[アップデート] Amazon Inspectorがプログラミング言語のパッケージマネージャーからインストールしたパッケージの脆弱性を検出できるようになりました

[アップデート] Amazon Inspectorがプログラミング言語のパッケージマネージャーからインストールしたパッケージの脆弱性を検出できるようになりました

プログラミング言語のパッケージマネージャーを使用している場合は今すぐ有効化しよう
Clock Icon2023.04.21

この記事は公開されてから1年以上経過しています。情報が古い可能性がありますので、ご注意ください。

npmやpipでインストールしたパッケージの脆弱性を検出したいな

こんにちは、のんピ(@non____97)です。

皆さんはAmazon Inspectorがプログラミング言語のパッケージマネージャーからインストールしたパッケージの脆弱性を検出できるようになりましたでnpmやpipでインストールしたパッケージの脆弱性を検出したいなと思ったことはありますか? 私はあります。

従来Amazon Inspectorで検出できる脆弱性はyumやdnf、aptなどのOSのパッケージマネージャーでインストールされたパッケージのみでした。

本日、アップデートによって追加されたディープインスペクションなる新機能にて、プログラミング言語のパッケージマネージャーからインストールしたパッケージの脆弱性を検出できるようになりました。

これにより、npmやpipなどでインストールしたパッケージについての脆弱性も検出できます。

これはアツい。

早速試してみたので紹介します。

いきなりまとめ

  • プログラミング言語のパッケージマネージャーからインストールしたパッケージの脆弱性を検出するためにはディープインスペクションが有効化している必要がある
  • ディープインスペクションを有効にした場合、SSM State Managerにて以下関連付けが作成される
    • InspectorLinuxDistributor-do-not-delete
    • InvokeInspectorLinuxSsmPlugin-do-not-delete
  • ディープインスペクションによるアプリケーションインベントリの収集は6時間間隔で行われる
    • SSM State ManagerにてInvokeInspectorLinuxSsmPlugin-do-not-deleteを手動で関連付けすることで任意のタイミングで収集することも可能
  • ディープインスペクションによりスキャンされるデフォルトパスは以下
    • /usr/lib
    • /usr/lib64
    • /usr/local/lib
    • /usr/local/lib64
  • デフォルトパス以外にスキャンしたいパッケージをインストールしている場合はカスタムパスを設定する
    • カスタムパスは最大5つまで定義可能
    • AWS Organizationsと連携している場合は組織全体に適用するカスタムパスをさらに5つ設定可能
    • カスタムパスはローカルパスである必要があるため、NFSやSMBでマウントしているパスはスキャンしない
    • カスタムパスは256文字以内で設定する必要がある
  • 最大パッケージインベントリ収集時間の制限は15分
  • 2023/4/20時点ではLinuxインスタンスのみ
  • 2023/4/20時点でディープインスペクションにより検出可能なプログラミング言語のパッケージは以下
    • Java
    • JavaScript
    • Python
  • /opt/aws/inspector/var/output/packages.txtにディープインスペクションによって検出されたパッケージのパスなどの情報が出力される
  • /var/log/amazon/inspector/配下にSSMプラグインのログが出力される
  • ディープインスペクション有効化による追加料金はなし

プログラミング言語のパッケージマネージャーからインストールしたパッケージの脆弱性を検出する仕組み

プログラミング言語のパッケージマネージャーからインストールしたパッケージの脆弱性を検出する仕組みとしては2023/4/17に追加されたディープインスペクションという機能を使用します。

ディープインスペクションはAmazon InspectorのSSMプラグインから収集されたデータを使用して詳細な検査スキャンを実行します。

2023/4/20時点ではLinuxインスタンスのみになります。ディープインスペクションを有効化するとSSM State Managerにて以下関連付けが作成されます。

  • InspectorLinuxDistributor-do-not-delete
  • InvokeInspectorLinuxSsmPlugin-do-not-delete

前者がAmazon InspectorのSSMプラグインのインストール、後者がSSMプラグインを実行する関連付けです。

こちらの関連付けは6時間ごとに実行され、アプリケーションインベントリを収集します。

Amazon InspectorのSSMプラグインは/opt/aws/inspector/bin/inspectorssmpluginにインストールされます。

2023/4/20時点でディープインスペクションにより検出可能なプログラミング言語のパッケージは以下の通りです。

  • Java
  • JavaScript
  • Python

最新のプログラミング言語のリストはSupported programming languages: Amazon EC2 Deep inspectionをご覧ください。

ディープインスペクションによりスキャンされるデフォルトパスは以下の通りです。こちらのパス配下にインストールされたパッケージがスキャンされます。

  • /usr/lib
  • /usr/lib64
  • /usr/local/lib
  • /usr/local/lib64

デフォルトパス以外にスキャンしたいパッケージをインストールしている場合はカスタムパスを設定します。

カスタムパスは最大5つまで定義可能です。ただし、AWS Organizationsと連携している場合は組織全体に適用するカスタムパスをさらに5つ設定可能なので、実質最大では10個までカスタムパスを指定することが可能です。

なお、カスタムパスはローカルパスである必要があります。あまりないと思いますが、NFSやSMBでマウントしているパスはスキャンしません。

また、カスタムパスは256文字以内で設定する必要があるので注意しましょう。

その他にも最大パッケージインベントリ収集時間の制限は15分であったり、インスタンス毎のパッケージ数は5,000個までといった制限があります。

ディープインスペクションの詳細は以下AWS公式ドキュメントをご覧ください。

また、ディープインスペクション有効化による追加料金はありません。安心して使いましょう。

やってみた

ディープインスペクションの有効化

まず、ディープインスペクションを有効になっているかを確認します。

ディープインスペクションが有効になっているかはAmazon Inspectorのコンソールのアカウント管理から確認できます。

Activated (Deep inspection deactivated)

現在はAmazon EC2 スキャンActivated (Deep inspection deactivated)となっていることからディープインスペクションが有効になっていないことが分かります。

それではディープインスペクションを有効化しましょう。

その前にディープインスペクションを有効化するとSSM State Managerにて以下関連付けが作成されるため、こちらの関連付けが事前にないことを確認しておきます。

  • InspectorLinuxDistributor-do-not-delete
  • InvokeInspectorLinuxSsmPlugin-do-not-delete

有効前のSSM State Manager

ディープインスペクションを有効化する際はアカウント管理Activate the deep inspectionをクリックします。

するとAmazon EC2 スキャンActivated (Deep inspection deactivated)からActivatedに変わりました。

Inspector now supports deep inspection of EC2 Instances

有効後のSSM State Managerを確認します。

以下関連付けが作成さていますね。

  • InspectorLinuxDistributor-do-not-delete
  • InvokeInspectorLinuxSsmPlugin-do-not-delete

有効後のSSM State Manager_

それぞれの詳細は以下の通りです。どちらも6時間ごとに実行するようになっています。

  • InvokeInspectorLinuxSsmPlugin-do-not-delete

InvokeInspectorLinuxSsmPlugin-do-not-delete

こちらの関連付けのドキュメントAmazonInspector2-InvokeInspectorSsmPluginLinuxは以下の通りです。Linux用のAmazon InspectorのSSMプラグインを呼び出していることが分かります。

{
  "schemaVersion": "2.2",
  "description": "Invokes inspector ssm plugin for linux",
  "parameters": {
    "Timeout": {
      "type": "String",
      "description": "Timeout in seconds for inspector ssm plugin",
      "default": "900",
      "allowedPattern": "^([0-9]|[1-9][0-9]+)$"
    },
    "CpuLimit": {
      "type": "String",
      "description": "Cpu usage limit in percentage for inspector ssm plugin",
      "default": "65",
      "allowedPattern": "^([1-9]|[1-9][0-9])$|^(100)$"
    }
  },
  "mainSteps": [
    {
      "action": "aws:runShellScript",
      "name": "invokeInspectorSsmPluginLinux",
      "precondition": {
        "StringEquals": [
          "platformType",
          "Linux"
        ]
      },
      "inputs": {
        "runCommand": [
          "#!/bin/bash",
          "#",
          "# Copyright 2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.",
          "#",
          "",
          "set -x",
          "",
          "function fail {",
          "  echo $1",
          "  echo $1 >&2",
          "  exit 1",
          "}",
          "",
          "function retry {",
          "  local attempt=0",
          "  local max_attempts=5",
          "  local delay=60",
          "  while",
          "    \"$1\" && break || {",
          "        ((attempt++))",
          "        echo \"Waiting for $delay second(s) before retrying...\"",
          "        sleep $delay;",
          "    }",
          "    [[ $attempt -lt $max_attempts ]]",
          "  do :; done",
          "  if [[ $attempt -eq $max_attempts ]]; then",
          "    echo \"Retries completed after $attempt attempts.\"",
          "    fail \"$2\"",
          "  fi",
          "}",
          "",
          "INSPECTOR_ROOT_DIR=\"/opt/aws/inspector\"",
          "INSPECTOR_SSM_PLUGIN=\"$INSPECTOR_ROOT_DIR/bin/inspectorssmplugin\"",
          "INSPECTOR_OUTPUT_DIR=\"$INSPECTOR_ROOT_DIR/var/output\"",
          "",
          "TIMEOUT=\"{{Timeout}}\"",
          "CPU_LIMIT=\"{{CpuLimit}}\"",
          "",
          "function is_installed {",
          "  if [[ ! -f $INSPECTOR_SSM_PLUGIN ]]; then",
          "    echo \"$INSPECTOR_SSM_PLUGIN does not exist\"",
          "    (exit 1)",
          "  else",
          "    echo \"$INSPECTOR_SSM_PLUGIN exist\"",
          "  fi",
          "}",
          "",
          "echo \"Checking the installation of inspector ssm plugin...\"",
          "retry is_installed \"Inspector ssm plugin is not installed. Exiting...\"",
          "echo \"Inspector ssm plugin is installed.\"",
          "",
          "echo \"Starting evaluation using inspector ssm plugin\"",
          "cmd=\"$INSPECTOR_SSM_PLUGIN -mode bpm -read-params-store -report-ssm-inventory -report-metrics-via-ssm-inventory -save-findings-as $INSPECTOR_OUTPUT_DIR/packages.txt -format text -timeout $(($TIMEOUT)) -cpulimit $(($CPU_LIMIT))\"",
          "$cmd",
          "status=$?",
          "if [ $status -eq 0 ]",
          "then",
          "  echo \"Inspector ssm plugin linux ran successfully\"",
          "  exit 0",
          "else",
          "  fail \"Inspector ssm plugin did not run successfully\"",
          "fi"
        ]
      }
    }
  ]
}
  • InspectorLinuxDistributor-do-not-delete

