The automated process of identifying security weaknesses, misconfigurations, and known vulnerabilities in cloud infrastructure, applications, and container images. Like a home security inspector checking every door and window for weaknesses, vulnerability scanners systematically examine your systems against databases of known threats. AWS offers Inspector and ECR scanning, Azure provides Defender for Cloud, GCP has Security Command Center and Artifact Analysis, and OCI offers Vulnerability Scanning Service.
A DevSecOps team configures AWS Inspector to automatically scan all EC2 instances and container images in ECR for known CVEs. When a critical Log4j vulnerability is detected, the team receives an alert within minutes and patches affected systems before any exploitation occurs.
All major cloud providers offer managed vulnerability scanning services that integrate with their security ecosystems.