Configuration and vulnerability analysis in Amazon Lambda - Amazon Lambda
Detect vulnerabilities in your Lambda functions With Amazon Inspector
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Configuration and vulnerability analysis in Amazon Lambda

Amazon Lambda provides runtimes that run your function code in an Amazon Linux–based execution environment. Lambda is responsible for keeping software in the runtime and execution environment up to date, releasing new runtimes for new languages and frameworks, and deprecating runtimes when the underlying software is no longer supported.

If you use additional libraries with your function, you're responsible for updating the libraries. You can include additional libraries in the deployment package, or in layers that you attach to your function. You can also build custom runtimes and use layers to share them with other accounts.

Lambda deprecates runtimes when the software on the runtime or its execution environment reaches end of life. When Lambda deprecates a runtime, you're responsible for migrating your functions to a supported runtime for the same language or framework. For details, see Runtime deprecation policy.

Detect vulnerabilities in your Lambda functions With Amazon Inspector

You can use Amazon Inspector to detect security vulnerabilities in your Lambda functions and layers. Amazon Inspector is an automated vulnerability scanning service that discovers and reports vulnerabilities based on its vulnerability intelligence database. The Amazon Inspector vulnerability intelligence database sources data from internal Amazon security research teams, paid vendor feeds, and industry-standard security advisories.

Amazon Inspector automatically creates an inventory of your active Lambda functions and layers then continuously monitors them for software package vulnerabilities. When Amazon Inspector discovers a vulnerability, it generates a finding that contains details about the security issue, and how to remediate the issue. You can view Amazon Inspector findings in the Amazon Inspector console or process them through other Amazon services.

For information on activating and configuring Amazon Inspector Lambda scanning, see Scanning Lambda functions with Amazon Inspector.