Amazon CodeGuru Security 2018-05-10
- Client: Aws\CodeGuruSecurity\CodeGuruSecurityClient
- Service ID: codeguru-security
- Version: 2018-05-10
This page describes the parameters and results for the operations of the Amazon CodeGuru Security (2018-05-10), and shows how to use the Aws\CodeGuruSecurity\CodeGuruSecurityClient object to call the described operations. This documentation is specific to the 2018-05-10 API version of the service.
Operation Summary
Each of the following operations can be created from a client using
$client->getCommand('CommandName')
, where "CommandName" is the
name of one of the following operations. Note: a command is a value that
encapsulates an operation and the parameters used to create an HTTP request.
You can also create and send a command immediately using the magic methods
available on a client object: $client->commandName(/* parameters */)
.
You can send the command asynchronously (returning a promise) by appending the
word "Async" to the operation name: $client->commandNameAsync(/* parameters */)
.
- BatchGetFindings ( array $params = [] )
Returns a list of all requested findings.
- CreateScan ( array $params = [] )
Use to create a scan using code uploaded to an S3 bucket.
- CreateUploadUrl ( array $params = [] )
Generates a pre-signed URL and request headers used to upload a code resource.
- GetAccountConfiguration ( array $params = [] )
Use to get account level configuration.
- GetFindings ( array $params = [] )
Returns a list of all findings generated by a particular scan.
- GetMetricsSummary ( array $params = [] )
Returns top level metrics about an account from a specified date, including number of open findings, the categories with most findings, the scans with most open findings, and scans with most open critical findings.
- GetScan ( array $params = [] )
Returns details about a scan, including whether or not a scan has completed.
- ListFindingsMetrics ( array $params = [] )
Returns metrics about all findings in an account within a specified time range.
- ListScans ( array $params = [] )
Returns a list of all the standard scans in an account.
- ListTagsForResource ( array $params = [] )
Returns a list of all tags associated with a scan.
- TagResource ( array $params = [] )
Use to add one or more tags to an existing scan.
- UntagResource ( array $params = [] )
Use to remove one or more tags from an existing scan.
- UpdateAccountConfiguration ( array $params = [] )
Use to update account-level configuration with an encryption key.
Paginators
Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:
Operations
BatchGetFindings
$result = $client->batchGetFindings
([/* ... */]); $promise = $client->batchGetFindingsAsync
([/* ... */]);
Returns a list of all requested findings.
Parameter Syntax
$result = $client->batchGetFindings([ 'findingIdentifiers' => [ // REQUIRED [ 'findingId' => '<string>', // REQUIRED 'scanName' => '<string>', // REQUIRED ], // ... ], ]);
Parameter Details
Members
- findingIdentifiers
-
- Required: Yes
- Type: Array of FindingIdentifier structures
A list of finding identifiers. Each identifier consists of a
scanName
and afindingId
. You retrieve thefindingId
when you callGetFindings
.
Result Syntax
[ 'failedFindings' => [ [ 'errorCode' => 'DUPLICATE_IDENTIFIER|ITEM_DOES_NOT_EXIST|INTERNAL_ERROR|INVALID_FINDING_ID|INVALID_SCAN_NAME', 'findingId' => '<string>', 'message' => '<string>', 'scanName' => '<string>', ], // ... ], 'findings' => [ [ 'createdAt' => <DateTime>, 'description' => '<string>', 'detectorId' => '<string>', 'detectorName' => '<string>', 'detectorTags' => ['<string>', ...], 'generatorId' => '<string>', 'id' => '<string>', 'remediation' => [ 'recommendation' => [ 'text' => '<string>', 'url' => '<string>', ], 'suggestedFixes' => [ [ 'code' => '<string>', 'description' => '<string>', ], // ... ], ], 'resource' => [ 'id' => '<string>', 'subResourceId' => '<string>', ], 'ruleId' => '<string>', 'severity' => 'Critical|High|Medium|Low|Info', 'status' => 'Closed|Open|All', 'title' => '<string>', 'type' => '<string>', 'updatedAt' => <DateTime>, 'vulnerability' => [ 'filePath' => [ 'codeSnippet' => [ [ 'content' => '<string>', 'number' => <integer>, ], // ... ], 'endLine' => <integer>, 'name' => '<string>', 'path' => '<string>', 'startLine' => <integer>, ], 'id' => '<string>', 'itemCount' => <integer>, 'referenceUrls' => ['<string>', ...], 'relatedVulnerabilities' => ['<string>', ...], ], ], // ... ], ]
Result Details
Members
- failedFindings
-
- Required: Yes
- Type: Array of BatchGetFindingsError structures
A list of errors for individual findings which were not fetched. Each BatchGetFindingsError contains the
scanName
,findingId
,errorCode
and errormessage
. - findings
-
- Required: Yes
- Type: Array of Finding structures
A list of all requested findings.
