Glue SBOM exporter and vulnerabilities
Glue SBOM exporter and vulnerabilities
AWS Inspector2 is getting very powerfull with detailed vulnerabilities of EC2, ECR, Lambda functions, but the one missing is glue jobs. For that i created a SBOM Extractor for Glue Jobs.
My repo (wip) can be found here https://github.com/jverhoeks/glue-inspector/
Package table
(view on wide screen)
| Package | 2.0 | 2.0 vuln | 3.0 | 3.0 vuln | 4.0 | 4.0 vuln | shell 3.6 | shell 3.6 vuln | shell 3.9 | shell 3.9 vuln | shell 3.9 analytics | shell 3.9 analytics vuln |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Cython | 0.29.15 | 0.29.4 | 0.29.32 | |||||||||
| Pillow | 9.4.0 | HIGH GHSA-56pw-mpj4-fxww | 9.4.0 | HIGH GHSA-56pw-mpj4-fxww | ||||||||
| PyGreSQL | 5.0.6 | |||||||||||
| PyMySQL | 0.9.3 | 1.0.2 | 1.0.2 | 1.0.2 | ||||||||
| PyYAML | 5.3.1 | CRITICAL CVE-2020-14343 | 5.4.1 | 6.0.1 | ||||||||
| SQLAlchemy | 1.4.36 | |||||||||||
| Spark | 1.0 | 1.0 | 1.0 | |||||||||
| aiobotocore | 1.4.2 | 2.4.1 | ||||||||||
| aiohttp | 3.8.3 | MEDIUM GHSA-pjjw-qhg8-p2p9 | 3.8.3 | MEDIUM GHSA-pjjw-qhg8-p2p9 | ||||||||
| aioitertools | 0.11.0 | 0.11.0 | ||||||||||
| aiosignal | 1.3.1 | 1.3.1 | ||||||||||
| async-timeout | 4.0.2 | 4.0.2 | ||||||||||
| asynctest | 0.13.0 | 0.13.0 | ||||||||||
| attrs | 22.2.0 | 22.2.0 | ||||||||||
| avro | 1.11.0 | HIGH CVE-2023-39410 | ||||||||||
| avro-python3 | 1.10.0 | 1.10.2 | 1.10.2 | |||||||||
| awscli | 1.27.60 | 116.242 | 1.23.5 | 1.23.5 | ||||||||
| awswrangler | 2.15.1 | |||||||||||
| boto3 | 1.12.4 | 1.18.50 | 1.24.70 | 1.9.203 | 1.22.5 | |||||||
| botocore | 1.15.4 | 1.21.50 | 1.27.59 | 1.12.232 | 1.23.5 | 1.23.5 | ||||||
| certifi | 2019.11.28 | MEDIUM CVE-2022-23491 | 2021.5.30 | MEDIUM CVE-2022-23491 | 2021.5.30 | MEDIUM CVE-2022-23491 | ||||||
| chardet | 3.0.4 | 3.0.4 | 3.0.4 | |||||||||
| charset-normalizer | 2.1.1 | 2.1.1 | ||||||||||
| click | 8.1.3 | 8.1.3 | 8.1.3 | |||||||||
| colorama | 0.4.4 | |||||||||||
| cycler | 0.10.0 | 0.10.0 | 0.10.0 | |||||||||
| docutils | 0.15.2 | 0.17.1 | 0.17.1 | |||||||||
| elasticsearch | 8.2.0 | |||||||||||
| enum34 | 1.1.9 | 1.1.10 | 1.1.10 | |||||||||
| frozenlist | 1.3.3 | 1.3.3 | ||||||||||
| fsspec | 0.6.2 | 2021.8.1 | 2021.8.1 | |||||||||
| idna | 2.9 | 2.10 | 2.10 | |||||||||
| importlib-metadata | 6.0.0 | 6.0.0 | 5.0.0 | |||||||||
| jmespath | 0.9.4 | 0.10.0 | 0.10.0 | |||||||||
| joblib | 0.14.1 | CRITICAL CVE-2022-21797 | 1.0.1 | CRITICAL CVE-2022-21797 | 1.0.1 | CRITICAL CVE-2022-21797 | ||||||
| kiwisolver | 1.1.0 | 1.3.2 | 1.4.4 | |||||||||
| matplotlib | 3.1.3 | 3.4.3 | 3.4.3 | |||||||||
