Testing help for VULN free Kinesis Agent
When using Amazon Inspector, snyk finds 3 CVEs in images which contain the latest release of the Amazon Kinesis Agent dependencies. Be aware, VULN scanners are dumb and I have no evidence these vulnerabilities are currently exploitable given the way the agent uses those libraries. Furthermore, I have made no effort to confirm that one way or the other. Instead, I simply built a version of the agent which includes later versions of the dependencies which have addressed the known VULNs. One could argue the efficacy of that approach, but my primary intent is to increase the signal to noise ratio of my VULN scans by reducing noise.
Unfortunately, while there appear to be a set of unit/integration tests in the github repository, there are no instructions on how to run those tests. AFAICT they have not been updated for a couple years. So a series of questions:
- Are there instructions anywhere for how to run that test suite, and is there any confidence it still works?
- Is anyone else interested in helping me test this new build: https://github.com/britive/amazon-kinesis-agent or https://github.com/britive/amazon-kinesis-agent/raw/master/rpm/aws-kinesis-agent-2.0.6-1b.amzn2.noarch.rpm
Also see: https://github.com/awslabs/amazon-kinesis-agent/issues/242
Thanks
1. Are there instructions anywhere for how to run that test suite, and is there any confidence it still works?
Please refer to the below docs for more information:
- https://docs.aws.amazon.com/firehose/latest/dev/writing-with-agents.html
- https://github.com/awslabs/amazon-kinesis-agent
2. Is anyone else interested in helping me test this new build:
Please consider reaching out to the Premium Support Kinesis team and we can help you in running a proper test.
Relevant questions
Inspector Vuln Scan doesn't work with Windows
asked 5 months agohow do I uninstall the cloudwatch unified agent from an EC2 instance?
asked 3 years agoKinesis agent using log4j -zero day vulnerable version
asked 6 months agoDynamo DB Kinesis Steams Best Practice
Accepted Answerasked a year agoAmazon Inspector - Agent Status UNKNOWN
asked 5 months agoTesting help for VULN free Kinesis Agent
asked a month agoSSM Agent Latest Version Release Date
asked 2 years agoAre there any callbacks if the agent has not logged in into CCP in Amazon Connect Streams
asked 2 months agoWhy does the Kinesis Firehose output "Throttling error encountered when calling Kinesis".
asked a month ago[Kinesis to Amazon Rekogntion] error when running junit example
asked 3 months ago