Errors
-
The server encountered an internal error and is unable to complete the request.
-
The request was denied due to request throttling.
-
The input fails to satisfy the specified constraints.
-
You do not have sufficient access to perform this action.
CreateScan
$result = $client->createScan
([/* ... */]); $promise = $client->createScanAsync
([/* ... */]);
Use to create a scan using code uploaded to an S3 bucket.
Parameter Syntax
$result = $client->createScan([ 'analysisType' => 'Security|All', 'clientToken' => '<string>', 'resourceId' => [ // REQUIRED 'codeArtifactId' => '<string>', ], 'scanName' => '<string>', // REQUIRED 'scanType' => 'Standard|Express', 'tags' => ['<string>', ...], ]);
Parameter Details
Members
- analysisType
-
- Type: string
The type of analysis you want CodeGuru Security to perform in the scan, either
Security
orAll
. TheSecurity
type only generates findings related to security. TheAll
type generates both security findings and quality findings. Defaults toSecurity
type if missing. - clientToken
-
- Type: string
The idempotency token for the request. Amazon CodeGuru Security uses this value to prevent the accidental creation of duplicate scans if there are failures and retries.
- resourceId
-
- Required: Yes
- Type: ResourceId structure
The identifier for an input resource used to create a scan.
- scanName
-
- Required: Yes
- Type: string
The unique name that CodeGuru Security uses to track revisions across multiple scans of the same resource. Only allowed for a
STANDARD
scan type. If not specified, it will be auto generated. - scanType
-
- Type: string
The type of scan, either
Standard
orExpress
. Defaults toStandard
type if missing.Express
scans run on limited resources and use a limited set of detectors to analyze your code in near-real time.Standard
scans have standard resource limits and use the full set of detectors to analyze your code. - tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
An array of key-value pairs used to tag a scan. A tag is a custom attribute label with two parts:
-
A tag key. For example,
CostCenter
,Environment
, orSecret
. Tag keys are case sensitive. -
An optional tag value field. For example,
111122223333
,Production
, or a team name. Omitting the tag value is the same as using an empty string. Tag values are case sensitive.
Result Syntax
[ 'resourceId' => [ 'codeArtifactId' => '<string>', ], 'runId' => '<string>', 'scanName' => '<string>', 'scanNameArn' => '<string>', 'scanState' => 'InProgress|Successful|Failed', ]
Result Details
Members
- resourceId
-
- Required: Yes
- Type: ResourceId structure
The identifier for the resource object that contains resources that were scanned.
- runId
-
- Required: Yes
- Type: string
UUID that identifies the individual scan run.
- scanName
-
- Required: Yes
- Type: string
The name of the scan.
- scanNameArn
-
- Type: string
The ARN for the scan name.
- scanState
-
- Required: Yes
- Type: string
The current state of the scan. Returns either
InProgress
,Successful
, orFailed
.
Errors
-
The server encountered an internal error and is unable to complete the request.
-
The requested operation would cause a conflict with the current state of a service resource associated with the request. Resolve the conflict before retrying this request.
-
The resource specified in the request was not found.
-
The request was denied due to request throttling.
