By using AWS re:Post, you agree to the Terms of Use
/Testing help for VULN free Kinesis Agent/

Testing help for VULN free Kinesis Agent

0

When using Amazon Inspector, snyk finds 3 CVEs in images which contain the latest release of the Amazon Kinesis Agent dependencies. Be aware, VULN scanners are dumb and I have no evidence these vulnerabilities are currently exploitable given the way the agent uses those libraries. Furthermore, I have made no effort to confirm that one way or the other. Instead, I simply built a version of the agent which includes later versions of the dependencies which have addressed the known VULNs. One could argue the efficacy of that approach, but my primary intent is to increase the signal to noise ratio of my VULN scans by reducing noise.

Unfortunately, while there appear to be a set of unit/integration tests in the github repository, there are no instructions on how to run those tests. AFAICT they have not been updated for a couple years. So a series of questions:

  1. Are there instructions anywhere for how to run that test suite, and is there any confidence it still works?
  2. Is anyone else interested in helping me test this new build: https://github.com/britive/amazon-kinesis-agent or https://github.com/britive/amazon-kinesis-agent/raw/master/rpm/aws-kinesis-agent-2.0.6-1b.amzn2.noarch.rpm

Also see: https://github.com/awslabs/amazon-kinesis-agent/issues/242

Thanks

1 Answers
0

1. Are there instructions anywhere for how to run that test suite, and is there any confidence it still works?

Please refer to the below docs for more information:

2. Is anyone else interested in helping me test this new build:

Please consider reaching out to the Premium Support Kinesis team and we can help you in running a proper test.

SUPPORT ENGINEER
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions