Code scans for Lambda functions within Amazon Inspector now in preview
Amazon Inspector now supports code scanning of Lambda functions, expanding the existing capability to scan Lambda functions and associated layers for software vulnerabilities in application package dependencies. With this expanded capability, Amazon Inspector now also scans the custom proprietary application code within a Lambda function for code security vulnerabilities such as injection flaws, data leaks, weak cryptography, or missing encryption based on AWS security best practices. When code vulnerabilities are identified in the Lambda function or layer, Inspector generates actionable security findings along with impacted code snippets and remediation guidance. All findings are aggregated in the Amazon Inspector console, routed to AWS Security Hub, and pushed to Amazon EventBridge to automate workflows.