-
The input fails to satisfy the specified constraints.
-
You do not have sufficient access to perform this action.
CreateUploadUrl
$result = $client->createUploadUrl
([/* ... */]); $promise = $client->createUploadUrlAsync
([/* ... */]);
Generates a pre-signed URL and request headers used to upload a code resource.
You can upload your code resource to the URL and add the request headers using any HTTP client.
Parameter Syntax
$result = $client->createUploadUrl([ 'scanName' => '<string>', // REQUIRED ]);
Parameter Details
Members
- scanName
-
- Required: Yes
- Type: string
The name of the scan that will use the uploaded resource. CodeGuru Security uses the unique scan name to track revisions across multiple scans of the same resource. Use this
scanName
when you callCreateScan
on the code resource you upload to this URL.
Result Syntax
[ 'codeArtifactId' => '<string>', 'requestHeaders' => ['<string>', ...], 's3Url' => '<string>', ]
Result Details
Members
- codeArtifactId
-
- Required: Yes
- Type: string
The identifier for the uploaded code resource.
- requestHeaders
-
- Required: Yes
- Type: Associative array of custom strings keys (HeaderKey) to strings
A set of key-value pairs that contain the required headers when uploading your resource.
- s3Url
-
- Required: Yes
- Type: string
A pre-signed S3 URL. You can upload the code file you want to scan and add the required
requestHeaders
using any HTTP client.
Errors
-
The server encountered an internal error and is unable to complete the request.
-
The request was denied due to request throttling.
-
The input fails to satisfy the specified constraints.
-
You do not have sufficient access to perform this action.
GetAccountConfiguration
$result = $client->getAccountConfiguration
([/* ... */]); $promise = $client->getAccountConfigurationAsync
([/* ... */]);
Use to get account level configuration.
Parameter Syntax
$result = $client->getAccountConfiguration([ ]);
Parameter Details
Members
Result Syntax
[ 'encryptionConfig' => [ 'kmsKeyArn' => '<string>', ], ]
Result Details
Members
- encryptionConfig
-
- Required: Yes
- Type: EncryptionConfig structure
An
EncryptionConfig
object that contains the KMS key ARN to use for encryption. By default, CodeGuru Security uses an AWS-managed key for encryption. To specify your own key, callUpdateAccountConfiguration
.
Errors
-
The server encountered an internal error and is unable to complete the request.
-
The request was denied due to request throttling.
-
The input fails to satisfy the specified constraints.
-
You do not have sufficient access to perform this action.
GetFindings
$result = $client->getFindings
([/* ... */]); $promise = $client->getFindingsAsync
([/* ... */]);
Returns a list of all findings generated by a particular scan.
Parameter Syntax
$result = $client->getFindings([ 'maxResults' => <integer>, 'nextToken' => '<string>', 'scanName' => '<string>', // REQUIRED 'status' => 'Closed|Open|All', ]);
Parameter Details
Members
- maxResults
-
- Type: int
The maximum number of results to return in the response. Use this parameter when paginating results. If additional results exist beyond the number you specify, the
nextToken
element is returned in the response. UsenextToken
in a subsequent request to retrieve additional results. - nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the
nextToken
value returned from the previous request to continue listing results after the first page. - scanName
-
- Required: Yes
- Type: string
The name of the scan you want to retrieve findings from.
- status
-
- Type: string
The status of the findings you want to get. Pass either
Open
,Closed
, orAll
.
