurations and security vulnerabilities.
https://www.crowdstrike.com/products/cloud-security/
CrowdStrike Falcon provides endpoint security with cloud scanning capabilities, including AMI vulnerability scanning and continuous monitoring for AWS.
Installation script for AWS AMI build can be found in the HariSekhon/Packer repo.
Continuous vulnerability scanning, including AMIs scanning, to detect potential misconfigurations and security risks.
https://azure.microsoft.com/en-us/services/defender-for-cloud/
Security monitoring across cloud environments, including AMI vulnerability scanning and best practices for AWS.
AMI scanning to detect security vulnerabilities and misconfigurations in AWS.
Provides continuous security scanning, including for AMIs, to detect vulnerabilities, compliance issues, and misconfigurations.
https://www.paloaltonetworks.com/prisma/cloud
Continuous security monitoring for cloud environments, including AMI scanning, to detect vulnerabilities and enforce compliance.
Cloud security platform that includes AMI scanning, compliance, and best practices for AWS resources.
AMI scanning for vulnerabilities, compliance and misconfigurations across AWS environments.
Vulnerability scanning for AMIs and compliance checks for cloud enviroments.
https://www.trendmicro.com/cloudone
Trend Micro Cloud One provides multi-cloud security, including AMI scanning to detect vulnerabilities, manage compliance, and safeguard AWS instances.
https://www.rapid7.com/products/insightvm/
InsightVM by Rapid7 provides cloud-native vulnerability management, including AMI scanning to identify security risks in AWS environments.
https://www.trendmicro.com/en_us/business/products/hybrid-cloud/deep-security.html
Comprehensive protection for AWS environments, including AMI scanning to detect vulnerabilities and maintain compliance.
https://www.checkpoint.com/products/cloudguard-dome9/
Cloud security management with AMI scanning capabilities to help manage security and compliance for AWS resources.
Ported from various private Knowledge Base pages 2018+