InspectorLinuxDistributor-do-not-delete

こちらの関連付けのドキュメントAmazonInspector2-ConfigureInspectorSsmPluginLinuxは以下の通りです。Amazon InspectorのSSMプラグインを設定していることが分かります。

{
  "schemaVersion": "2.2",
  "description": "Install or uninstall a Distributor package.",
  "parameters": {
    "action": {
      "description": "(Required) Specify whether or not to install or uninstall the package.",
      "type": "String",
      "allowedValues": [
        "Install",
        "Uninstall"
      ]
    },
    "installationType": {
      "description": "(Optional) Specify the type of installation. Uninstall and reinstall: The application is taken offline until the reinstallation process completes. In-place update: The application is available while new or updated files are added to the installation.",
      "type": "String",
      "allowedValues": [
        "Uninstall and reinstall",
        "In-place update"
      ],
      "default": "Uninstall and reinstall"
    },
    "name": {
      "description": "(Required) The package to install/uninstall.",
      "type": "String",
      "allowedPattern": "^arn:[a-z0-9][-.a-z0-9]{0,62}:[a-z0-9][-.a-z0-9]{0,62}:([a-z0-9][-.a-z0-9]{0,62})?:([a-z0-9][-.a-z0-9]{0,62})?:(package|document)\\/[a-zA-Z0-9/:.\\-_]{1,128}$|^[a-zA-Z0-9/:.\\-_]{1,128}$"
    },
    "version": {
      "description": "(Optional) The version of the package to install or uninstall. If you don't specify a version, the system installs the latest published version by default. The system will only attempt to uninstall the version that is currently installed. If no version of the package is installed, the system returns an error.",
      "type": "String",
      "default": ""
    },
    "additionalArguments": {
      "description": "(Optional) The additional parameters to provide to your install, uninstall, or update scripts.",
      "type": "StringMap",
      "displayType": "textarea",
      "default": {},
      "maxChars": 4096
    }
  },
  "mainSteps": [
    {
      "action": "aws:configurePackage",
      "precondition": {
        "StringEquals": [
          "platformType",
          "Linux"
        ]
      },
      "name": "configurePackage",
      "inputs": {
        "name": "{{ name }}",
        "action": "{{ action }}",
        "installationType": "{{installationType}}",
        "version": "{{ version }}",
        "additionalArguments": "{{ additionalArguments }}"
      }
    }
  ]
}

なお、2023/4/17以降にAmazon InspectorでEC2スキャンを有効化した場合は、自動でディープインスペクションも有効化されるようです。

Deep inspection is automatically activated as part of Amazon EC2 scanning for accounts that activate Amazon Inspector after April 17, 2023.

Scanning Amazon EC2 instances with Amazon Inspector - Amazon Inspector

npmで脆弱性のあるパッケージをインストール

ディープインスペクションの有効化ができたため、実際に動作確認をしてみます。

Amazon Linux 2023のEC2インスタンスでNode.jsをインストールします。

$ sudo dnf install nodejs -y
Last metadata expiration check: 1 day, 16:34:05 ago on Tue Apr 18 07:20:05 2023.
Dependencies resolved.
======================================================================================================================================================================
 Package                                Architecture                 Version                                                  Repository                         Size
======================================================================================================================================================================
Installing:
 nodejs                                 x86_64                       1:18.12.1-1.amzn2023.0.3                                 amazonlinux                        99 k
Installing dependencies:
 libbrotli                              x86_64                       1.0.9-4.amzn2023.0.2                                     amazonlinux                       315 k
 nodejs-libs                            x86_64                       1:18.12.1-1.amzn2023.0.3                                 amazonlinux                        14 M
Installing weak dependencies:
 nodejs-docs                            noarch                       1:18.12.1-1.amzn2023.0.3                                 amazonlinux                       7.2 M
 nodejs-full-i18n                       x86_64                       1:18.12.1-1.amzn2023.0.3                                 amazonlinux                       8.2 M
 npm                                    x86_64                       1:8.19.2-1.18.12.1.1.amzn2023.0.3                        amazonlinux                       2.0 M

Transaction Summary
======================================================================================================================================================================
Install  6 Packages

Total download size: 31 M
Installed size: 168 M
Downloading Packages:
(1/6): libbrotli-1.0.9-4.amzn2023.0.2.x86_64.rpm                                                                                      4.9 MB/s | 315 kB     00:00
(2/6): npm-8.19.2-1.18.12.1.1.amzn2023.0.3.x86_64.rpm                                                                                  15 MB/s | 2.0 MB     00:00
(3/6): nodejs-18.12.1-1.amzn2023.0.3.x86_64.rpm                                                                                       1.4 MB/s |  99 kB     00:00
(4/6): nodejs-libs-18.12.1-1.amzn2023.0.3.x86_64.rpm                                                                                   56 MB/s |  14 MB     00:00
(5/6): nodejs-full-i18n-18.12.1-1.amzn2023.0.3.x86_64.rpm                                                                              21 MB/s | 8.2 MB     00:00
(6/6): nodejs-docs-18.12.1-1.amzn2023.0.3.noarch.rpm                                                                                   27 MB/s | 7.2 MB     00:00
----------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                  58 MB/s |  31 MB     00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                              1/1
  Installing       : nodejs-docs-1:18.12.1-1.amzn2023.0.3.noarch                                                                                                  1/6
  Installing       : libbrotli-1.0.9-4.amzn2023.0.2.x86_64                                                                                                        2/6
  Installing       : nodejs-libs-1:18.12.1-1.amzn2023.0.3.x86_64                                                                                                  3/6
  Installing       : npm-1:8.19.2-1.18.12.1.1.amzn2023.0.3.x86_64                                                                                                 4/6
  Installing       : nodejs-1:18.12.1-1.amzn2023.0.3.x86_64                                                                                                       5/6
  Installing       : nodejs-full-i18n-1:18.12.1-1.amzn2023.0.3.x86_64                                                                                             6/6
  Running scriptlet: nodejs-full-i18n-1:18.12.1-1.amzn2023.0.3.x86_64                                                                                             6/6
  Verifying        : nodejs-full-i18n-1:18.12.1-1.amzn2023.0.3.x86_64                                                                                             1/6
  Verifying        : libbrotli-1.0.9-4.amzn2023.0.2.x86_64                                                                                                        2/6
  Verifying        : npm-1:8.19.2-1.18.12.1.1.amzn2023.0.3.x86_64                                                                                                 3/6
  Verifying        : nodejs-libs-1:18.12.1-1.amzn2023.0.3.x86_64                                                                                                  4/6
  Verifying        : nodejs-1:18.12.1-1.amzn2023.0.3.x86_64                                                                                                       5/6
  Verifying        : nodejs-docs-1:18.12.1-1.amzn2023.0.3.noarch                                                                                                  6/6
======================================================================================================================================================================
WARNING:
  A newer release of "Amazon Linux" is available.

  Available Versions:

  Version 2023.0.20230419:
    Run the following command to upgrade to 2023.0.20230419:

      dnf upgrade --releasever=2023.0.20230419

    Release notes:
     https://docs.aws.amazon.com/linux/al2023/release-notes/relnotes.html

======================================================================================================================================================================

Installed:
  libbrotli-1.0.9-4.amzn2023.0.2.x86_64                     nodejs-1:18.12.1-1.amzn2023.0.3.x86_64               nodejs-docs-1:18.12.1-1.amzn2023.0.3.noarch
  nodejs-full-i18n-1:18.12.1-1.amzn2023.0.3.x86_64          nodejs-libs-1:18.12.1-1.amzn2023.0.3.x86_64          npm-1:8.19.2-1.18.12.1.1.amzn2023.0.3.x86_64

Complete!

一緒にnpmもインストールされましたね。

npmで脆弱性のあるパッケージをインストールします。

今回はdecode-uri-component0.2.0をインストールします。

# decode-uri-component 0.2.0 をインストール
$ npm install [email protected]

added 1 package, and audited 2 packages in 586ms

1 high severity vulnerability

To address all issues, run:
  npm audit fix

Run `npm audit` for details.
npm notice
npm notice New major version of npm available! 8.19.2 -> 9.6.5
npm notice Changelog: https://github.com/npm/cli/releases/tag/v9.6.5
npm notice Run npm install -g [email protected] to update!
npm notice

# 脆弱性があることを確認
$ npm audit
# npm audit report

decode-uri-component  <0.2.1
Severity: high
decode-uri-component vulnerable to Denial of Service (DoS) - https://github.com/advisories/GHSA-w573-4hg7-7wgq
fix available via `npm audit fix`
node_modules/decode-uri-component

1 high severity vulnerability

To address all issues, run:
  npm audit fix

重要度(Severity)がhighであることが分かりますね。

手動によるスキャン

脆弱性のあるパッケージをインストールしたため、ディープインスペクションにより検出してみます。

流石に6時間も待てないので手動でアプリケーションインベントリを収集して、検出できるか確認します。

InvokeInspectorLinuxSsmPlugin-do-not-deleteの関連付けを選択して、適用します。

InvokeInspectorLinuxSsmPlugin-do-not-deleteの関連付けを今すぐ適用

適用後、Amazon Inspectorのコンソールで対象EC2インスタンスの検出結果を確認します。

新規検出結果は見つからず

しかし、インストールした脆弱性のあるパッケージdecode-uri-componentは検出されませんでした。

それはそのはず、こちらのパッケージをインストールしたパスはディープインスペクションのデフォルトパスに含まれていないためです。

$ pwd
/home/ec2-user

$ ls -l
total 12
drwxr-xr-x. 3 ec2-user ec2-user  60 Apr 20 00:35 node_modules
-rw-r--r--. 1 ec2-user ec2-user 833 Apr 20 00:35 package-lock.json
-rw-r--r--. 1 ec2-user ec2-user  65 Apr 20 00:35 package.json
-rw-r--r--. 1 ec2-user ec2-user   5 Mar 21 07:07 test-file
-rw-r--r--. 1 ec2-user ec2-user   0 Mar 21 07:03 test_20230321_065126

