AWS Inspector2 Scanner
File Types
AWS Inspector2 report can be imported in json format. Inspector2 name comes from API calls to “modern” Inspector API - aws inspector2
as opposite to Classic Inspector (previous version of the service), this is an example of how such report can be generated: aws inspector2 list-findings --filter-criteria '{"resourceId":[{"comparison":"EQUALS","value":"i-instance_id_here"}]}' --region us-east-1 > inspector2_findings.json
This parser can help to get findings in a delegated admin account for AWS Inspector or in a standalone AWS account. The parser is developed mostly for a scenario where findings are obtained for a specific resource like an ECR image or an instance, and uploaded to a test in a DefectDojo engagement that represents a branch from a git repository.
A minimal valid json file with no findings:
{
"findings": []
}
Detailed API response format can be obtained here
Sample Scan Data
Sample AWS Inspector2 findings can be found here.
Default Deduplication Hashcode Fields
By default, DefectDojo identifies duplicate Findings using these hashcode fields:
- title
- severity
- description