Result Syntax
[ 'findings' => [ [ 'createdAt' => <DateTime>, 'description' => '<string>', 'detectorId' => '<string>', 'detectorName' => '<string>', 'detectorTags' => ['<string>', ...], 'generatorId' => '<string>', 'id' => '<string>', 'remediation' => [ 'recommendation' => [ 'text' => '<string>', 'url' => '<string>', ], 'suggestedFixes' => [ [ 'code' => '<string>', 'description' => '<string>', ], // ... ], ], 'resource' => [ 'id' => '<string>', 'subResourceId' => '<string>', ], 'ruleId' => '<string>', 'severity' => 'Critical|High|Medium|Low|Info', 'status' => 'Closed|Open|All', 'title' => '<string>', 'type' => '<string>', 'updatedAt' => <DateTime>, 'vulnerability' => [ 'filePath' => [ 'codeSnippet' => [ [ 'content' => '<string>', 'number' => <integer>, ], // ... ], 'endLine' => <integer>, 'name' => '<string>', 'path' => '<string>', 'startLine' => <integer>, ], 'id' => '<string>', 'itemCount' => <integer>, 'referenceUrls' => ['<string>', ...], 'relatedVulnerabilities' => ['<string>', ...], ], ], // ... ], 'nextToken' => '<string>', ]
Result Details
Members
- findings
-
- Type: Array of Finding structures
A list of findings generated by the specified scan.
- nextToken
-
- Type: string
A pagination token. You can use this in future calls to
GetFindings
to continue listing results after the current page.
Errors
-
The server encountered an internal error and is unable to complete the request.
-
The requested operation would cause a conflict with the current state of a service resource associated with the request. Resolve the conflict before retrying this request.
-
The resource specified in the request was not found.
-
The request was denied due to request throttling.
-
The input fails to satisfy the specified constraints.
-
You do not have sufficient access to perform this action.
GetMetricsSummary
$result = $client->getMetricsSummary
([/* ... */]); $promise = $client->getMetricsSummaryAsync
([/* ... */]);
Returns top level metrics about an account from a specified date, including number of open findings, the categories with most findings, the scans with most open findings, and scans with most open critical findings.
Parameter Syntax
$result = $client->getMetricsSummary([ 'date' => <integer || string || DateTime>, // REQUIRED ]);
Parameter Details
Members
- date
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date you want to retrieve summary metrics from, rounded to the nearest day. The date must be within the past two years since metrics data is only stored for two years. If a date outside of this range is passed, the response will be empty.
Result Syntax
[ 'metricsSummary' => [ 'categoriesWithMostFindings' => [ [ 'categoryName' => '<string>', 'findingNumber' => <integer>, ], // ... ], 'date' => <DateTime>, 'openFindings' => [ 'critical' => <float>, 'high' => <float>, 'info' => <float>, 'low' => <float>, 'medium' => <float>, ], 'scansWithMostOpenCriticalFindings' => [ [ 'findingNumber' => <integer>, 'scanName' => '<string>', ], // ... ], 'scansWithMostOpenFindings' => [ [ 'findingNumber' => <integer>, 'scanName' => '<string>', ], // ... ], ], ]
Result Details
Members
- metricsSummary
-
- Type: MetricsSummary structure
The summary metrics from the specified date.
Errors
-
The server encountered an internal error and is unable to complete the request.
-
The request was denied due to request throttling.
-
The input fails to satisfy the specified constraints.
-
You do not have sufficient access to perform this action.
GetScan
$result = $client->getScan
([/* ... */]); $promise = $client->getScanAsync
([/* ... */]);
Returns details about a scan, including whether or not a scan has completed.
Parameter Syntax
$result = $client->getScan([ 'runId' => '<string>', 'scanName' => '<string>', // REQUIRED ]);
Parameter Details
Members
- runId
-
- Type: string
UUID that identifies the individual scan run you want to view details about. You retrieve this when you call the
CreateScan
operation. Defaults to the latest scan run if missing. - scanName
-
- Required: Yes
- Type: string
The name of the scan you want to view details about.
Result Syntax
[ 'analysisType' => 'Security|All', 'createdAt' => <DateTime>, 'numberOfRevisions' => <integer>, 'runId' => '<string>', 'scanName' => '<string>', 'scanNameArn' => '<string>', 'scanState' => 'InProgress|Successful|Failed', 'updatedAt' => <DateTime>, ]
Result Details
Members
- analysisType
-
- Required: Yes
- Type: string
The type of analysis CodeGuru Security performed in the scan, either
Security
orAll
. TheSecurity
type only generates findings related to security. TheAll
type generates both security findings and quality findings. - createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time the scan was created.
