Glue SBOM exporter and vulnerabilities
AWS Inspector2 is getting very powerfull with detailed vulnerabilities of EC2, ECR, Lambda functions, but the one missing is glue jobs. For that i created a SBOM Extractor for Glue Jobs.
My repo (wip) can be found here https://github.com/jverhoeks/glue-inspector/
Package table
(view on wide screen)
| Package | 2.0 | 2.0 vuln | 3.0 | 3.0 vuln | 4.0 | 4.0 vuln | shell 3.6 | shell 3.6 vuln | shell 3.9 | shell 3.9 vuln | shell 3.9 analytics | shell 3.9 analytics vuln |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Cython | 0.29.15 | 0.29.4 | 0.29.32 | |||||||||
| Pillow | 9.4.0 | HIGH GHSA-56pw-mpj4-fxww | 9.4.0 | HIGH GHSA-56pw-mpj4-fxww | ||||||||
| PyGreSQL | 5.0.6 | |||||||||||
| PyMySQL | 0.9.3 | 1.0.2 | 1.0.2 | 1.0.2 | ||||||||
| PyYAML | 5.3.1 | CRITICAL CVE-2020-14343 | 5.4.1 | 6.0.1 | ||||||||
| SQLAlchemy | 1.4.36 | |||||||||||
| Spark | 1.0 | 1.0 | 1.0 | |||||||||
| aiobotocore | 1.4.2 | 2.4.1 | ||||||||||
| aiohttp | 3.8.3 | MEDIUM GHSA-pjjw-qhg8-p2p9 | 3.8.3 | MEDIUM GHSA-pjjw-qhg8-p2p9 | ||||||||
| aioitertools | 0.11.0 | 0.11.0 | ||||||||||
| aiosignal | 1.3.1 | 1.3.1 | ||||||||||
| async-timeout | 4.0.2 | 4.0.2 | ||||||||||
| asynctest | 0.13.0 | 0.13.0 | ||||||||||
| attrs | 22.2.0 | 22.2.0 | ||||||||||
| avro | 1.11.0 | HIGH CVE-2023-39410 | ||||||||||
| avro-python3 | 1.10.0 | 1.10.2 | 1.10.2 | |||||||||
| awscli | 1.27.60 | 116.242 | 1.23.5 | 1.23.5 | ||||||||
| awswrangler | 2.15.1 | |||||||||||
| boto3 | 1.12.4 | 1.18.50 | 1.24.70 | 1.9.203 | 1.22.5 | |||||||
| botocore | 1.15.4 | 1.21.50 | 1.27.59 | 1.12.232 | 1.23.5 | 1.23.5 | ||||||
| certifi | 2019.11.28 | MEDIUM CVE-2022-23491 | 2021.5.30 | MEDIUM CVE-2022-23491 | 2021.5.30 | MEDIUM CVE-2022-23491 | ||||||
| chardet | 3.0.4 | 3.0.4 | 3.0.4 | |||||||||
| charset-normalizer | 2.1.1 | 2.1.1 | ||||||||||
| click | 8.1.3 | 8.1.3 | 8.1.3 | |||||||||
| colorama | 0.4.4 | |||||||||||
| cycler | 0.10.0 | 0.10.0 | 0.10.0 | |||||||||
| docutils | 0.15.2 | 0.17.1 | 0.17.1 | |||||||||
| elasticsearch | 8.2.0 | |||||||||||
| enum34 | 1.1.9 | 1.1.10 | 1.1.10 | |||||||||
| frozenlist | 1.3.3 | 1.3.3 | ||||||||||
| fsspec | 0.6.2 | 2021.8.1 | 2021.8.1 | |||||||||
| idna | 2.9 | 2.10 | 2.10 | |||||||||
| importlib-metadata | 6.0.0 | 6.0.0 | 5.0.0 | |||||||||
| jmespath | 0.9.4 | 0.10.0 | 0.10.0 | |||||||||
| joblib | 0.14.1 | CRITICAL CVE-2022-21797 | 1.0.1 | CRITICAL CVE-2022-21797 | 1.0.1 | CRITICAL CVE-2022-21797 | ||||||
| kiwisolver | 1.1.0 | 1.3.2 | 1.4.4 | |||||||||
| matplotlib | 3.1.3 | 3.4.3 | 3.4.3 | |||||||||
| mpmath | 1.1.0 | HIGH CVE-2021-29063 | 1.2.1 | HIGH CVE-2021-29063 | 1.2.1 | HIGH CVE-2021-29063 | ||||||
