@aws-sdk/client-inspector-scan 3.456.0 → 3.458.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +1 -1
  2. package/dist-types/commands/ScanSbomCommand.d.ts +173 -0
  3. package/package.json +3 -3
package/README.md CHANGED
@@ -208,6 +208,6 @@ see LICENSE for more information.
208
208
  ScanSbom
209
209
  </summary>
210
210
 
211
- [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-inspector-scan/classes/scansbomcommand.html) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-inspector-scan/interfaces/scansbomcommandinput.html) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-inspector-scan/interfaces/scansbomcommandoutput.html)
211
+ [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/inspector-scan/command/ScanSbomCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-inspector-scan/Interface/ScanSbomCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-inspector-scan/Interface/ScanSbomCommandOutput/)
212
212
 
213
213
  </details>
package/dist-types/commands/ScanSbomCommand.d.ts CHANGED
@@ -68,6 +68,179 @@ export interface ScanSbomCommandOutput extends ScanSbomResponse, __MetadataBeare
68
68
  * @throws {@link InspectorScanServiceException}
69
69
  * <p>Base exception class for all service exceptions from InspectorScan service.</p>
70
70
  *
71
+ * @example Sample ScanSbom Call
72
+ * ```javascript
73
+ * //
74
+ * const input = {
75
+ * "outputFormat": "CYCLONE_DX_1_5",
76
+ * "sbom": {
77
+ * "bomFormat": "CycloneDX",
78
+ * "components": [
79
+ * {
80
+ * "name": "log4j-core",
81
+ * "type": "library",
82
+ * "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.17.0"
83
+ * }
84
+ * ],
85
+ * "specVersion": "1.5"
86
+ * }
87
+ * };
88
+ * const command = new ScanSbomCommand(input);
89
+ * const response = await client.send(command);
90
+ * /* response ==
91
+ * {
92
+ * "sbom": {
93
+ * "metadata": {
94
+ * "properties": [
95
+ * {
96
+ * "name": "amazon:inspector:sbom_scanner:critical_vulnerabilities",
97
+ * "value": "0"
98
+ * },
99
+ * {
100
+ * "name": "amazon:inspector:sbom_scanner:high_vulnerabilities",
101
+ * "value": "0"
102
+ * },
103
+ * {
104
+ * "name": "amazon:inspector:sbom_scanner:medium_vulnerabilities",
105
+ * "value": "1"
106
+ * },
107
+ * {
108
+ * "name": "amazon:inspector:sbom_scanner:low_vulnerabilities",
109
+ * "value": "0"
110
+ * }
111
+ * ],
112
+ * "timestamp": "2023-11-16T02:55:34.355Z",
113
+ * "tools": [
114
+ * {
115
+ * "version": "9f8c30ff+20b2305b",
116
+ * "name": "CycloneDX SBOM API",
117
+ * "vendor": "Amazon Inspector"
118
+ * }
119
+ * ]
120
+ * },
121
+ * "bomFormat": "CycloneDX",
122
+ * "components": [
123
+ * {
124
+ * "name": "log4j-core",
125
+ * "type": "library",
126
+ * "bom-ref": "comp-1",
127
+ * "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.17.0"
128
+ * }
129
+ * ],
130
+ * "serialNumber": "urn:uuid:26de5e0a-deb4-4b38-a208-7d19c1832e8c",
131
+ * "specVersion": "1.5",
132
+ * "vulnerabilities": [
133
+ * {
134
+ * "advisories": [
135
+ * {
136
+ * "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
137
+ * },
138
+ * {
139
+ * "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html"
140
+ * },
141
+ * {
142
+ * "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf"
143
+ * },
144
+ * {
145
+ * "url": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143"
146
+ * },
147
+ * {
148
+ * "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/"
149
+ * },
150
+ * {
151
+ * "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
152
+ * },
153
+ * {
154
+ * "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
155
+ * },
156
+ * {
157
+ * "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
158
+ * },
159
+ * {
160
+ * "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/"
161
+ * },
162
+ * {
163
+ * "url": "https://issues.apache.org/jira/browse/LOG4J2-3293"
164
+ * }
165
+ * ],
166
+ * "affects": [
167
+ * {
168
+ * "ref": "comp-1"
169
+ * }
170
+ * ],
171
+ * "bom-ref": "vuln-1",
172
+ * "created": "2021-12-28T20:15:08Z",
173
+ * "cwes": [
174
+ * 20,
175
+ * 74
176
+ * ],
177
+ * "description": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.",
178
+ * "id": "CVE-2021-44832",
179
+ * "properties": [
180
+ * {
181
+ * "name": "amazon:inspector:sbom_scanner:exploit_available",
182
+ * "value": "true"
183
+ * },
184
+ * {
185
+ * "name": "amazon:inspector:sbom_scanner:exploit_last_seen_in_public",
186
+ * "value": "2023-01-02T00:00:00Z"
187
+ * },
188
+ * {
189
+ * "name": "amazon:inspector:sbom_scanner:fixed_version:comp-1",
190
+ * "value": "2.17.1"
191
+ * }
192
+ * ],
193
+ * "ratings": [
194
+ * {
195
+ * "method": "CVSSv31",
196
+ * "score": 6.5,
197
+ * "severity": "medium",
198
+ * "source": {
199
+ * "name": "NVD",
200
+ * "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832"
201
+ * },
202
+ * "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
203
+ * },
204
+ * {
205
+ * "method": "other",
206
+ * "score": 0.02686,
207
+ * "severity": "none",
208
+ * "source": {
209
+ * "name": "EPSS",
210
+ * "url": "https://www.first.org/epss/"
211
+ * },
212
+ * "vector": "model:v2023.03.01,date:2023-11-15T00:00:00+0000"
213
+ * }
214
+ * ],
215
+ * "references": [
216
+ * {
217
+ * "id": "GHSA-8489-44mv-ggj8",
218
+ * "source": {
219
+ * "name": "GITHUB_SEC",
220
+ * "url": "https://github.com/advisories"
221
+ * }
222
+ * },
223
+ * {
224
+ * "id": "SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2327339",
225
+ * "source": {
226
+ * "name": "SNYK",
227
+ * "url": "https://security.snyk.io/vuln"
228
+ * }
229
+ * }
230
+ * ],
231
+ * "source": {
232
+ * "name": "NVD",
233
+ * "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832"
234
+ * },
235
+ * "updated": "2023-11-07T03:39:43Z"
236
+ * }
237
+ * ]
238
+ * }
239
+ * }
240
+ * *\/
241
+ * // example id: example-1
242
+ * ```
243
+ *
71
244
  */
72
245
  export declare class ScanSbomCommand extends $Command<ScanSbomCommandInput, ScanSbomCommandOutput, InspectorScanClientResolvedConfig> {
73
246
  readonly input: ScanSbomCommandInput;
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@aws-sdk/client-inspector-scan",
3
3
  "description": "AWS SDK for JavaScript Inspector Scan Client for Node.js, Browser and React Native",
4
- "version": "3.456.0",
4
+ "version": "3.458.0",
5
5
  "scripts": {
6
6
  "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
7
7
  "build:cjs": "tsc -p tsconfig.cjs.json",
@@ -21,9 +21,9 @@
21
21
  "dependencies": {
22
22
  "@aws-crypto/sha256-browser": "3.0.0",
23
23
  "@aws-crypto/sha256-js": "3.0.0",
24
- "@aws-sdk/client-sts": "3.454.0",
24
+ "@aws-sdk/client-sts": "3.458.0",
25
25
  "@aws-sdk/core": "3.451.0",
26
- "@aws-sdk/credential-provider-node": "3.451.0",
26
+ "@aws-sdk/credential-provider-node": "3.458.0",
27
27
  "@aws-sdk/middleware-host-header": "3.451.0",
28
28
  "@aws-sdk/middleware-logger": "3.451.0",
29
29
  "@aws-sdk/middleware-recursion-detection": "3.451.0",