カスタムパスの追加

今回パッケージをインストールしたパスをスキャンするようにカスタムパスを追加します。

Amazon InspectorのコンソールのEC2スキャン設定からCustom paths for your own accountの編集をクリックします。

Custom paths for your own account

今回パッケージをインストールしたパス/home/ec2-userを指定して保存をクリックします。

:home:ec2-user の追加

/home/ec2-userがカスタムパスとして設定されたことを確認します。

:home:ec2-user が追加されたことを確認

手動によるスキャン (2回目)

下準備ができたため再度手動でスキャンします。

InvokeInspectorLinuxSsmPlugin-do-not-deleteの関連付け適用後、Amazon Inspectorのコンソールで対象EC2インスタンスの検出結果を確認します。

検出されたことを確認

npmでインストールしたdecode-uri-componentが検出されていますね。

タイトルをクリックすると、以下のようにCVEやインストール済みのバージョン、修正済みのバージョンなど様々な情報を確認することができます。

検出結果の詳細を確認

SSMプラグインの実行結果や各種ログの確認

以降、SSMプラグインの実行結果や各種ログを確認します。

InvokeInspectorLinuxSsmPlugin-do-not-delete適用時のSSM Run CommandのOutputは以下のようになっていました。

Checking the installation of inspector ssm plugin...
/opt/aws/inspector/bin/inspectorssmplugin exist
Inspector ssm plugin is installed.
Starting evaluation using inspector ssm plugin
InspectorDataPath= /opt/aws/inspector/var
InspectorInputRoot= /opt/aws/inspector/var/input
InspectorOutputRoot= /opt/aws/inspector/var/output
InspectorLogsRoot= /var/log/amazon/inspector
Inspector ssm plugin linux ran successfully

Linux向けのSSM プラグインが正常に実行できていそうですね。

SSMプラグインが収集した情報を管理するパスである/opt/aws/inspector/var/input/opt/aws/inspector/var/outputを確認します。

$ ls -lR /opt/aws/inspector/var/
/opt/aws/inspector/var/:
total 0
drwxr-xr-x. 2 root root  6 Apr 16 04:54 input
drwxr-xr-x. 2 root root 26 Apr 20 00:19 output

/opt/aws/inspector/var/input:
total 0

/opt/aws/inspector/var/output:
total 28
-rwxr-xr-x. 1 root root 27850 Apr 20 07:08 packages.txt

/opt/aws/inspector/var/output/packages.txtが出力されていますね。こちらにはディープインスペクションによって検出されたパッケージのパスなどの情報が出力されています。実際に確認してみましょう。