| multidict | 6.0.4 | 6.0.4 | ||||||||||
| nltk | 3.5 | HIGH CVE-2021-43854 | 3.6.3 | HIGH CVE-2021-43854 | 3.7 | |||||||
| numpy | 1.18.1 | MEDIUM CVE-2021-41496 | 1.19.5 | MEDIUM CVE-2021-34141 | 1.23.5 | 1.16.2 | MEDIUM CVE-2021-41496 | 1.22.3 | ||||
| packaging | 23.0 | 23.0 | ||||||||||
| pandas | 1.0.1 | 1.3.2 | 1.5.1 | 0.24.2 | 1.4.2 | |||||||
| patsy | 0.5.1 | 0.5.1 | 0.5.1 | |||||||||
| pip | 23.0 | MEDIUM CVE-2023-5752 | 23.0.1 | MEDIUM CVE-2023-5752 | ||||||||
| pmdarima | 1.5.3 | 1.8.2 | 2.0.1 | |||||||||
| psycopg2 | 2.9.3 | |||||||||||
| ptvsd | 4.3.2 | 4.3.2 | 4.3.2 | |||||||||
| pyarrow | 0.16.0 | CRITICAL CVE-2023-47248 | 5.0.0 | CRITICAL CVE-2023-47248 | 10.0.0 | CRITICAL CVE-2023-47248 | ||||||
| pyasn1 | 0.4.8 | |||||||||||
| pyathena | 2.5.3 | |||||||||||
| pydevd | 1.9.0 | 2.5.0 | 2.5.0 | |||||||||
| pyhocon | 0.3.54 | 0.3.58 | 0.3.58 | |||||||||
| pyodbc | 4.0.32 | |||||||||||
| pyorc | 0.6.0 | |||||||||||
| pyparsing | 2.4.6 | 2.4.7 | 2.4.7 | |||||||||
| python-dateutil | 2.8.1 | 2.8.2 | 2.8.2 | |||||||||
| pytz | 2019.3 | 2021.1 | 2021.1 | |||||||||
| redshift-connector | 2.0.907 | |||||||||||
| regex | 2022.10.31 | 2022.10.31 | 2022.10.31 | |||||||||
| requests | 2.23.0 | MEDIUM CVE-2023-32681 | 2.23.0 | MEDIUM CVE-2023-32681 | 2.23.0 | MEDIUM CVE-2023-32681 | 2.22.0 | MEDIUM CVE-2023-32681 | 2.27.1 | MEDIUM CVE-2023-32681 | ||
| rsa | 4.7.2 | |||||||||||
| s3fs | 0.4.0 | 2021.8.1 | 2022.11.0 | 2022.3.0 | ||||||||
| s3transfer | 0.3.3 | 0.5.0 | 0.6.0 | |||||||||
| scikit-learn | 0.22.1 | 0.24.2 | 0.24.2 | 0.20.3 | 1.0.2 | |||||||
| scipy | 1.4.1 | MEDIUM CVE-2023-25399 | 1.7.1 | MEDIUM CVE-2023-25399 | 1.9.3 | MEDIUM CVE-2023-25399 | 1.2.1 | MEDIUM CVE-2023-25399 | 1.8.0 | MEDIUM CVE-2023-25399 | ||
| setuptools | 45.2.0 | HIGH CVE-2022-40897 | 49.1.3 | HIGH CVE-2022-40897 | ||||||||
| six | 1.14.0 | 1.16.0 | 1.16.0 | |||||||||
| statsmodels | 0.11.1 | 0.12.2 | 0.13.5 | |||||||||
| subprocess32 | 3.5.4 | 3.5.4 | 3.5.4 | |||||||||
| sympy | 1.5.1 | 1.8 | 1.8 | |||||||||
| tbats | 1.0.9 | 1.1.0 | 1.1.0 | |||||||||
| threadpoolctl | 3.1.0 | 3.1.0 | ||||||||||
| tqdm | 4.64.1 | 4.64.1 | 4.64.1 | |||||||||
| typing-extensions | 4.4.0 | |||||||||||
| typing_extensions | 4.4.0 | 4.4.0 | ||||||||||
| urllib3 | 1.25.8 | MEDIUM CVE-2023-45803 | 1.25.11 | MEDIUM CVE-2023-45803 | 1.25.11 | MEDIUM CVE-2023-45803 | ||||||
| wheel | 0.35.1 | HIGH CVE-2022-40898 | 0.37.0 | HIGH CVE-2022-40898 | 0.37.0 | HIGH CVE-2022-40898 | ||||||
| wrapt | 1.14.1 | 1.14.1 | ||||||||||
| yarl | 1.8.2 | 1.8.2 | ||||||||||
| zipp | 3.12.0 | 3.12.0 | 3.10.0 |