- numberOfRevisions
-
- Type: long (int|float)
The number of times a scan has been re-run on a revised resource.
- runId
-
- Required: Yes
- Type: string
UUID that identifies the individual scan run.
- scanName
-
- Required: Yes
- Type: string
The name of the scan.
- scanNameArn
-
- Type: string
The ARN for the scan name.
- scanState
-
- Required: Yes
- Type: string
The current state of the scan. Pass either
InProgress
,Successful
, orFailed
. - updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time when the scan was last updated. Only available for
STANDARD
scan types.
Errors
-
The server encountered an internal error and is unable to complete the request.
-
The resource specified in the request was not found.
-
The request was denied due to request throttling.
-
You do not have sufficient access to perform this action.
ListFindingsMetrics
$result = $client->listFindingsMetrics
([/* ... */]); $promise = $client->listFindingsMetricsAsync
([/* ... */]);
Returns metrics about all findings in an account within a specified time range.
Parameter Syntax
$result = $client->listFindingsMetrics([ 'endDate' => <integer || string || DateTime>, // REQUIRED 'maxResults' => <integer>, 'nextToken' => '<string>', 'startDate' => <integer || string || DateTime>, // REQUIRED ]);
Parameter Details
Members
- endDate
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The end date of the interval which you want to retrieve metrics from.
- maxResults
-
- Type: int
The maximum number of results to return in the response. Use this parameter when paginating results. If additional results exist beyond the number you specify, the
nextToken
element is returned in the response. UsenextToken
in a subsequent request to retrieve additional results. - nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the
nextToken
value returned from the previous request to continue listing results after the first page. - startDate
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The start date of the interval which you want to retrieve metrics from.
Result Syntax
[ 'findingsMetrics' => [ [ 'closedFindings' => [ 'critical' => <float>, 'high' => <float>, 'info' => <float>, 'low' => <float>, 'medium' => <float>, ], 'date' => <DateTime>, 'meanTimeToClose' => [ 'critical' => <float>, 'high' => <float>, 'info' => <float>, 'low' => <float>, 'medium' => <float>, ], 'newFindings' => [ 'critical' => <float>, 'high' => <float>, 'info' => <float>, 'low' => <float>, 'medium' => <float>, ], 'openFindings' => [ 'critical' => <float>, 'high' => <float>, 'info' => <float>, 'low' => <float>, 'medium' => <float>, ], ], // ... ], 'nextToken' => '<string>', ]
Result Details
Members
- findingsMetrics
-
- Type: Array of AccountFindingsMetric structures
A list of
AccountFindingsMetric
objects retrieved from the specified time interval. - nextToken
-
- Type: string
A pagination token. You can use this in future calls to
ListFindingMetrics
to continue listing results after the current page.
Errors
-
The server encountered an internal error and is unable to complete the request.
-
The request was denied due to request throttling.
-
The input fails to satisfy the specified constraints.
-
You do not have sufficient access to perform this action.
ListScans
$result = $client->listScans
([/* ... */]); $promise = $client->listScansAsync
([/* ... */]);
Returns a list of all the standard scans in an account. Does not return express scans.
Parameter Syntax
$result = $client->listScans([ 'maxResults' => <integer>, 'nextToken' => '<string>', ]);
Parameter Details
Members
- maxResults
-
- Type: int
The maximum number of results to return in the response. Use this parameter when paginating results. If additional results exist beyond the number you specify, the
nextToken
element is returned in the response. UsenextToken
in a subsequent request to retrieve additional results. - nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the
nextToken
value returned from the previous request to continue listing results after the first page.
