Testing help for VULN free Kinesis Agent

Question

When using Amazon Inspector, snyk finds 3 CVEs in images which contain the latest release of the Amazon Kinesis Agent dependencies.   Be aware, VULN scanners are dumb and I have no evidence these vulnerabilities are currently exploitable given the way the agent uses those libraries.  Furthermore, I have made no effort to confirm that one way or the other.   Instead, I simply built a version of the agent which includes later versions of the dependencies which have addressed the known VULNs.  One could argue the efficacy of that approach, but my primary intent is to increase the signal to noise ratio of my VULN scans by reducing noise.

Unfortunately, while there appear to be a set of unit/integration tests in the github repository, there are no instructions on how to run those tests.    AFAICT they have not been updated for a couple years.   So a series of questions:

1. Are there instructions anywhere for how to run that test suite, and is there any confidence it still works?
2. Is anyone else interested in helping me test this new build:  https://github.com/britive/amazon-kinesis-agent or https://github.com/britive/amazon-kinesis-agent/raw/master/rpm/aws-kinesis-agent-2.0.6-1b.amzn2.noarch.rpm

Also see: https://github.com/awslabs/amazon-kinesis-agent/issues/242

Thanks

Answer

`1. Are there instructions anywhere for how to run that test suite, and is there any confidence it still works?
`

Please refer to the below docs for more information:

* https://docs.aws.amazon.com/firehose/latest/dev/writing-with-agents.html
* https://github.com/awslabs/amazon-kinesis-agent

`2. Is anyone else interested in helping me test this new build:`

Please consider reaching out to the Premium Support Kinesis team and we can help you in running a proper test.

Testing help for VULN free Kinesis Agent

Relevant questions

Amazon Inspector - Agent Status UNKNOWN

Kinesis agent using log4j -zero day vulnerable version