$ cat /opt/aws/inspector/var/output/packages.txt
#name   version sha1    language        pkgType purl    location
@colors/colors  1.5.0           javascript      npm     pkg:npm/%40colors%[email protected]        /usr/lib/node_modules/npm/node_modules/@colors/colors/package.json
@gar/promisify  1.1.3           javascript      npm     pkg:npm/%40gar%[email protected]        /usr/lib/node_modules/npm/node_modules/@gar/promisify/package.json
@isaacs/string-locale-compare   1.1.0           javascript      npm     pkg:npm/%40isaacs%[email protected] /usr/lib/node_modules/npm/node_modules/@isaacs/string-locale-compare/package.json
@npmcli/arborist        5.6.2           javascript      npm     pkg:npm/%40npmcli%[email protected]      /usr/lib/node_modules/npm/node_modules/@npmcli/arborist/package.json
@npmcli/ci-detect       2.0.0           javascript      npm     pkg:npm/%40npmcli%[email protected]     /usr/lib/node_modules/npm/node_modules/@npmcli/ci-detect/package.json
@npmcli/config  4.2.2           javascript      npm     pkg:npm/%40npmcli%[email protected]        /usr/lib/node_modules/npm/node_modules/@npmcli/config/package.json
@npmcli/disparity-colors        2.0.0           javascript      npm     pkg:npm/%40npmcli%[email protected]      /usr/lib/node_modules/npm/node_modules/@npmcli/disparity-colors/package.json
@npmcli/fs      2.1.2           javascript      npm     pkg:npm/%40npmcli%[email protected]    /usr/lib/node_modules/npm/node_modules/@npmcli/fs/package.json
@npmcli/git     3.0.2           javascript      npm     pkg:npm/%40npmcli%[email protected]   /usr/lib/node_modules/npm/node_modules/@npmcli/git/package.json
@npmcli/installed-package-contents      1.0.7           javascript      npm     pkg:npm/%40npmcli%[email protected]    /usr/lib/node_modules/npm/node_modules/@npmcli/installed-package-contents/package.json
@npmcli/map-workspaces  2.0.4           javascript      npm     pkg:npm/%40npmcli%[email protected]        /usr/lib/node_modules/npm/node_modules/@npmcli/map-workspaces/package.json
@npmcli/metavuln-calculator     3.1.1           javascript      npm     pkg:npm/%40npmcli%[email protected]   /usr/lib/node_modules/npm/node_modules/@npmcli/metavuln-calculator/package.json
@npmcli/move-file       2.0.1           javascript      npm     pkg:npm/%40npmcli%[email protected]     /usr/lib/node_modules/npm/node_modules/@npmcli/move-file/package.json
@npmcli/name-from-folder        1.0.1           javascript      npm     pkg:npm/%40npmcli%[email protected]      /usr/lib/node_modules/npm/node_modules/@npmcli/name-from-folder/package.json
@npmcli/node-gyp        2.0.0           javascript      npm     pkg:npm/%40npmcli%[email protected]      /usr/lib/node_modules/npm/node_modules/@npmcli/node-gyp/package.json
@npmcli/package-json    2.0.0           javascript      npm     pkg:npm/%40npmcli%[email protected]  /usr/lib/node_modules/npm/node_modules/@npmcli/package-json/package.json
@npmcli/promise-spawn   3.0.0           javascript      npm     pkg:npm/%40npmcli%[email protected] /usr/lib/node_modules/npm/node_modules/@npmcli/promise-spawn/package.json
@npmcli/query   1.2.0           javascript      npm     pkg:npm/%40npmcli%[email protected] /usr/lib/node_modules/npm/node_modules/@npmcli/query/package.json
@npmcli/run-script      4.2.1           javascript      npm     pkg:npm/%40npmcli%[email protected]    /usr/lib/node_modules/npm/node_modules/@npmcli/run-script/package.json
@tootallnate/once       2.0.0           javascript      npm     pkg:npm/%40tootallnate%[email protected]     /usr/lib/node_modules/npm/node_modules/@tootallnate/once/package.json
abbrev  1.1.1           javascript      npm     pkg:npm/[email protected]    /usr/lib/node_modules/npm/node_modules/abbrev/package.json
agent-base      6.0.2           javascript      npm     pkg:npm/[email protected]        /usr/lib/node_modules/npm/node_modules/agent-base/package.json
agentkeepalive  4.2.1           javascript      npm     pkg:npm/[email protected]    /usr/lib/node_modules/npm/node_modules/agentkeepalive/package.json
aggregate-error 3.1.0           javascript      npm     pkg:npm/[email protected]   /usr/lib/node_modules/npm/node_modules/aggregate-error/package.json
ansi-regex      5.0.1           javascript      npm     pkg:npm/[email protected]        /usr/lib/node_modules/npm/node_modules/ansi-regex/package.json
ansi-styles     4.3.0           javascript      npm     pkg:npm/[email protected]       /usr/lib/node_modules/npm/node_modules/ansi-styles/package.json
aproba  2.0.0           javascript      npm     pkg:npm/[email protected]    /usr/lib/node_modules/npm/node_modules/aproba/package.json
archy   1.0.0           javascript      npm     pkg:npm/[email protected]     /usr/lib/node_modules/npm/node_modules/archy/package.json
are-we-there-yet        3.0.1           javascript      npm     pkg:npm/[email protected]  /usr/lib/node_modules/npm/node_modules/are-we-there-yet/package.json
asap    2.0.6           javascript      npm     pkg:npm/[email protected]      /usr/lib/node_modules/npm/node_modules/asap/package.json
balanced-match  1.0.2           javascript      npm     pkg:npm/[email protected]    /usr/lib/node_modules/npm/node_modules/balanced-match/package.json
bin-links       3.0.3           javascript      npm     pkg:npm/[email protected] /usr/lib/node_modules/npm/node_modules/bin-links/package.json
binary-extensions       2.2.0           javascript      npm     pkg:npm/[email protected] /usr/lib/node_modules/npm/node_modules/binary-extensions/package.json
brace-expansion 1.1.11          javascript      npm     pkg:npm/[email protected]  /usr/lib/node_modules/npm/node_modules/node-gyp/node_modules/brace-expansion/package.json
brace-expansion 1.1.11          javascript      npm     pkg:npm/[email protected]  /usr/lib/node_modules/npm/node_modules/rimraf/node_modules/brace-expansion/package.json
brace-expansion 2.0.1           javascript      npm     pkg:npm/[email protected]   /usr/lib/node_modules/npm/node_modules/brace-expansion/package.json
builtins        5.0.1           javascript      npm     pkg:npm/[email protected]  /usr/lib/node_modules/npm/node_modules/builtins/package.json
cacache 16.1.3          javascript      npm     pkg:npm/[email protected]  /usr/lib/node_modules/npm/node_modules/cacache/package.json
chalk   4.1.2           javascript      npm     pkg:npm/[email protected]     /usr/lib/node_modules/npm/node_modules/chalk/package.json
chownr  2.0.0           javascript      npm     pkg:npm/[email protected]    /usr/lib/node_modules/npm/node_modules/chownr/package.json
cidr-regex      3.1.1           javascript      npm     pkg:npm/[email protected]        /usr/lib/node_modules/npm/node_modules/cidr-regex/package.json
clean-stack     2.2.0           javascript      npm     pkg:npm/[email protected]       /usr/lib/node_modules/npm/node_modules/clean-stack/package.json
cli-columns     4.0.0           javascript      npm     pkg:npm/[email protected]       /usr/lib/node_modules/npm/node_modules/cli-columns/package.json
cli-table3      0.6.2           javascript      npm     pkg:npm/[email protected]        /usr/lib/node_modules/npm/node_modules/cli-table3/package.json
clone   1.0.4           javascript      npm     pkg:npm/[email protected]     /usr/lib/node_modules/npm/node_modules/clone/package.json
cmd-shim        5.0.0           javascript      npm     pkg:npm/[email protected]  /usr/lib/node_modules/npm/node_modules/cmd-shim/package.json
color-convert   2.0.1           javascript      npm     pkg:npm/[email protected]     /usr/lib/node_modules/npm/node_modules/color-convert/package.json
color-name      1.1.4           javascript      npm     pkg:npm/[email protected]        /usr/lib/node_modules/npm/node_modules/color-name/package.json
color-support   1.1.3           javascript      npm     pkg:npm/[email protected]     /usr/lib/node_modules/npm/node_modules/color-support/package.json
columnify       1.6.0           javascript      npm     pkg:npm/[email protected] /usr/lib/node_modules/npm/node_modules/columnify/package.json
common-ancestor-path    1.0.1           javascript      npm     pkg:npm/[email protected]      /usr/lib/node_modules/npm/node_modules/common-ancestor-path/package.json
concat-map      0.0.1           javascript      npm     pkg:npm/[email protected]        /usr/lib/node_modules/npm/node_modules/concat-map/package.json
console-control-strings 1.1.0           javascript      npm     pkg:npm/[email protected]   /usr/lib/node_modules/npm/node_modules/console-control-strings/package.json
cssesc  3.0.0           javascript      npm     pkg:npm/[email protected]    /usr/lib/node_modules/npm/node_modules/cssesc/package.json
debug   4.3.4           javascript      npm     pkg:npm/[email protected]     /usr/lib/node_modules/npm/node_modules/debug/package.json
debuglog        1.0.1           javascript      npm     pkg:npm/[email protected]  /usr/lib/node_modules/npm/node_modules/debuglog/package.json
decode-uri-component    0.2.0           javascript      npm     pkg:npm/[email protected]      /home/ec2-user/node_modules/decode-uri-component/package.json
defaults        1.0.3           javascript      npm     pkg:npm/[email protected]  /usr/lib/node_modules/npm/node_modules/defaults/package.json
delegates       1.0.0           javascript      npm     pkg:npm/[email protected] /usr/lib/node_modules/npm/node_modules/delegates/package.json
depd    1.1.2           javascript      npm     pkg:npm/[email protected]      /usr/lib/node_modules/npm/node_modules/depd/package.json
dezalgo 1.0.4           javascript      npm     pkg:npm/[email protected]   /usr/lib/node_modules/npm/node_modules/dezalgo/package.json
diff    5.1.0           javascript      npm     pkg:npm/[email protected]      /usr/lib/node_modules/npm/node_modules/diff/package.json
emoji-regex     8.0.0           javascript      npm     pkg:npm/[email protected]       /usr/lib/node_modules/npm/node_modules/emoji-regex/package.json
encoding        0.1.13          javascript      npm     pkg:npm/[email protected] /usr/lib/node_modules/npm/node_modules/encoding/package.json
env-paths       2.2.1           javascript      npm     pkg:npm/[email protected] /usr/lib/node_modules/npm/node_modules/env-paths/package.json
err-code        2.0.3           javascript      npm     pkg:npm/[email protected]  /usr/lib/node_modules/npm/node_modules/err-code/package.json
fastest-levenshtein     1.0.12          javascript      npm     pkg:npm/[email protected]      /usr/lib/node_modules/npm/node_modules/fastest-levenshtein/package.json
fs-minipass     2.1.0           javascript      npm     pkg:npm/[email protected]       /usr/lib/node_modules/npm/node_modules/fs-minipass/package.json
fs.realpath     1.0.0           javascript      npm     pkg:npm/[email protected]       /usr/lib/node_modules/npm/node_modules/fs.realpath/package.json
function-bind   1.1.1           javascript      npm     pkg:npm/[email protected]     /usr/lib/node_modules/npm/node_modules/function-bind/package.json