Result Syntax
[ 'nextToken' => '<string>', 'summaries' => [ [ 'createdAt' => <DateTime>, 'runId' => '<string>', 'scanName' => '<string>', 'scanNameArn' => '<string>', 'scanState' => 'InProgress|Successful|Failed', 'updatedAt' => <DateTime>, ], // ... ], ]
Result Details
Members
- nextToken
-
- Type: string
A pagination token. You can use this in future calls to
ListScans
to continue listing results after the current page. - summaries
-
- Type: Array of ScanSummary structures
A list of
ScanSummary
objects with information about all scans in an account.
Errors
-
The server encountered an internal error and is unable to complete the request.
-
The request was denied due to request throttling.
-
The input fails to satisfy the specified constraints.
-
You do not have sufficient access to perform this action.
ListTagsForResource
$result = $client->listTagsForResource
([/* ... */]); $promise = $client->listTagsForResourceAsync
([/* ... */]);
Returns a list of all tags associated with a scan.
Parameter Syntax
$result = $client->listTagsForResource([ 'resourceArn' => '<string>', // REQUIRED ]);
Parameter Details
Members
- resourceArn
-
- Required: Yes
- Type: string
The ARN of the
ScanName
object. You can retrieve this ARN by callingListScans
orGetScan
.
Result Syntax
[ 'tags' => ['<string>', ...], ]
Result Details
Members
- tags
-
- Type: Associative array of custom strings keys (TagKey) to strings
An array of key-value pairs used to tag an existing scan. A tag is a custom attribute label with two parts:
-
A tag key. For example,
CostCenter
,Environment
, orSecret
. Tag keys are case sensitive. -
An optional tag value field. For example,
111122223333
,Production
, or a team name. Omitting the tag value is the same as using an empty string. Tag values are case sensitive.
Errors
-
The server encountered an internal error and is unable to complete the request.
-
The requested operation would cause a conflict with the current state of a service resource associated with the request. Resolve the conflict before retrying this request.
-
The resource specified in the request was not found.
-
The request was denied due to request throttling.
-
The input fails to satisfy the specified constraints.
-
You do not have sufficient access to perform this action.
TagResource
$result = $client->tagResource
([/* ... */]); $promise = $client->tagResourceAsync
([/* ... */]);
Use to add one or more tags to an existing scan.
Parameter Syntax
$result = $client->tagResource([ 'resourceArn' => '<string>', // REQUIRED 'tags' => ['<string>', ...], // REQUIRED ]);
Parameter Details
Members
- resourceArn
-
- Required: Yes
- Type: string
The ARN of the
ScanName
object. You can retrieve this ARN by callingListScans
orGetScan
. - tags
-
- Required: Yes
- Type: Associative array of custom strings keys (TagKey) to strings
An array of key-value pairs used to tag an existing scan. A tag is a custom attribute label with two parts:
-
A tag key. For example,
CostCenter
,Environment
, orSecret
. Tag keys are case sensitive. -
An optional tag value field. For example,
111122223333
,Production
, or a team name. Omitting the tag value is the same as using an empty string. Tag values are case sensitive.
Result Syntax
[]
Result Details
Errors
-
The server encountered an internal error and is unable to complete the request.
-
The requested operation would cause a conflict with the current state of a service resource associated with the request. Resolve the conflict before retrying this request.
-
The resource specified in the request was not found.
-
The request was denied due to request throttling.
-
The input fails to satisfy the specified constraints.
-
You do not have sufficient access to perform this action.
UntagResource
$result = $client->untagResource
([/* ... */]); $promise = $client->untagResourceAsync
([/* ... */]);
Use to remove one or more tags from an existing scan.
Parameter Syntax
$result = $client->untagResource([ 'resourceArn' => '<string>', // REQUIRED 'tagKeys' => ['<string>', ...], // REQUIRED ]);
Parameter Details
Members
- resourceArn
-
- Required: Yes
- Type: string
The ARN of the
ScanName
object. You can retrieve this ARN by callingListScans
orGetScan
. - tagKeys
-
- Required: Yes
- Type: Array of strings
A list of keys for each tag you want to remove from a scan.
Result Syntax
[]
Result Details
Errors
-
The server encountered an internal error and is unable to complete the request.
