Understanding findings in Amazon Inspector
A finding is a detailed report about a vulnerability that affects one of your Amazon resources. Findings are named after detected vulnerabilities and provide severity ratings, information about affected resources, and details that describe how to remediate reported vulnerabilities.
Amazon Inspector generates a finding whenever it detects a vulnerability in an Amazon EC2 instance, a container image in an Amazon ECR repository, or an Amazon Lambda function. Amazon Inspector continually scans your compute environment and stores all of your active findings until you remediate them.
When you remediate a finding, the finding is automatically closed, and Amazon Inspector deletes the finding after 7 days. However, closed findings can be reopened within these 7 days if the issue that caused the vulnerability reoccurs.
If you disable Amazon Inspector, findings are removed after 24 hours. If Amazon suspends your account, findings are removed after 90 days.
Findings are categorized in one of the following states:
- Active
-
Amazon Inspector identifies findings that haven't been remediated as Active.
- Suppressed
-
Amazon Inspector identifies findings that are subject to one or more suppression rules as Suppressed.
- Closed
-
When you remediate a finding, Amazon Inspector identifies the finding as Closed.