@aws-sdk/client-inspector-scan 3.775.0 → 3.782.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -72,180 +72,180 @@ declare const ScanSbomCommand_base: {
|
|
|
72
72
|
* @throws {@link InspectorScanServiceException}
|
|
73
73
|
* <p>Base exception class for all service exceptions from InspectorScan service.</p>
|
|
74
74
|
*
|
|
75
|
-
*
|
|
75
|
+
*
|
|
76
76
|
* @example Sample ScanSbom Call
|
|
77
77
|
* ```javascript
|
|
78
78
|
* //
|
|
79
79
|
* const input = {
|
|
80
|
-
*
|
|
81
|
-
*
|
|
82
|
-
*
|
|
83
|
-
*
|
|
80
|
+
* outputFormat: "CYCLONE_DX_1_5",
|
|
81
|
+
* sbom: {
|
|
82
|
+
* bomFormat: "CycloneDX",
|
|
83
|
+
* components: [
|
|
84
84
|
* {
|
|
85
|
-
*
|
|
86
|
-
*
|
|
87
|
-
*
|
|
85
|
+
* name: "log4j-core",
|
|
86
|
+
* purl: "pkg:maven/org.apache.logging.log4j/log4j-core@2.17.0",
|
|
87
|
+
* type: "library"
|
|
88
88
|
* }
|
|
89
89
|
* ],
|
|
90
|
-
*
|
|
90
|
+
* specVersion: "1.5"
|
|
91
91
|
* }
|
|
92
92
|
* };
|
|
93
93
|
* const command = new ScanSbomCommand(input);
|
|
94
94
|
* const response = await client.send(command);
|
|
95
|
-
* /* response
|
|
95
|
+
* /* response is
|
|
96
96
|
* {
|
|
97
|
-
*
|
|
98
|
-
* "
|
|
99
|
-
*
|
|
97
|
+
* sbom: {
|
|
98
|
+
* bomFormat: "CycloneDX",
|
|
99
|
+
* components: [
|
|
100
|
+
* {
|
|
101
|
+
* bom-ref: "comp-1",
|
|
102
|
+
* name: "log4j-core",
|
|
103
|
+
* purl: "pkg:maven/org.apache.logging.log4j/log4j-core@2.17.0",
|
|
104
|
+
* type: "library"
|
|
105
|
+
* }
|
|
106
|
+
* ],
|
|
107
|
+
* metadata: {
|
|
108
|
+
* properties: [
|
|
100
109
|
* {
|
|
101
|
-
*
|
|
102
|
-
*
|
|
110
|
+
* name: "amazon:inspector:sbom_scanner:critical_vulnerabilities",
|
|
111
|
+
* value: "0"
|
|
103
112
|
* },
|
|
104
113
|
* {
|
|
105
|
-
*
|
|
106
|
-
*
|
|
114
|
+
* name: "amazon:inspector:sbom_scanner:high_vulnerabilities",
|
|
115
|
+
* value: "0"
|
|
107
116
|
* },
|
|
108
117
|
* {
|
|
109
|
-
*
|
|
110
|
-
*
|
|
118
|
+
* name: "amazon:inspector:sbom_scanner:medium_vulnerabilities",
|
|
119
|
+
* value: "1"
|
|
111
120
|
* },
|
|
112
121
|
* {
|
|
113
|
-
*
|
|
114
|
-
*
|
|
122
|
+
* name: "amazon:inspector:sbom_scanner:low_vulnerabilities",
|
|
123
|
+
* value: "0"
|
|
115
124
|
* }
|
|
116
125
|
* ],
|
|
117
|
-
*
|
|
118
|
-
*
|
|
126
|
+
* timestamp: "2023-11-16T02:55:34.355Z",
|
|
127
|
+
* tools: [
|
|
119
128
|
* {
|
|
120
|
-
*
|
|
121
|
-
*
|
|
122
|
-
*
|
|
129
|
+
* name: "CycloneDX SBOM API",
|
|
130
|
+
* vendor: "Amazon Inspector",
|
|
131
|
+
* version: "9f8c30ff+20b2305b"
|
|
123
132
|
* }
|
|
124
133
|
* ]
|
|
125
134
|
* },
|
|
126
|
-
*
|
|
127
|
-
* "
|
|
135
|
+
* serialNumber: "urn:uuid:26de5e0a-deb4-4b38-a208-7d19c1832e8c",
|
|
136
|
+
* specVersion: "1.5",
|
|
137
|
+
* vulnerabilities: [
|
|
128
138
|
* {
|
|
129
|
-
*
|
|
130
|
-
* "type": "library",
|
|
131
|
-
* "bom-ref": "comp-1",
|
|
132
|
-
* "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.17.0"
|
|
133
|
-
* }
|
|
134
|
-
* ],
|
|
135
|
-
* "serialNumber": "urn:uuid:26de5e0a-deb4-4b38-a208-7d19c1832e8c",
|
|
136
|
-
