This article provides guidance for AWS Marketplace sellers on securing their product catalogs through security scanning, notifications, and remediation processes.

• AWS Marketplace regularly scans AMIs and container images for security vulnerabilities
• Sellers receive email notifications and portal alerts when issues are detected
• Add multiple email addresses to seller account for timely security notifications
• Sellers must resolve issues within provided timeframes or products face restrictions
• Options include submitting new versions, restricting affected versions, or requesting support extensions
• Proactively scan software and monitor NIST National Vulnerability Database for CVEs
• Maintain good version hygiene by restricting older versions even without vulnerabilities
• Implement automated patching pipelines to accelerate CVE fixes and version releases

AWS Marketplace sellers share responsibility for catalog security; prompt action on notifications and proactive vulnerability management protect shared customers.