Use the live cost modeling tool →

An interactive tool for estimating the monthly cost of Amazon Inspector container image scanning across different scanning strategies and workload sizes.

AWS Inspector offers several container scanning modes with very different cost profiles. At scale (hundreds of builds per day across dozens of services), the difference between on-push scanning, continuous scanning, and CI/CD pipeline scanning can be tens of thousands of dollars per month. This tool makes those trade-offs visible so you can make informed decisions about your scanning strategy.

Prices are US East (N. Virginia) as of February 2026. See AWS Inspector Pricing for the latest.

Explorer tab — Stacked area charts showing how monthly cost changes as you adjust:

• Pipeline runs (builds) per day (100–500)
• Total container images / services (10–100)
• ECR image retention (lifecycle policy or fixed image count)
• Vulnerability database rescan frequency
• Which scanning layers are active

Scenario Comparison tab — Configure up to three scenarios side by side with independent parameters. Compare them with a stacked bar chart and a detailed breakdown table.

• Each build rebuilds and pushes exactly one container image to ECR with a new digest.
• Lifecycle retention mode: retained images = all digests pushed within the retention window. Live containers (latest digest per service) are always kept.
• Baseline retention mode: a fixed number of images in the registry, floored by the live service count.

Requires Python 3.10+ and uv:

git clone <this-repo>
cd inspector-cost
uv sync
uv run shiny run app.py

This project is provided as-is for cost estimation purposes. AWS pricing may change; always verify against the official pricing page.