* "specVersion": "1.5",
|
|
137
|
-
* "vulnerabilities": [
|
|
138
|
-
* {
|
|
139
|
-
* "advisories": [
|
|
139
|
+
* advisories: [
|
|
140
140
|
* {
|
|
141
|
-
*
|
|
141
|
+
* url: "https://www.oracle.com/security-alerts/cpujan2022.html"
|
|
142
142
|
* },
|
|
143
143
|
* {
|
|
144
|
-
*
|
|
144
|
+
* url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html"
|
|
145
145
|
* },
|
|
146
146
|
* {
|
|
147
|
-
*
|
|
147
|
+
* url: "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf"
|
|
148
148
|
* },
|
|
149
149
|
* {
|
|
150
|
-
*
|
|
150
|
+
* url: "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143"
|
|
151
151
|
* },
|
|
152
152
|
* {
|
|
153
|
-
*
|
|
153
|
+
* url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/"
|
|
154
154
|
* },
|
|
155
155
|
* {
|
|
156
|
-
*
|
|
156
|
+
* url: "https://www.oracle.com/security-alerts/cpuapr2022.html"
|
|
157
157
|
* },
|
|
158
158
|
* {
|
|
159
|
-
*
|
|
159
|
+
* url: "https://www.oracle.com/security-alerts/cpujul2022.html"
|
|
160
160
|
* },
|
|
161
161
|
* {
|
|
162
|
-
*
|
|
162
|
+
* url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
|
|
163
163
|
* },
|
|
164
164
|
* {
|
|
165
|
-
*
|
|
165
|
+
* url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/"
|
|
166
166
|
* },
|
|
167
167
|
* {
|
|
168
|
-
*
|
|
168
|
+
* url: "https://issues.apache.org/jira/browse/LOG4J2-3293"
|
|
169
169
|
* }
|
|
170
170
|
* ],
|
|
171
|
-
*
|
|
171
|
+
* affects: [
|
|
172
172
|
* {
|
|
173
|
-
*
|
|
173
|
+
* ref: "comp-1"
|
|
174
174
|
* }
|
|
175
175
|
* ],
|
|
176
|
-
*
|
|
177
|
-
*
|
|
178
|
-
*
|
|
176
|
+
* bom-ref: "vuln-1",
|
|
177
|
+
* created: "2021-12-28T20:15:08Z",
|
|
178
|
+
* cwes: [
|
|
179
179
|
* 20,
|
|
180
180
|
* 74
|
|
181
181
|
* ],
|
|
182
|
-
*
|
|
183
|
-
*
|
|
184
|
-
*
|
|
182
|
+
* description: "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.",
|
|
183
|
+
* id: "CVE-2021-44832",
|
|
184
|
+
* properties: [
|
|
185
185
|
* {
|
|
186
|
-
*
|
|
187
|
-
*
|
|
186
|
+
* name: "amazon:inspector:sbom_scanner:exploit_available",
|
|
187
|
+
* value: "true"
|
|
188
188
|
* },
|
|
189
189
|
* {
|
|
190
|
-
*
|
|
191
|
-
*
|
|
190
|
+
* name: "amazon:inspector:sbom_scanner:exploit_last_seen_in_public",
|
|
191
|
+
* value: "2023-01-02T00:00:00Z"
|
|
192
192
|
* },
|
|
193
193
|
* {
|
|
194
|
-
*
|
|
195
|
-
*
|
|
194
|
+
* name: "amazon:inspector:sbom_scanner:fixed_version:comp-1",
|
|
195
|
+
* value: "2.17.1"
|
|
196
196
|
* }
|
|
197
197
|
* ],
|
|
198
|
-
*
|
|
198
|
+
* ratings: [
|
|
199
199
|
* {
|
|
200
|
-
*
|
|
201
|
-
*
|
|
202
|
-
*
|
|
203
|
-
*
|
|
204
|
-
*
|
|
205
|
-
*
|
|
200
|
+
* method: "CVSSv31",
|
|
201
|
+
* score: 6.5,
|
|
202
|
+
* severity: "medium",
|
|
203
|
+
* source: {
|
|
204
|
+
* name: "NVD",
|
|
205
|
+
* url: "https://nvd.nist.gov/vuln/detail/CVE-2021-44832"
|
|
206
206
|
* },
|
|
207
|
-
*
|
|
207
|
+
* vector: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
|
|
208
208
|
* },
|
|
209
209
|
* {
|
|
210
|
-
*
|
|
211
|
-
*
|
|
212
|
-
*
|
|
213
|
-
*
|
|
214
|
-
*
|
