Tech, Cloud and Programming

Glue SBOM exporter and vulnerabilities

2023-12-27 | aws dataengineering glue

AWS Inspector2 is getting very powerfull with detailed vulnerabilities of EC2, ECR, Lambda functions, but the one missing is glue jobs. For that i created a SBOM Extractor for Glue Jobs.

My repo (wip) can be found here https://github.com/jverhoeks/glue-inspector/

Package table

(view on wide screen)

Package2.02.0 vuln3.03.0 vuln4.04.0 vulnshell 3.6shell 3.6 vulnshell 3.9shell 3.9 vulnshell 3.9 analyticsshell 3.9 analytics vuln
Cython0.29.150.29.40.29.32
Pillow9.4.0HIGH GHSA-56pw-mpj4-fxww9.4.0HIGH GHSA-56pw-mpj4-fxww
PyGreSQL5.0.6
PyMySQL0.9.31.0.21.0.21.0.2
PyYAML5.3.1CRITICAL CVE-2020-143435.4.16.0.1
SQLAlchemy1.4.36
Spark1.01.01.0
aiobotocore1.4.22.4.1
aiohttp3.8.3MEDIUM GHSA-pjjw-qhg8-p2p93.8.3MEDIUM GHSA-pjjw-qhg8-p2p9
aioitertools0.11.00.11.0
aiosignal1.3.11.3.1
async-timeout4.0.24.0.2
asynctest0.13.00.13.0
attrs22.2.022.2.0
avro1.11.0HIGH CVE-2023-39410
avro-python31.10.01.10.21.10.2
awscli1.27.60116.2421.23.51.23.5
awswrangler2.15.1
boto31.12.41.18.501.24.701.9.2031.22.5
botocore1.15.41.21.501.27.591.12.2321.23.51.23.5
certifi2019.11.28MEDIUM CVE-2022-234912021.5.30MEDIUM CVE-2022-234912021.5.30MEDIUM CVE-2022-23491
chardet3.0.43.0.43.0.4
charset-normalizer2.1.12.1.1
click8.1.38.1.38.1.3
colorama0.4.4
cycler0.10.00.10.00.10.0
docutils0.15.20.17.10.17.1
elasticsearch8.2.0
enum341.1.91.1.101.1.10
frozenlist1.3.31.3.3
fsspec0.6.22021.8.12021.8.1
idna2.92.102.10
importlib-metadata6.0.06.0.05.0.0
jmespath0.9.40.10.00.10.0
joblib0.14.1CRITICAL CVE-2022-217971.0.1CRITICAL CVE-2022-217971.0.1CRITICAL CVE-2022-21797
kiwisolver1.1.01.3.21.4.4
matplotlib3.1.33.4.33.4.3
mpmath1.1.0HIGH CVE-2021-290631.2.1HIGH CVE-2021-290631.2.1HIGH CVE-2021-29063
multidict6.0.46.0.4
nltk3.5HIGH CVE-2021-438543.6.3HIGH CVE-2021-438543.7
numpy1.18.1MEDIUM CVE-2021-414961.19.5MEDIUM CVE-2021-341411.23.51.16.2MEDIUM CVE-2021-414961.22.3
packaging23.023.0
pandas1.0.11.3.21.5.10.24.21.4.2
patsy0.5.10.5.10.5.1
pip23.0MEDIUM CVE-2023-575223.0.1MEDIUM CVE-2023-5752
pmdarima1.5.31.8.22.0.1
psycopg22.9.3
ptvsd4.3.24.3.24.3.2
pyarrow0.16.0CRITICAL CVE-2023-472485.0.0CRITICAL CVE-2023-4724810.0.0CRITICAL CVE-2023-47248
pyasn10.4.8
pyathena2.5.3
pydevd1.9.02.5.02.5.0
pyhocon0.3.540.3.580.3.58
pyodbc4.0.32
pyorc0.6.0
pyparsing2.4.62.4.72.4.7
python-dateutil2.8.12.8.22.8.2
pytz2019.32021.12021.1
redshift-connector2.0.907
regex2022.10.312022.10.312022.10.31
requests2.23.0MEDIUM CVE-2023-326812.23.0MEDIUM CVE-2023-326812.23.0MEDIUM CVE-2023-326812.22.0MEDIUM CVE-2023-326812.27.1MEDIUM CVE-2023-32681
rsa4.7.2
s3fs0.4.02021.8.12022.11.02022.3.0
s3transfer0.3.30.5.00.6.0
scikit-learn0.22.10.24.20.24.20.20.31.0.2
scipy1.4.1MEDIUM CVE-2023-253991.7.1MEDIUM CVE-2023-253991.9.3MEDIUM CVE-2023-253991.2.1MEDIUM CVE-2023-253991.8.0MEDIUM CVE-2023-25399
setuptools45.2.0HIGH CVE-2022-4089749.1.3HIGH CVE-2022-40897
six1.14.01.16.01.16.0
statsmodels0.11.10.12.20.13.5
subprocess323.5.43.5.43.5.4
sympy1.5.11.81.8
tbats1.0.91.1.01.1.0
threadpoolctl3.1.03.1.0
tqdm4.64.14.64.14.64.1
typing-extensions4.4.0
typing_extensions4.4.04.4.0
urllib31.25.8MEDIUM CVE-2023-458031.25.11MEDIUM CVE-2023-458031.25.11MEDIUM CVE-2023-45803
wheel0.35.1HIGH CVE-2022-408980.37.0HIGH CVE-2022-408980.37.0HIGH CVE-2022-40898
wrapt1.14.11.14.1
yarl1.8.21.8.2
zipp3.12.03.12.03.10.0

Other Posts