gauge   4.0.4           javascript      npm     pkg:npm/[email protected]     /usr/lib/node_modules/npm/node_modules/gauge/package.json
glob    7.2.3           javascript      npm     pkg:npm/[email protected]      /usr/lib/node_modules/npm/node_modules/node-gyp/node_modules/glob/package.json
glob    7.2.3           javascript      npm     pkg:npm/[email protected]      /usr/lib/node_modules/npm/node_modules/rimraf/node_modules/glob/package.json
glob    8.0.3           javascript      npm     pkg:npm/[email protected]      /usr/lib/node_modules/npm/node_modules/glob/package.json
graceful-fs     4.2.10          javascript      npm     pkg:npm/[email protected]      /usr/lib/node_modules/npm/node_modules/graceful-fs/package.json
has     1.0.3           javascript      npm     pkg:npm/[email protected]       /usr/lib/node_modules/npm/node_modules/has/package.json
has-flag        4.0.0           javascript      npm     pkg:npm/[email protected]  /usr/lib/node_modules/npm/node_modules/has-flag/package.json
has-unicode     2.0.1           javascript      npm     pkg:npm/[email protected]       /usr/lib/node_modules/npm/node_modules/has-unicode/package.json
hosted-git-info 5.1.0           javascript      npm     pkg:npm/[email protected]   /usr/lib/node_modules/npm/node_modules/hosted-git-info/package.json
http-cache-semantics    4.1.1           javascript      npm     pkg:npm/[email protected]      /usr/lib/node_modules/npm/node_modules/http-cache-semantics/package.json
http-proxy-agent        5.0.0           javascript      npm     pkg:npm/[email protected]  /usr/lib/node_modules/npm/node_modules/http-proxy-agent/package.json
https-proxy-agent       5.0.1           javascript      npm     pkg:npm/[email protected] /usr/lib/node_modules/npm/node_modules/https-proxy-agent/package.json
humanize-ms     1.2.1           javascript      npm     pkg:npm/[email protected]       /usr/lib/node_modules/npm/node_modules/humanize-ms/package.json
iconv-lite      0.6.3           javascript      npm     pkg:npm/[email protected]        /usr/lib/node_modules/npm/node_modules/iconv-lite/package.json
ignore-walk     5.0.1           javascript      npm     pkg:npm/[email protected]       /usr/lib/node_modules/npm/node_modules/ignore-walk/package.json
imurmurhash     0.1.4           javascript      npm     pkg:npm/[email protected]       /usr/lib/node_modules/npm/node_modules/imurmurhash/package.json
indent-string   4.0.0           javascript      npm     pkg:npm/[email protected]     /usr/lib/node_modules/npm/node_modules/indent-string/package.json
infer-owner     1.0.4           javascript      npm     pkg:npm/[email protected]       /usr/lib/node_modules/npm/node_modules/infer-owner/package.json
inflight        1.0.6           javascript      npm     pkg:npm/[email protected]  /usr/lib/node_modules/npm/node_modules/inflight/package.json
inherits        2.0.4           javascript      npm     pkg:npm/[email protected]  /usr/lib/node_modules/npm/node_modules/inherits/package.json
ini     3.0.1           javascript      npm     pkg:npm/[email protected]       /usr/lib/node_modules/npm/node_modules/ini/package.json
init-package-json       3.0.2           javascript      npm     pkg:npm/[email protected] /usr/lib/node_modules/npm/node_modules/init-package-json/package.json
ip      2.0.0           javascript      npm     pkg:npm/[email protected]        /usr/lib/node_modules/npm/node_modules/ip/package.json
ip-regex        4.3.0           javascript      npm     pkg:npm/[email protected]  /usr/lib/node_modules/npm/node_modules/ip-regex/package.json
is-cidr 4.0.2           javascript      npm     pkg:npm/[email protected]   /usr/lib/node_modules/npm/node_modules/is-cidr/package.json
is-core-module  2.10.0          javascript      npm     pkg:npm/[email protected]   /usr/lib/node_modules/npm/node_modules/is-core-module/package.json
is-fullwidth-code-point 3.0.0           javascript      npm     pkg:npm/[email protected]   /usr/lib/node_modules/npm/node_modules/is-fullwidth-code-point/package.json
is-lambda       1.0.1           javascript      npm     pkg:npm/[email protected] /usr/lib/node_modules/npm/node_modules/is-lambda/package.json
isexe   2.0.0           javascript      npm     pkg:npm/[email protected]     /usr/lib/node_modules/npm/node_modules/isexe/package.json
json-parse-even-better-errors   2.3.1           javascript      npm     pkg:npm/[email protected]     /usr/lib/node_modules/npm/node_modules/json-parse-even-better-errors/package.json
json-stringify-nice     1.1.4           javascript      npm     pkg:npm/[email protected]       /usr/lib/node_modules/npm/node_modules/json-stringify-nice/package.json
jsonparse       1.3.1           javascript      npm     pkg:npm/[email protected] /usr/lib/node_modules/npm/node_modules/jsonparse/package.json
just-diff       5.1.1           javascript      npm     pkg:npm/[email protected] /usr/lib/node_modules/npm/node_modules/just-diff/package.json
just-diff-apply 5.4.1           javascript      npm     pkg:npm/[email protected]   /usr/lib/node_modules/npm/node_modules/just-diff-apply/package.json
libnpmaccess    6.0.4           javascript      npm     pkg:npm/[email protected]      /usr/lib/node_modules/npm/node_modules/libnpmaccess/package.json
libnpmdiff      4.0.5           javascript      npm     pkg:npm/[email protected]        /usr/lib/node_modules/npm/node_modules/libnpmdiff/package.json
libnpmexec      4.0.13          javascript      npm     pkg:npm/[email protected]       /usr/lib/node_modules/npm/node_modules/libnpmexec/package.json
libnpmfund      3.0.4           javascript      npm     pkg:npm/[email protected]        /usr/lib/node_modules/npm/node_modules/libnpmfund/package.json
libnpmhook      8.0.4           javascript      npm     pkg:npm/[email protected]        /usr/lib/node_modules/npm/node_modules/libnpmhook/package.json
libnpmorg       4.0.4           javascript      npm     pkg:npm/[email protected] /usr/lib/node_modules/npm/node_modules/libnpmorg/package.json
libnpmpack      4.1.3           javascript      npm     pkg:npm/[email protected]        /usr/lib/node_modules/npm/node_modules/libnpmpack/package.json
libnpmpublish   6.0.5           javascript      npm     pkg:npm/[email protected]     /usr/lib/node_modules/npm/node_modules/libnpmpublish/package.json
libnpmsearch    5.0.4           javascript      npm     pkg:npm/[email protected]      /usr/lib/node_modules/npm/node_modules/libnpmsearch/package.json
libnpmteam      4.0.4           javascript      npm     pkg:npm/[email protected]        /usr/lib/node_modules/npm/node_modules/libnpmteam/package.json
libnpmversion   3.0.7           javascript      npm     pkg:npm/[email protected]     /usr/lib/node_modules/npm/node_modules/libnpmversion/package.json
lru-cache       6.0.0           javascript      npm     pkg:npm/[email protected] /usr/lib/node_modules/npm/node_modules/semver/node_modules/lru-cache/package.json
lru-cache       7.13.2          javascript      npm     pkg:npm/[email protected]        /usr/lib/node_modules/npm/node_modules/lru-cache/package.json
make-fetch-happen       10.2.1          javascript      npm     pkg:npm/[email protected]        /usr/lib/node_modules/npm/node_modules/make-fetch-happen/package.json
minimatch       3.1.2           javascript      npm     pkg:npm/[email protected] /usr/lib/node_modules/npm/node_modules/node-gyp/node_modules/minimatch/package.json
minimatch       3.1.2           javascript      npm     pkg:npm/[email protected] /usr/lib/node_modules/npm/node_modules/rimraf/node_modules/minimatch/package.json
minimatch       5.1.0           javascript      npm     pkg:npm/[email protected] /usr/lib/node_modules/npm/node_modules/minimatch/package.json
minipass        3.3.4           javascript      npm     pkg:npm/[email protected]  /usr/lib/node_modules/npm/node_modules/minipass/package.json
minipass-collect        1.0.2           javascript      npm     pkg:npm/[email protected]  /usr/lib/node_modules/npm/node_modules/minipass-collect/package.json
minipass-fetch  2.1.1           javascript      npm     pkg:npm/[email protected]    /usr/lib/node_modules/npm/node_modules/minipass-fetch/package.json
minipass-flush  1.0.5           javascript      npm     pkg:npm/[email protected]    /usr/lib/node_modules/npm/node_modules/minipass-flush/package.json
minipass-json-stream    1.0.1           javascript      npm     pkg:npm/[email protected]      /usr/lib/node_modules/npm/node_modules/minipass-json-stream/package.json
minipass-pipeline       1.2.4           javascript      npm     pkg:npm/[email protected] /usr/lib/node_modules/npm/node_modules/minipass-pipeline/package.json
minipass-sized  1.0.3           javascript      npm     pkg:npm/[email protected]    /usr/lib/node_modules/npm/node_modules/minipass-sized/package.json
minizlib        2.1.2           javascript      npm     pkg:npm/[email protected]  /usr/lib/node_modules/npm/node_modules/minizlib/package.json
mkdirp  1.0.4           javascript      npm     pkg:npm/[email protected]    /usr/lib/node_modules/npm/node_modules/mkdirp/package.json
mkdirp-infer-owner      2.0.0           javascript      npm     pkg:npm/[email protected]        /usr/lib/node_modules/npm/node_modules/mkdirp-infer-owner/package.json
ms      2.1.2           javascript      npm     pkg:npm/[email protected]        /usr/lib/node_modules/npm/node_modules/debug/node_modules/ms/package.json
ms      2.1.3           javascript      npm     pkg:npm/[email protected]        /usr/lib/node_modules/npm/node_modules/ms/package.json
mute-stream     0.0.8           javascript      npm     pkg:npm/[email protected]       /usr/lib/node_modules/npm/node_modules/mute-stream/package.json
negotiator      0.6.3           javascript      npm     pkg:npm/[email protected]        /usr/lib/node_modules/npm/node_modules/negotiator/package.json
node-gyp        9.1.0           javascript      npm     pkg:npm/[email protected]  /usr/lib/node_modules/npm/node_modules/node-gyp/package.json
nopt    5.0.0           javascript      npm     pkg:npm/[email protected]      /usr/lib/node_modules/npm/node_modules/node-gyp/node_modules/nopt/package.json
nopt    6.0.0           javascript      npm     pkg:npm/[email protected]      /usr/lib/node_modules/npm/node_modules/nopt/package.json
normalize-package-data  4.0.1           javascript      npm     pkg:npm/[email protected]    /usr/lib/node_modules/npm/node_modules/normalize-package-data/package.json
npm     8.19.2          javascript      npm     pkg:npm/[email protected]      /usr/lib/node_modules/npm/package.json
npm-audit-report        3.0.0           javascript      npm     pkg:npm/[email protected]  /usr/lib/node_modules/npm/node_modules/npm-audit-report/package.json
npm-bundled     1.1.2           javascript      npm     pkg:npm/[email protected]       /usr/lib/node_modules/npm/node_modules/@npmcli/installed-package-contents/node_modules/npm-bundled/package.json
