docker · craig-osterhout · Jun 15, 2026
@@ -1,7 +1,7 @@
 ---
 title: Scanner integrations
 description: Learn which vulnerability scanners work with Docker Hardened Images and how to choose the right scanner for accurate vulnerability assessment.
-keywords: scanner integration, vulnerability scanning, docker scout, trivy, grype, wiz, black duck, aikido, container security scanners
+keywords: scanner integration, vulnerability scanning, docker scout, trivy, grype, wiz, black duck, aikido, aws inspector, container security scanners
 weight: 40
 ---
 
@@ -10,7 +10,7 @@ accurate results that reflect the actual security posture of these images, your
 scanner needs to understand the VEX (Vulnerability Exploitability eXchange)
 attestations included with each image.
 
-## Scanners with VEX support
+## Supported scanners for Docker Hardened Images
 
 The following scanners can read and apply VEX attestations included with Docker
 Hardened Images:
@@ -27,6 +27,12 @@ Hardened Images:
 
 For step-by-step instructions for Docker Scout, Trivy, and Grype, see [Scan Docker Hardened Images](/manuals/dhi/how-to/scan.md). For Wiz, Mend.io, Black Duck, and Aikido, refer to their respective documentation.
 
+Most scanners can scan Docker Hardened Images. Scanners not listed in the table,
+such as [AWS Inspector](https://docs.aws.amazon.com/inspector/latest/user/supported.html),
+can scan DHI but won't apply VEX filtering. Results will include more reported
+CVEs than the actual risk profile of the image. To reduce false positives, use a
+vendor-specific suppression method, such as [AWS Inspector suppression rules](https://docs.aws.amazon.com/inspector/latest/user/findings-managing-supression-rules.html).
+
 ## Choosing a scanner for Docker Hardened Images
 
 When selecting a scanner for use with Docker Hardened Images, whether it
@@ -168,4 +174,3 @@ exceptions. This requires:
 
 Learn how to [scan Docker Hardened Images](/manuals/dhi/how-to/scan.md) with
 VEX-compliant scanners.
-