|
215
|
-
*
|
|
210
|
+
* method: "other",
|
|
211
|
+
* score: 0.02686,
|
|
212
|
+
* severity: "none",
|
|
213
|
+
* source: {
|
|
214
|
+
* name: "EPSS",
|
|
215
|
+
* url: "https://www.first.org/epss/"
|
|
216
216
|
* },
|
|
217
|
-
*
|
|
217
|
+
* vector: "model:v2023.03.01,date:2023-11-15T00:00:00+0000"
|
|
218
218
|
* }
|
|
219
219
|
* ],
|
|
220
|
-
*
|
|
220
|
+
* references: [
|
|
221
221
|
* {
|
|
222
|
-
*
|
|
223
|
-
*
|
|
224
|
-
*
|
|
225
|
-
*
|
|
222
|
+
* id: "GHSA-8489-44mv-ggj8",
|
|
223
|
+
* source: {
|
|
224
|
+
* name: "GITHUB_SEC",
|
|
225
|
+
* url: "https://github.com/advisories"
|
|
226
226
|
* }
|
|
227
227
|
* },
|
|
228
228
|
* {
|
|
229
|
-
*
|
|
230
|
-
*
|
|
231
|
-
*
|
|
232
|
-
*
|
|
229
|
+
* id: "SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2327339",
|
|
230
|
+
* source: {
|
|
231
|
+
* name: "SNYK",
|
|
232
|
+
* url: "https://security.snyk.io/vuln"
|
|
233
233
|
* }
|
|
234
234
|
* }
|
|
235
235
|
* ],
|
|
236
|
-
*
|
|
237
|
-
*
|
|
238
|
-
*
|
|
236
|
+
* source: {
|
|
237
|
+
* name: "NVD",
|
|
238
|
+
* url: "https://nvd.nist.gov/vuln/detail/CVE-2021-44832"
|
|
239
239
|
* },
|
|
240
|
-
*
|
|
240
|
+
* updated: "2023-11-07T03:39:43Z"
|
|
241
241
|
* }
|
|
242
242
|
* ]
|
|
243
243
|
* }
|
|
244
244
|
* }
|
|
245
245
|
* *\/
|
|
246
|
-
* // example id: example-1
|
|
247
246
|
* ```
|
|
248
247
|
*
|
|
248
|
+
* @public
|
|
249
249
|
*/
|
|
250
250
|
export declare class ScanSbomCommand extends ScanSbomCommand_base {
|
|
251
251
|
/** @internal type navigation helper, not in runtime. */
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@aws-sdk/client-inspector-scan",
|
|
3
3
|
"description": "AWS SDK for JavaScript Inspector Scan Client for Node.js, Browser and React Native",
|
|
4
|
-
"version": "3.
|
|
4
|
+
"version": "3.782.0",
|
|
5
5
|
"scripts": {
|
|
6
6
|
"build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
|
|
7
7
|
"build:cjs": "node ../../scripts/compilation/inline client-inspector-scan",
|
|
@@ -21,16 +21,16 @@
|
|
|
21
21
|
"@aws-crypto/sha256-browser": "5.2.0",
|
|
22
22
|
"@aws-crypto/sha256-js": "5.2.0",
|
|
23
23
|
"@aws-sdk/core": "3.775.0",
|
|
24
|
-
"@aws-sdk/credential-provider-node": "3.
|
|
24
|
+
"@aws-sdk/credential-provider-node": "3.782.0",
|
|
25
25
|
"@aws-sdk/middleware-host-header": "3.775.0",
|
|
26
26
|
"@aws-sdk/middleware-logger": "3.775.0",
|
|
27
27
|
"@aws-sdk/middleware-recursion-detection": "3.775.0",
|
|
28
|
-
"@aws-sdk/middleware-user-agent": "3.
|
|
28
|
+
"@aws-sdk/middleware-user-agent": "3.782.0",
|
|
29
29
|
"@aws-sdk/region-config-resolver": "3.775.0",
|
|
30
30
|
"@aws-sdk/types": "3.775.0",
|
|
31
|
-
"@aws-sdk/util-endpoints": "3.
|
|
31
|
+
"@aws-sdk/util-endpoints": "3.782.0",
|
|
32
32
|
"@aws-sdk/util-user-agent-browser": "3.775.0",
|
|
33
|
-
"@aws-sdk/util-user-agent-node": "3.
|
|
33
|
+
"@aws-sdk/util-user-agent-node": "3.782.0",
|
|
34
34
|
"@smithy/config-resolver": "^4.1.0",
|
|
35
35
|
"@smithy/core": "^3.2.0",
|
|
36
36
|
"@smithy/fetch-http-handler": "^5.0.2",
|