npm-bundled     2.0.1           javascript      npm     pkg:npm/[email protected]       /usr/lib/node_modules/npm/node_modules/npm-bundled/package.json
npm-init        0.0.0           javascript      npm     pkg:npm/[email protected]  /usr/lib/node_modules/npm/node_modules/promzard/example/npm-init/package.json
npm-install-checks      5.0.0           javascript      npm     pkg:npm/[email protected]        /usr/lib/node_modules/npm/node_modules/npm-install-checks/package.json
npm-normalize-package-bin       1.0.1           javascript      npm     pkg:npm/[email protected] /usr/lib/node_modules/npm/node_modules/npm-normalize-package-bin/package.json
npm-normalize-package-bin       2.0.0           javascript      npm     pkg:npm/[email protected] /usr/lib/node_modules/npm/node_modules/bin-links/node_modules/npm-normalize-package-bin/package.json
npm-normalize-package-bin       2.0.0           javascript      npm     pkg:npm/[email protected] /usr/lib/node_modules/npm/node_modules/npm-bundled/node_modules/npm-normalize-package-bin/package.json
npm-normalize-package-bin       2.0.0           javascript      npm     pkg:npm/[email protected] /usr/lib/node_modules/npm/node_modules/npm-packlist/node_modules/npm-normalize-package-bin/package.json
npm-normalize-package-bin       2.0.0           javascript      npm     pkg:npm/[email protected] /usr/lib/node_modules/npm/node_modules/npm-pick-manifest/node_modules/npm-normalize-package-bin/package.json
npm-normalize-package-bin       2.0.0           javascript      npm     pkg:npm/[email protected] /usr/lib/node_modules/npm/node_modules/read-package-json/node_modules/npm-normalize-package-bin/package.json
npm-package-arg 9.1.0           javascript      npm     pkg:npm/[email protected]   /usr/lib/node_modules/npm/node_modules/npm-package-arg/package.json
npm-packlist    5.1.3           javascript      npm     pkg:npm/[email protected]      /usr/lib/node_modules/npm/node_modules/npm-packlist/package.json
npm-pick-manifest       7.0.2           javascript      npm     pkg:npm/[email protected] /usr/lib/node_modules/npm/node_modules/npm-pick-manifest/package.json
npm-profile     6.2.1           javascript      npm     pkg:npm/[email protected]       /usr/lib/node_modules/npm/node_modules/npm-profile/package.json
npm-registry-fetch      13.3.1          javascript      npm     pkg:npm/[email protected]       /usr/lib/node_modules/npm/node_modules/npm-registry-fetch/package.json
npm-user-validate       1.0.1           javascript      npm     pkg:npm/[email protected] /usr/lib/node_modules/npm/node_modules/npm-user-validate/package.json
npmlog  6.0.2           javascript      npm     pkg:npm/[email protected]    /usr/lib/node_modules/npm/node_modules/npmlog/package.json
once    1.4.0           javascript      npm     pkg:npm/[email protected]      /usr/lib/node_modules/npm/node_modules/once/package.json
opener  1.5.2           javascript      npm     pkg:npm/[email protected]    /usr/lib/node_modules/npm/node_modules/opener/package.json
p-map   4.0.0           javascript      npm     pkg:npm/[email protected]     /usr/lib/node_modules/npm/node_modules/p-map/package.json
pacote  13.6.2          javascript      npm     pkg:npm/[email protected]   /usr/lib/node_modules/npm/node_modules/pacote/package.json
parse-conflict-json     2.0.2           javascript      npm     pkg:npm/[email protected]       /usr/lib/node_modules/npm/node_modules/parse-conflict-json/package.json
path-is-absolute        1.0.1           javascript      npm     pkg:npm/[email protected]  /usr/lib/node_modules/npm/node_modules/path-is-absolute/package.json
postcss-selector-parser 6.0.10          javascript      npm     pkg:npm/[email protected]  /usr/lib/node_modules/npm/node_modules/postcss-selector-parser/package.json
proc-log        2.0.1           javascript      npm     pkg:npm/[email protected]  /usr/lib/node_modules/npm/node_modules/proc-log/package.json
promise-all-reject-late 1.0.1           javascript      npm     pkg:npm/[email protected]   /usr/lib/node_modules/npm/node_modules/promise-all-reject-late/package.json
promise-call-limit      1.0.1           javascript      npm     pkg:npm/[email protected]        /usr/lib/node_modules/npm/node_modules/promise-call-limit/package.json
promise-inflight        1.0.1           javascript      npm     pkg:npm/[email protected]  /usr/lib/node_modules/npm/node_modules/promise-inflight/package.json
promise-retry   2.0.1           javascript      npm     pkg:npm/[email protected]     /usr/lib/node_modules/npm/node_modules/promise-retry/package.json
promzard        0.3.0           javascript      npm     pkg:npm/[email protected]  /usr/lib/node_modules/npm/node_modules/promzard/package.json
qrcode-terminal 0.12.0          javascript      npm     pkg:npm/[email protected]  /usr/lib/node_modules/npm/node_modules/qrcode-terminal/package.json
read    1.0.7           javascript      npm     pkg:npm/[email protected]      /usr/lib/node_modules/npm/node_modules/read/package.json
read-cmd-shim   3.0.0           javascript      npm     pkg:npm/[email protected]     /usr/lib/node_modules/npm/node_modules/read-cmd-shim/package.json
read-package-json       5.0.2           javascript      npm     pkg:npm/[email protected] /usr/lib/node_modules/npm/node_modules/read-package-json/package.json
read-package-json-fast  2.0.3           javascript      npm     pkg:npm/[email protected]    /usr/lib/node_modules/npm/node_modules/read-package-json-fast/package.json
readable-stream 3.6.0           javascript      npm     pkg:npm/[email protected]   /usr/lib/node_modules/npm/node_modules/readable-stream/package.json
readdir-scoped-modules  1.1.0           javascript      npm     pkg:npm/[email protected]    /usr/lib/node_modules/npm/node_modules/readdir-scoped-modules/package.json
retry   0.12.0          javascript      npm     pkg:npm/[email protected]    /usr/lib/node_modules/npm/node_modules/retry/package.json
rimraf  3.0.2           javascript      npm     pkg:npm/[email protected]    /usr/lib/node_modules/npm/node_modules/rimraf/package.json
safe-buffer     5.2.1           javascript      npm     pkg:npm/[email protected]       /usr/lib/node_modules/npm/node_modules/safe-buffer/package.json
safer-buffer    2.1.2           javascript      npm     pkg:npm/[email protected]      /usr/lib/node_modules/npm/node_modules/safer-buffer/package.json
semver  7.3.7           javascript      npm     pkg:npm/[email protected]    /usr/lib/node_modules/npm/node_modules/semver/package.json
set-blocking    2.0.0           javascript      npm     pkg:npm/[email protected]      /usr/lib/node_modules/npm/node_modules/set-blocking/package.json
signal-exit     3.0.7           javascript      npm     pkg:npm/[email protected]       /usr/lib/node_modules/npm/node_modules/signal-exit/package.json
smart-buffer    4.2.0           javascript      npm     pkg:npm/[email protected]      /usr/lib/node_modules/npm/node_modules/smart-buffer/package.json
socks   2.7.0           javascript      npm     pkg:npm/[email protected]     /usr/lib/node_modules/npm/node_modules/socks/package.json
socks-proxy-agent       7.0.0           javascript      npm     pkg:npm/[email protected] /usr/lib/node_modules/npm/node_modules/socks-proxy-agent/package.json
spdx-correct    3.1.1           javascript      npm     pkg:npm/[email protected]      /usr/lib/node_modules/npm/node_modules/spdx-correct/package.json
spdx-exceptions 2.3.0           javascript      npm     pkg:npm/[email protected]   /usr/lib/node_modules/npm/node_modules/spdx-exceptions/package.json
spdx-expression-parse   3.0.1           javascript      npm     pkg:npm/[email protected]     /usr/lib/node_modules/npm/node_modules/spdx-expression-parse/package.json
spdx-license-ids        3.0.11          javascript      npm     pkg:npm/[email protected] /usr/lib/node_modules/npm/node_modules/spdx-license-ids/package.json
ssri    9.0.1           javascript      npm     pkg:npm/[email protected]      /usr/lib/node_modules/npm/node_modules/ssri/package.json
string-width    4.2.3           javascript      npm     pkg:npm/[email protected]      /usr/lib/node_modules/npm/node_modules/string-width/package.json
string_decoder  1.3.0           javascript      npm     pkg:npm/[email protected]    /usr/lib/node_modules/npm/node_modules/string_decoder/package.json
strip-ansi      6.0.1           javascript      npm     pkg:npm/[email protected]        /usr/lib/node_modules/npm/node_modules/strip-ansi/package.json
supports-color  7.2.0           javascript      npm     pkg:npm/[email protected]    /usr/lib/node_modules/npm/node_modules/supports-color/package.json
tar     6.1.11          javascript      npm     pkg:npm/[email protected]      /usr/lib/node_modules/npm/node_modules/tar/package.json
text-table      0.2.0           javascript      npm     pkg:npm/[email protected]        /usr/lib/node_modules/npm/node_modules/text-table/package.json
tiny-relative-date      1.3.0           javascript      npm     pkg:npm/[email protected]        /usr/lib/node_modules/npm/node_modules/tiny-relative-date/package.json
treeverse       2.0.0           javascript      npm     pkg:npm/[email protected] /usr/lib/node_modules/npm/node_modules/treeverse/package.json
unique-filename 2.0.1           javascript      npm     pkg:npm/[email protected]   /usr/lib/node_modules/npm/node_modules/unique-filename/package.json
unique-slug     3.0.0           javascript      npm     pkg:npm/[email protected]       /usr/lib/node_modules/npm/node_modules/unique-slug/package.json
util-deprecate  1.0.2           javascript      npm     pkg:npm/[email protected]    /usr/lib/node_modules/npm/node_modules/util-deprecate/package.json
validate-npm-package-license    3.0.4           javascript      npm     pkg:npm/[email protected]      /usr/lib/node_modules/npm/node_modules/validate-npm-package-license/package.json
validate-npm-package-name       4.0.0           javascript      npm     pkg:npm/[email protected] /usr/lib/node_modules/npm/node_modules/validate-npm-package-name/package.json
walk-up-path    1.0.0           javascript      npm     pkg:npm/[email protected]      /usr/lib/node_modules/npm/node_modules/walk-up-path/package.json
wcwidth 1.0.1           javascript      npm     pkg:npm/[email protected]   /usr/lib/node_modules/npm/node_modules/wcwidth/package.json
which   2.0.2           javascript      npm     pkg:npm/[email protected]     /usr/lib/node_modules/npm/node_modules/which/package.json
wide-align      1.1.5           javascript      npm     pkg:npm/[email protected]        /usr/lib/node_modules/npm/node_modules/wide-align/package.json
wrappy  1.0.2           javascript      npm     pkg:npm/[email protected]    /usr/lib/node_modules/npm/node_modules/wrappy/package.json
write-file-atomic       4.0.2           javascript      npm     pkg:npm/[email protected] /usr/lib/node_modules/npm/node_modules/write-file-atomic/package.json
yallist 4.0.0           javascript      npm     pkg:npm/[email protected]   /usr/lib/node_modules/npm/node_modules/yallist/package.json

