Announcing AWS Inspector scanner support for Chainguard Libraries
Today, we’re expanding our partnership with AWS. Chainguard Libraries for Python is now supported by Amazon Inspector’s enhanced scanning for Amazon ECR. This integration brings proactive malware prevention and high-impact CVE remediation directly into your AWS vulnerability management workflows. It builds on our existing integrations that help organizations secure their containerized applications across AWS.
Why this integration matters
Modern software is built on open source, and that dependency chain has never been more dangerous. Up to 90 percent of enterprise application code comes from open source libraries, and attackers are targeting the ecosystem at unprecedented scale. Our research shows that 98 percent of malware in the Python ecosystem is introduced during the build or distribution process, not in the upstream source.
Chainguard Libraries solves this problem by rebuilding Python packages from verified source code in the Chainguard Factory, preventing malicious or tampered binaries from ever reaching your applications.
We also backport upstream fixes for critical and high-severity CVEs across popular and highly requested Python libraries such as Django and Flask. With this integration, AWS Inspector can now recognize those remediated CVEs, giving you an accurate view of your known risk posture while benefiting from libraries that are inherently safer than what’s available on public registries.
Bringing prevention into your vulnerability management workflow
AWS Inspector is already a critical tool for organizations, continuously scanning EC2 instances, container images in Amazon ECR, and Lambda functions for vulnerabilities and network exposure. With this new integration, Inspector's capabilities are extended to recognize Chainguard-remediated CVEs in Python libraries, helping you stay secure while you plan your next version upgrade.
Here's how it works: when you use Chainguard Libraries in your AWS environment, our scanner integration surfaces findings directly in AWS Inspector. This unified view enables your security and engineering teams to view both container and library-level vulnerabilities in one place, making it easier to prioritize remediation and maintain compliance across your entire AWS infrastructure. Notably, for the CVEs Chainguard has remediated, those vulnerabilities will no longer appear on your vulnerability dashboard.
The integration offers AWS customers using AWS Inspector several key benefits, including:
Unified visibility across your AWS workloads: See container image vulnerabilities, operating system packages, and language library security posture in one consolidated view within AWS Inspector. This eliminates tool sprawl and gives your teams a single source of truth for vulnerability management across your AWS environment.
Reduced engineering toil: Free your engineering teams from endless CVE triage and remediation cycles. When Inspector scans workloads built with Chainguard Libraries, there are simply fewer vulnerabilities to investigate, allowing developers to focus on building features rather than patching dependencies.
Proactive malware prevention, not just known malware detection: Unlike traditional scanners that detect known malware after it enters your environment, Chainguard Libraries prevents malicious packages from ever being introduced. When Inspector scans your workloads using Chainguard Libraries, you're already starting from a clean, trusted baseline.
Streamlined compliance for AWS customers: Meet requirements for FedRAMP, NIST 800-53, PCI-DSS, SOC2, and other frameworks more easily with libraries that include full provenance and SBOMs. The integration with Inspector means you can demonstrate continuous compliance monitoring to auditors directly within AWS.
Building on our AWS partnership
Chainguard has long been a trusted partner in the AWS ecosystem. Chainguard Containers integrate with AWS services such as Amazon Inspector for vulnerability scanning, and customers run them on Amazon EKS and Amazon ECS, as well as other containerized environments.
Today's announcement extends this collaboration beyond containers and into the realm of language libraries—the building blocks that power modern applications. With Chainguard Libraries for Python now verified by AWS Inspector, we're helping engineering teams address supply chain security threats in a unified and efficient way.
Getting started with Chainguard Libraries Scanner for AWS Inspector
Organizations already using Chainguard Libraries can take advantage of this integration immediately; refer to the AWS docs to learn more. If you're new to Chainguard Libraries and interested in seeing how proactive malware prevention and CVE remediation can improve your AWS security posture, we'd love to show you how it works.
Contact us to learn more about how Chainguard Libraries can help secure your AWS workloads and streamline your vulnerability management workflows.
Share this article
Related articles
- Product
Chainguard’s FIPS-validated, hardened VM images: compliance without the complexity
Anushka Iyer, Product Marketing Manager, and Mark Baker, Principal Product Manager
- Product
Introducing New Updates to the Chainguard Images Directory
Ron Norman, Director of UX and Design, and Julian Vermette, Principal Software Engineer
- Product
Introducing the Self-Serve Catalog Experience
Tony Camp, Staff Product Manager
- Product
Custom Assembly Updates: Create Multiple, Customized Variants of a Chainguard Container
Tony Camp, Staff Product Manager
- Product
Class in Session: Chainguard Contributes to the Higher Education Community
Ewan Simpson, Higher Education Advocate, and SJ Cushing, Field Marketing Manager, Higher Education
- Product
Secure and Free MinIO Chainguard Containers
Manfred Moser, Senior Principal Developer Relations Engineer, Dimitri John Ledkov, Senior Principal Software Engineer, Lisa Tagliaferri, Senior Director, Developer Enablement, and Aaditya Jain, Senior Product Marketing Manager