Amazon Inspector now offers continuous monitoring of your Amazon EC2 instances for software vulnerabilities without installing an agent or additional software. Currently, Amazon Inspector leverages the widely deployed AWS Systems Manager (SSM) Agent to assess your EC2 instances for third-party software vulnerabilities. With this new capability, you can expand your vulnerability assessment coverage across your EC2 infrastructure with Amazon Inspector agentless scanning for EC2 instances that do not have SSM Agents installed or configured. For agentless scanning, Amazon Inspector takes snapshots of EBS volumes to collect software application inventory from the instances to perform vulnerability assessments. Once you enable EC2 scanning within Amazon Inspector, it automatically discovers all your EC2 instances and starts evaluating them for software vulnerabilities. Customers can enable agentless scanning by simply visiting the EC2 settings page within the Amazon Inspector console and selecting hybrid scan mode. In hybrid scan mode, Amazon Inspector relies on SSM Agents to collect information from instances to perform vulnerability assessments, and automatically switches to agentless scanning for instances that do not have SSM Agents installed or configured.
Source:: Amazon AWS