decode-uri-componentのバージョンやパスなどの情報が表示されていますね。また、デフォルトパスの/usr/lib/配下にインストールされているパッケージの情報も収集されていることが分かります。

最後に/var/log/amazon/inspector/配下に出力されるSSMプラグインのログを確認します。

$ cat /var/log/amazon/inspector/scitor.log.2023-04-20-00
Thu Apr 20 00:19:35 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/main.go:44 main.execCmd(): Version: 1.0.558.0
Thu Apr 20 00:19:35 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/main.go:45 main.execCmd(): UTC Build Time: 2023-04-16T00:33:30+0000
Thu Apr 20 00:19:35 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/cmd/bpm.go:59 golang.a2z.com/inspectorssmplugin/cmd.ExecBpmScan(): bpm scan started
.
.
(中略)
.
.
Thu Apr 20 00:19:37 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/appconfig/appconfig.go:169 golang.a2z.com/inspectorssmplugin/appconfig.CleanupLogs(): logs cleanup completed
Thu Apr 20 00:44:07 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/main.go:44 main.execCmd(): Version: 1.0.558.0
Thu Apr 20 00:44:07 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/main.go:45 main.execCmd(): UTC Build Time: 2023-04-16T00:33:30+0000
Thu Apr 20 00:44:07 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/cmd/bpm.go:59 golang.a2z.com/inspectorssmplugin/cmd.ExecBpmScan(): bpm scan started
.
.
(中略)
.
.
Thu Apr 20 00:44:09 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/appconfig/appconfig.go:144 golang.a2z.com/inspectorssmplugin/appconfig.CleanupLogs(): logs cleanup started
Thu Apr 20 00:44:09 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/appconfig/appconfig.go:166 golang.a2z.com/inspectorssmplugin/appconfig.CleanupLogs(): number of log files 1 is less than or equal the limit 7
Thu Apr 20 00:44:09 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/appconfig/appconfig.go:169 golang.a2z.com/inspectorssmplugin/appconfig.CleanupLogs(): logs cleanup completed
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/main.go:44 main.execCmd(): Version: 1.0.558.0
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/main.go:45 main.execCmd(): UTC Build Time: 2023-04-16T00:33:30+0000
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/cmd/bpm.go:59 golang.a2z.com/inspectorssmplugin/cmd.ExecBpmScan(): bpm scan started
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/identity/identity.go:44 golang.a2z.com/inspectorssmplugin/identity.NewIdentity(): ec2 metadata region=us-east-1 instance-id=i-05fe2d212f05e9ed7 instance-type=t3.micro
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/identity/identity.go:82 golang.a2z.com/inspectorssmplugin/identity.(*Identity).Credentials(): use ec2 role provider for credentials
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/cmd/bpm.go:107 golang.a2z.com/inspectorssmplugin/cmd.ExecBpmScan(): files system traversal depth=-1 max directories under specified root=-1
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/inventory/pacman/pacman_linux.go:79 golang.a2z.com/inspectorssmplugin/inventory/pacman.(*PackageManager).GetPythonPackageMetadataLocation(): using '' to gather python package locations
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/inventory/pacman/pacman_linux.go:91 golang.a2z.com/inspectorssmplugin/inventory/pacman.(*PackageManager).GetPythonPackageMetadataLocation(): located '92' metadata files for python packages installed via platform package manager
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:165 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).initialize(): extracted suffix from pattern "^/.*/[-.\w]+\.dist[-]info/METADATA$": "METADATA"
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:165 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).initialize(): extracted suffix from pattern "^/.*/[-.\w]+\.egg[-]info/PKG[-]INFO$": "INFO"
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:165 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).initialize(): extracted suffix from pattern "^/.*/EGG[-]INFO/PKG[-]INFO$": "INFO"
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:165 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).initialize(): extracted suffix from pattern "^(?:/.*)?/[-.\w]+\.egg[-]info$": "info"
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:165 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).initialize(): extracted suffix from pattern "^(?:/.*)?/.*\.war$": ".war"
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:165 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).initialize(): extracted suffix from pattern "^(?:/.*)?/.*\.ear$": ".ear"
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:165 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).initialize(): extracted suffix from pattern "^(?:/.*)?/.*\.par$": ".par"
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:165 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).initialize(): extracted suffix from pattern "^/.*/pom\.xml$": "pom.xml"
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:165 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).initialize(): extracted suffix from pattern "^(?:/.*)?/Pipfile\.lock$": "Pipfile.lock"
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:165 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).initialize(): extracted suffix from pattern "^(?:/.*)?/.*\.jar$": ".jar"
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:165 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).initialize(): extracted suffix from pattern "^/.*/package\.json$": "package.json"
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:165 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).initialize(): extracted suffix from pattern "^(?:/.*)?/[-\w]*requirements[-\w]*\.txt$": ".txt"
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:165 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).initialize(): extracted suffix from pattern "^(?:/.*)?/poetry[-\w]*?\.lock$": ".lock"
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/cpulimit/internal/cgroups/cgroupsv2_linux.go:37 golang.a2z.com/inspectorssmplugin/cpulimit/internal/cgroups.CgroupsCpuControllerV2.SetLimit(): cgroups-v2: setting cpu limit '65 pct'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/cpulimit/internal/cgroups/cgroupsv2_linux.go:74 golang.a2z.com/inspectorssmplugin/cpulimit/internal/cgroups.isCpuControllerAvailable(): cgroups-v2 available controllers: cpuset cpu io memory hugetlb pids misc

Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/cpulimit/internal/cgroups/cgroupsv2_linux.go:102 golang.a2z.com/inspectorssmplugin/cpulimit/internal/cgroups.isCpuControllerEnabledForChildGroup(): cgroups-v2 enabled controllers for child group: cpu memory pids

Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/cpulimit/internal/cgroups/cgroupsv2_linux.go:51 golang.a2z.com/inspectorssmplugin/cpulimit/internal/cgroups.CgroupsCpuControllerV2.SetLimit(): cgroups-v2 succeeded setting cpu limit
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/cpulimit/cpulimit_linux.go:25 golang.a2z.com/inspectorssmplugin/cpulimit.LimitCpuUsage(): cpu limit for the process is set to 65 pct
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/filefinder/filefinder.go:66 golang.a2z.com/inspectorssmplugin/bpm/filefinder.(*FileFinder).EnumerateFiles(): begin enumerating files with maxDepth=-1 maxDirectories=-1
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/filefinder/filefinder.go:68 golang.a2z.com/inspectorssmplugin/bpm/filefinder.(*FileFinder).EnumerateFiles():   root path: "/home/ec2-user"
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/filefinder/filefinder.go:68 golang.a2z.com/inspectorssmplugin/bpm/filefinder.(*FileFinder).EnumerateFiles():   root path: "/usr/lib"
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/filefinder/filefinder.go:68 golang.a2z.com/inspectorssmplugin/bpm/filefinder.(*FileFinder).EnumerateFiles():   root path: "/usr/lib64"
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/filefinder/filefinder.go:68 golang.a2z.com/inspectorssmplugin/bpm/filefinder.(*FileFinder).EnumerateFiles():   root path: "/usr/local/lib"
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/filefinder/filefinder.go:68 golang.a2z.com/inspectorssmplugin/bpm/filefinder.(*FileFinder).EnumerateFiles():   root path: "/usr/local/lib64"
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/filefinder/filefinder.go:76 golang.a2z.com/inspectorssmplugin/bpm/filefinder.(*FileFinder).EnumerateFiles(): scanning directory "/home/ec2-user"
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/filefinder/filefinder.go:84 golang.a2z.com/inspectorssmplugin/bpm/filefinder.(*FileFinder).EnumerateFiles(): scanned 27 directories under "/home/ec2-user"
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/filefinder/filefinder.go:76 golang.a2z.com/inspectorssmplugin/bpm/filefinder.(*FileFinder).EnumerateFiles(): scanning directory "/usr/lib"
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'configobj:5.0.6' at location '/usr/lib/python3.9/site-packages/configobj-5.0.6-py3.9.egg-info'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'sepolicy:3.4' at location '/usr/lib/python3.9/site-packages/sepolicy-3.4-py3.9.egg-info'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'aws-cfn-bootstrap:2.0' at location '/usr/lib/python3.9/site-packages/aws_cfn_bootstrap-2.0-py3.9.egg-info'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'ec2-hibinit-agent:1.0.2' at location '/usr/lib/python3.9/site-packages/ec2_hibinit_agent-1.0.2-py3.9.egg-info/PKG-INFO'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'support-info:1.0' at location '/usr/lib/python3.9/site-packages/support_info-1.0-py3.9.egg-info/PKG-INFO'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'release-notification:1.2' at location '/usr/lib/python3.9/site-packages/release_notification-1.2-py3.9.egg-info/PKG-INFO'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'awscli:2.9.19' at location '/usr/lib/python3.9/site-packages/awscli-2.9.19.dist-info/METADATA'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'cloud-init:22.2.2' at location '/usr/lib/python3.9/site-packages/cloud_init-22.2.2-py3.9.egg-info/PKG-INFO'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'jsonschema:3.2.0' at location '/usr/lib/python3.9/site-packages/jsonschema-3.2.0-py3.9.egg-info/PKG-INFO'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'attrs:20.3.0' at location '/usr/lib/python3.9/site-packages/attrs-20.3.0-py3.9.egg-info/PKG-INFO'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'requests:2.25.1' at location '/usr/lib/python3.9/site-packages/requests-2.25.1.dist-info/METADATA'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'urllib3:1.25.10' at location '/usr/lib/python3.9/site-packages/urllib3-1.25.10-py3.9.egg-info/PKG-INFO'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'PySocks:1.7.1' at location '/usr/lib/python3.9/site-packages/PySocks-1.7.1-py3.9.egg-info/PKG-INFO'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'oauthlib:3.0.2' at location '/usr/lib/python3.9/site-packages/oauthlib-3.0.2-py3.9.egg-info/PKG-INFO'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'jmespath:0.10.0' at location '/usr/lib/python3.9/site-packages/jmespath-0.10.0-py3.9.egg-info/PKG-INFO'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'pyserial:3.4' at location '/usr/lib/python3.9/site-packages/pyserial-3.4-py3.9.egg-info/PKG-INFO'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'prettytable:0.7.2' at location '/usr/lib/python3.9/site-packages/prettytable-0.7.2-py3.9.egg-info/PKG-INFO'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'jsonpatch:1.21' at location '/usr/lib/python3.9/site-packages/jsonpatch-1.21-py3.9.egg-info/PKG-INFO'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'jsonpointer:2.0' at location '/usr/lib/python3.9/site-packages/jsonpointer-2.0-py3.9.egg-info/PKG-INFO'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'chardet:4.0.0' at location '/usr/lib/python3.9/site-packages/chardet-4.0.0.dist-info/METADATA'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'colorama:0.4.4' at location '/usr/lib/python3.9/site-packages/colorama-0.4.4-py3.9.egg-info/PKG-INFO'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'pycparser:2.20' at location '/usr/lib/python3.9/site-packages/pycparser-2.20-py3.9.egg-info/PKG-INFO'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'ply:3.11' at location '/usr/lib/python3.9/site-packages/ply-3.11-py3.9.egg-info/PKG-INFO'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'python-daemon:2.3.0' at location '/usr/lib/python3.9/site-packages/python_daemon-2.3.0-py3.9.egg-info/PKG-INFO'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'lockfile:0.12.2' at location '/usr/lib/python3.9/site-packages/lockfile-0.12.2-py3.9.egg-info/PKG-INFO'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'Jinja2:2.11.3' at location '/usr/lib/python3.9/site-packages/Jinja2-2.11.3-py3.9.egg-info/PKG-INFO'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'Babel:2.9.1' at location '/usr/lib/python3.9/site-packages/Babel-2.9.1-py3.9.egg-info/PKG-INFO'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'pytz:2022.7.1' at location '/usr/lib/python3.9/site-packages/pytz-2022.7.1-py3.9.egg-info/PKG-INFO'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'prompt-toolkit:3.0.24' at location '/usr/lib/python3.9/site-packages/prompt_toolkit-3.0.24-py3.9.egg-info/PKG-INFO'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'wcwidth:0.2.5' at location '/usr/lib/python3.9/site-packages/wcwidth-0.2.5-py3.9.egg-info/PKG-INFO'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'chevron:0.13.1' at location '/usr/lib/python3.9/site-packages/chevron-0.13.1-py3.9.egg-info/PKG-INFO'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'docutils:0.16' at location '/usr/lib/python3.9/site-packages/docutils-0.16-py3.9.egg-info/PKG-INFO'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'idna:2.10' at location '/usr/lib/python3.9/site-packages/idna-2.10-py3.9.egg-info/PKG-INFO'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'ruamel.yaml:0.16.6' at location '/usr/lib/python3.9/site-packages/ruamel.yaml-0.16.6-py3.9.egg-info/PKG-INFO'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'python-dateutil:2.8.1' at location '/usr/lib/python3.9/site-packages/python_dateutil-2.8.1-py3.9.egg-info/PKG-INFO'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'distro:1.5.0' at location '/usr/lib/python3.9/site-packages/distro-1.5.0-py3.9.egg-info/PKG-INFO'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'six:1.15.0' at location '/usr/lib/python3.9/site-packages/six-1.15.0.dist-info/METADATA'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'setuptools:59.6.0' at location '/usr/lib/python3.9/site-packages/setuptools-59.6.0.dist-info/METADATA'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/filefinder/filefinder.go:84 golang.a2z.com/inspectorssmplugin/bpm/filefinder.(*FileFinder).EnumerateFiles(): scanned 2751 directories under "/usr/lib"
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/filefinder/filefinder.go:76 golang.a2z.com/inspectorssmplugin/bpm/filefinder.(*FileFinder).EnumerateFiles(): scanning directory "/usr/lib64"
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'selinux:3.4' at location '/usr/lib64/python3.9/site-packages/selinux-3.4-py3.9.egg-info'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'rpm:4.16.1.3' at location '/usr/lib64/python3.9/site-packages/rpm-4.16.1.3-py3.9.egg-info'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'gpg:1.15.1' at location '/usr/lib64/python3.9/site-packages/gpg-1.15.1-py3.9.egg-info'
Thu Apr 20 00:52:32 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'cryptography:36.0.1' at location '/usr/lib64/python3.9/site-packages/cryptography-36.0.1-py3.9.egg-info/PKG-INFO'
Thu Apr 20 00:52:33 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'cffi:1.14.5' at location '/usr/lib64/python3.9/site-packages/cffi-1.14.5-py3.9.egg-info/PKG-INFO'
Thu Apr 20 00:52:33 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'pyrsistent:0.17.3' at location '/usr/lib64/python3.9/site-packages/pyrsistent-0.17.3-py3.9.egg-info/PKG-INFO'
Thu Apr 20 00:52:33 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'netifaces:0.10.6' at location '/usr/lib64/python3.9/site-packages/netifaces-0.10.6-py3.9.egg-info/PKG-INFO'
Thu Apr 20 00:52:33 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'PyYAML:5.4.1' at location '/usr/lib64/python3.9/site-packages/PyYAML-5.4.1-py3.9.egg-info/PKG-INFO'
Thu Apr 20 00:52:33 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'setools:4.4.0' at location '/usr/lib64/python3.9/site-packages/setools-4.4.0-py3.9.egg-info/PKG-INFO'
Thu Apr 20 00:52:33 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'awscrt:0.16.7' at location '/usr/lib64/python3.9/site-packages/awscrt-0.16.7.dist-info/METADATA'
Thu Apr 20 00:52:33 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'libcomps:0.1.18' at location '/usr/lib64/python3.9/site-packages/libcomps-0.1.18-py3.9.egg-info/PKG-INFO'
Thu Apr 20 00:52:33 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'MarkupSafe:1.1.1' at location '/usr/lib64/python3.9/site-packages/MarkupSafe-1.1.1-py3.9.egg-info/PKG-INFO'
Thu Apr 20 00:52:33 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'ruamel.yaml.clib:0.1.2' at location '/usr/lib64/python3.9/site-packages/ruamel.yaml.clib-0.1.2-py3.9.egg-info/PKG-INFO'
Thu Apr 20 00:52:33 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/scanner/scanner.go:202 golang.a2z.com/inspectorssmplugin/bpm/scanner.(*Scanner).processFiles(): reject package 'dbus-python:1.2.18' at location '/usr/lib64/python3.9/site-packages/dbus_python-1.2.18-py3.9.egg-info/PKG-INFO'
Thu Apr 20 00:52:33 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/filefinder/filefinder.go:84 golang.a2z.com/inspectorssmplugin/bpm/filefinder.(*FileFinder).EnumerateFiles(): scanned 290 directories under "/usr/lib64"
Thu Apr 20 00:52:33 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/filefinder/filefinder.go:76 golang.a2z.com/inspectorssmplugin/bpm/filefinder.(*FileFinder).EnumerateFiles(): scanning directory "/usr/local/lib"
Thu Apr 20 00:52:33 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/filefinder/filefinder.go:84 golang.a2z.com/inspectorssmplugin/bpm/filefinder.(*FileFinder).EnumerateFiles(): scanned 1 directories under "/usr/local/lib"
Thu Apr 20 00:52:33 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/filefinder/filefinder.go:76 golang.a2z.com/inspectorssmplugin/bpm/filefinder.(*FileFinder).EnumerateFiles(): scanning directory "/usr/local/lib64"
Thu Apr 20 00:52:33 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/bpm/filefinder/filefinder.go:84 golang.a2z.com/inspectorssmplugin/bpm/filefinder.(*FileFinder).EnumerateFiles(): scanned 2 directories under "/usr/local/lib64"
Thu Apr 20 00:52:33 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/cmd/bpm.go:183 golang.a2z.com/inspectorssmplugin/cmd.ExecBpmScan(): submitting packages findings as inventory report
Thu Apr 20 00:52:33 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/identity/identity.go:44 golang.a2z.com/inspectorssmplugin/identity.NewIdentity(): ec2 metadata region=us-east-1 instance-id=i-05fe2d212f05e9ed7 instance-type=t3.micro
Thu Apr 20 00:52:33 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/identity/identity.go:82 golang.a2z.com/inspectorssmplugin/identity.(*Identity).Credentials(): use ec2 role provider for credentials
Thu Apr 20 00:52:33 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/inventory/bpm.go:89 golang.a2z.com/inspectorssmplugin/inventory.PackagesInventory.PublishPackages(): post inventory request for 206 packages with hash 'e76f9d788ffb60d5d4c75167339a281e'
Thu Apr 20 00:52:33 2023 UTC scitor [email protected]:0 [ERROR] MandoSecurityContentEvaluator/inventory/inventory.go:129 golang.a2z.com/inspectorssmplugin/inventory.sendReport(): failed to report inventory via ssm PutInventory: operation error SSM: PutInventory, https response error StatusCode: 400, RequestID: 3f4cfa07-2097-4ed8-b8ba-185e0f696d9f, ItemContentMismatchException: Content hash did not match, please try again with updated Content and ContentHash.
Thu Apr 20 00:52:33 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/inventory/bpm.go:98 golang.a2z.com/inspectorssmplugin/inventory.PackagesInventory.PublishPackages(): resend inventory request with content per service response: operation error SSM: PutInventory, https response error StatusCode: 400, RequestID: 3f4cfa07-2097-4ed8-b8ba-185e0f696d9f, ItemContentMismatchException: Content hash did not match, please try again with updated Content and ContentHash.
Thu Apr 20 00:52:33 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/inventory/bpm.go:104 golang.a2z.com/inspectorssmplugin/inventory.PackagesInventory.PublishPackages(): succeeded posting package collection inventory item
Thu Apr 20 00:52:33 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/identity/identity.go:44 golang.a2z.com/inspectorssmplugin/identity.NewIdentity(): ec2 metadata region=us-east-1 instance-id=i-05fe2d212f05e9ed7 instance-type=t3.micro
Thu Apr 20 00:52:33 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/identity/identity.go:82 golang.a2z.com/inspectorssmplugin/identity.(*Identity).Credentials(): use ec2 role provider for credentials
Thu Apr 20 00:52:33 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/cmd/bpm.go:359 golang.a2z.com/inspectorssmplugin/cmd.logStats(): scan elapsed(ms)=199 directories=3071 files=21427 packages=206
Thu Apr 20 00:52:33 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/cmd/bpm.go:363 golang.a2z.com/inspectorssmplugin/cmd.logStats(): scan cpu pct samples=2 histogram=[0 0 0 0 0 0 50 0 0 50]
Thu Apr 20 00:52:33 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/cmd/bpm.go:367 golang.a2z.com/inspectorssmplugin/cmd.logStats(): scan mem pct samples=4 histogram=[100 0 0 0 0 0 0 0 0 0]
Thu Apr 20 00:52:33 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/cmd/bpm.go:218 golang.a2z.com/inspectorssmplugin/cmd.ExecBpmScan(): packages scan completed
Thu Apr 20 00:52:34 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/appconfig/appconfig.go:144 golang.a2z.com/inspectorssmplugin/appconfig.CleanupLogs(): logs cleanup started
Thu Apr 20 00:52:34 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/appconfig/appconfig.go:166 golang.a2z.com/inspectorssmplugin/appconfig.CleanupLogs(): number of log files 1 is less than or equal the limit 7
Thu Apr 20 00:52:34 2023 UTC scitor [email protected]:0 [INFO] MandoSecurityContentEvaluator/appconfig/appconfig.go:169 golang.a2z.com/inspectorssmplugin/appconfig.CleanupLogs(): logs cleanup completed

ディープインスペクションが実行されたタイミングで1回、手動でのスキャンで2回実行しているため3回分のログが1つのログファイルに出力されていました。

ログからどのパスをスキャンしたのか、各パス配下でスキャンしたディレクトリの数、スキャン対象のパス配下にインストールされているパッケージだが情報を収集しなかったものなどの情報を確認できますね。

プログラミング言語のパッケージマネージャーを使用している場合は今すぐ有効化しよう

Amazon Inspectorがプログラミング言語のパッケージマネージャーからインストールしたパッケージの脆弱性を検出できるようになったアップデートを紹介しました。

追加料金もかからないですし、プログラミング言語のパッケージマネージャーを使用している場合は今すぐディープインスペクションを有効化して損はなさそうですね。

今後はPHPやRubyなど対応言語が増えると良いですね。

ただ、SSMプラグインを実行すると指定したパス配下を走査するため、当然ながらCPUやメモリ使用率に影響があるかと想像します。そのため、カスタムパスを/など非常に広い範囲にしてしまうと大量のディレクトリをスキャンすることになるため控えた方が良いと考えます。

この記事が誰かの助けになれば幸いです。

以上、AWS事業本部 コンサルティング部の のんピ(@non____97)でした!

Share this article

facebook logohatena logotwitter logo

© Classmethod, Inc. All rights reserved.