aws-lambda-nodejs: CDK Lambda/Inspector incompatibility #31493
Labels
@aws-cdk/aws-lambda
Related to AWS Lambda
@aws-cdk/aws-lambda-nodejs
effort/medium
Medium work item – several days of effort
feature-request
A feature should be added or improved.
p2
Comments
rtejwani1309
added
feature-request
pahud
added
p2
and removed
needs-triage
|
Thank you for the use case and workaround sharing. I'm making it a p2. Please help us prioritize with 👍 . |
pahud
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the feature
NodejsFunction construct in CDK for provisioning Lambdas uses esbuild to bundle the source code. This is a pattern that many follow which is in accordance with AWS guidance/documentation.
The Inspector service can not get successful scans for these functions as its SBOM generator tool is expecting a node_modules directory to determine the dependencies for the function. This results in an empty 'components' array in the SBOM file (CycloneDX format) and thus Inspector reports no vulnerabilities for the function.
Although it is possible to use a command hook to re-create the required node_modules directory structure, this shouldn't be a requirement for teams to handle by themselves.
Use Case
The feature request is to improve the compatibility between Lambdas that are provisioned by CDK and the Inspector service. This should have the effect that Inspector can successfully find dependencies for these functions and therefore provide accurate vulnerability information.
Proposed Solution
No response
Other Information
No response
Acknowledgements
CDK version used
2.158.0
Environment details (OS name and version, etc.)
MacOs
The text was updated successfully, but these errors were encountered: