1 Risposta
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
0
As per documentation, basic scanning use CVEs from the open-source Clair project. Enhanced scanning is an integration with Amazon Inspector. This suggests both options use different database/scanners.
While enhanced scan may provide fewer findings, it may be due to basic scan generating false positives, or enhanced scan generating false negative . You may want to examine and validate the findings in more detail.
Contenuto pertinente
- AWS UFFICIALEAggiornata un anno fa
As the name implies, "Enhanced Scanning" goes deeper into the analysis of issues than "Basic scanning"
Thank you for the quick reply. To follow up on basic vs enhanced using different DBs/scanners. I have a concern that the enhanced scan is potentially missing relevant vulnerabilities. This comes from the basic scan reporting critical vulnerabilities where the enhanced scan of the same image doesn't report the same vulnerabilities.
In my case, two of the critical vulnerabilities that were reported by the basic scan don't apply to our environment. I'm still investigating the third. I was thinking the enhanced scan was somehow aware of the same critical vulnerabilities, but didn't report them because it was able to determine they don't apply. I really need to confirm if this is the case.
Is enhanced scanning at least as capable as the basic scanning? I was expecting enhanced scanning to be everything from a basic scan + some additional capability around language packages. What Mike_L is saying seems to be different. Enhanced scanning is an entirely different service, using a different DB from the basic scan, and the report could be missing relevant critical vulnerabilities that would be reported in the basic scan.
I would also like to get clarification on whether enhanced scanning is guaranteed to catch and report critical vulnerabilities, same as or similar to what, that the basic scan does.