| mpmath | 1.1.0 | HIGH CVE-2021-29063 | 1.2.1 | HIGH CVE-2021-29063 | 1.2.1 | HIGH CVE-2021-29063 | ||||||
| multidict | 6.0.4 | 6.0.4 | ||||||||||
| nltk | 3.5 | HIGH CVE-2021-43854 | 3.6.3 | HIGH CVE-2021-43854 | 3.7 | |||||||
| numpy | 1.18.1 | MEDIUM CVE-2021-41496 | 1.19.5 | MEDIUM CVE-2021-34141 | 1.23.5 | 1.16.2 | MEDIUM CVE-2021-41496 | 1.22.3 | ||||
| packaging | 23.0 | 23.0 | ||||||||||
| pandas | 1.0.1 | 1.3.2 | 1.5.1 | 0.24.2 | 1.4.2 | |||||||
| patsy | 0.5.1 | 0.5.1 | 0.5.1 | |||||||||
| pip | 23.0 | MEDIUM CVE-2023-5752 | 23.0.1 | MEDIUM CVE-2023-5752 | ||||||||
| pmdarima | 1.5.3 | 1.8.2 | 2.0.1 | |||||||||
| psycopg2 | 2.9.3 | |||||||||||
| ptvsd | 4.3.2 | 4.3.2 | 4.3.2 | |||||||||
| pyarrow | 0.16.0 | CRITICAL CVE-2023-47248 | 5.0.0 | CRITICAL CVE-2023-47248 | 10.0.0 | CRITICAL CVE-2023-47248 | ||||||
| pyasn1 | 0.4.8 | |||||||||||
| pyathena | 2.5.3 | |||||||||||
| pydevd | 1.9.0 | 2.5.0 | 2.5.0 | |||||||||
| pyhocon | 0.3.54 | 0.3.58 | 0.3.58 | |||||||||
| pyodbc | 4.0.32 | |||||||||||
| pyorc | 0.6.0 | |||||||||||
| pyparsing | 2.4.6 | 2.4.7 | 2.4.7 | |||||||||
| python-dateutil | 2.8.1 | 2.8.2 | 2.8.2 | |||||||||
| pytz | 2019.3 | 2021.1 | 2021.1 | |||||||||
| redshift-connector | 2.0.907 | |||||||||||
| regex | 2022.10.31 | 2022.10.31 | 2022.10.31 | |||||||||
| requests | 2.23.0 | MEDIUM CVE-2023-32681 | 2.23.0 | MEDIUM CVE-2023-32681 | 2.23.0 | MEDIUM CVE-2023-32681 | 2.22.0 | MEDIUM CVE-2023-32681 | 2.27.1 | MEDIUM CVE-2023-32681 | ||
| rsa | 4.7.2 | |||||||||||
| s3fs | 0.4.0 | 2021.8.1 | 2022.11.0 | 2022.3.0 | ||||||||
| s3transfer | 0.3.3 | 0.5.0 | 0.6.0 | |||||||||
| scikit-learn | 0.22.1 | 0.24.2 | 0.24.2 | 0.20.3 | 1.0.2 | |||||||
| scipy | 1.4.1 | MEDIUM CVE-2023-25399 | 1.7.1 | MEDIUM CVE-2023-25399 | 1.9.3 | MEDIUM CVE-2023-25399 | 1.2.1 | MEDIUM CVE-2023-25399 | 1.8.0 | MEDIUM CVE-2023-25399 | ||
| setuptools | 45.2.0 | HIGH CVE-2022-40897 | 49.1.3 | HIGH CVE-2022-40897 | ||||||||
| six | 1.14.0 | 1.16.0 | 1.16.0 | |||||||||
| statsmodels | 0.11.1 | 0.12.2 | 0.13.5 | |||||||||
| subprocess32 | 3.5.4 | 3.5.4 | 3.5.4 | |||||||||
| sympy | 1.5.1 | 1.8 | 1.8 | |||||||||
| tbats | 1.0.9 | 1.1.0 | 1.1.0 | |||||||||
| threadpoolctl | 3.1.0 | 3.1.0 | ||||||||||
| tqdm | 4.64.1 | 4.64.1 | 4.64.1 | |||||||||
| typing-extensions | 4.4.0 | |||||||||||
| typing_extensions | 4.4.0 | 4.4.0 | ||||||||||
| urllib3 | 1.25.8 | MEDIUM CVE-2023-45803 | 1.25.11 | MEDIUM CVE-2023-45803 | 1.25.11 | MEDIUM CVE-2023-45803 | ||||||
| wheel | 0.35.1 | HIGH CVE-2022-40898 | 0.37.0 | HIGH CVE-2022-40898 | 0.37.0 | HIGH CVE-2022-40898 | ||||||
| wrapt | 1.14.1 | 1.14.1 | ||||||||||
| yarl | 1.8.2 | 1.8.2 | ||||||||||
| zipp | 3.12.0 | 3.12.0 | 3.10.0 |