-
The requested operation would cause a conflict with the current state of a service resource associated with the request. Resolve the conflict before retrying this request.
-
The resource specified in the request was not found.
-
The request was denied due to request throttling.
-
The input fails to satisfy the specified constraints.
-
You do not have sufficient access to perform this action.
UpdateAccountConfiguration
$result = $client->updateAccountConfiguration
([/* ... */]); $promise = $client->updateAccountConfigurationAsync
([/* ... */]);
Use to update account-level configuration with an encryption key.
Parameter Syntax
$result = $client->updateAccountConfiguration([ 'encryptionConfig' => [ // REQUIRED 'kmsKeyArn' => '<string>', ], ]);
Parameter Details
Members
- encryptionConfig
-
- Required: Yes
- Type: EncryptionConfig structure
The KMS key ARN you want to use for encryption. Defaults to service-side encryption if missing.
Result Syntax
[ 'encryptionConfig' => [ 'kmsKeyArn' => '<string>', ], ]
Result Details
Members
- encryptionConfig
-
- Required: Yes
- Type: EncryptionConfig structure
An
EncryptionConfig
object that contains the KMS key ARN to use for encryption.
Errors
-
The server encountered an internal error and is unable to complete the request.
-
The resource specified in the request was not found.
-
The request was denied due to request throttling.
-
The input fails to satisfy the specified constraints.
-
You do not have sufficient access to perform this action.
Shapes
AccessDeniedException
Description
You do not have sufficient access to perform this action.
Members
- errorCode
-
- Required: Yes
- Type: string
The identifier for the error.
- message
-
- Required: Yes
- Type: string
Description of the error.
- resourceId
-
- Type: string
The identifier for the resource you don't have access to.
- resourceType
-
- Type: string
The type of resource you don't have access to.
AccountFindingsMetric
Description
A summary of findings metrics in an account.
Members
- closedFindings
-
- Type: FindingMetricsValuePerSeverity structure
The number of closed findings of each severity in an account on the specified date.
- date
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date from which the finding metrics were retrieved.
- meanTimeToClose
-
- Type: FindingMetricsValuePerSeverity structure
The average time it takes to close findings of each severity in days.
- newFindings
-
- Type: FindingMetricsValuePerSeverity structure
The number of new findings of each severity in account on the specified date.
- openFindings
-
- Type: FindingMetricsValuePerSeverity structure
The number of open findings of each severity in an account as of the specified date.
BatchGetFindingsError
Description
Contains information about the error that caused a finding to fail to be retrieved.
Members
- errorCode
-
- Required: Yes
- Type: string
A code associated with the type of error.
- findingId
-
- Required: Yes
- Type: string
The finding ID of the finding that was not fetched.
- message
-
- Required: Yes
- Type: string
Describes the error.
- scanName
-
- Required: Yes
- Type: string
The name of the scan that generated the finding.
CategoryWithFindingNum
Description
Information about a finding category with open findings.
Members
- categoryName
-
- Type: string
The name of the finding category. A finding category is determined by the detector that detected the finding.
- findingNumber
-
- Type: int
The number of open findings in the category.
CodeLine
Description
The line of code where a finding was detected.
Members
- content
-
- Type: string
The code that contains a vulnerability.
- number
-
- Type: int
The code line number.
ConflictException
Description
The requested operation would cause a conflict with the current state of a service resource associated with the request. Resolve the conflict before retrying this request.
Members
- errorCode
-
- Required: Yes
- Type: string
The identifier for the error.
- message
-
- Required: Yes
- Type: string
Description of the error.
- resourceId
-
- Required: Yes
- Type: string
The identifier for the service resource associated with the request.
- resourceType
-
- Required: Yes
- Type: string
The type of resource associated with the request.
EncryptionConfig
Description
Information about account-level configuration.
Members
- kmsKeyArn
-
- Type: string
The KMS key ARN to use for encryption. This must be provided as a header when uploading your code resource.
FilePath
Description
Information about the location of security vulnerabilities that Amazon CodeGuru Security detected in your code.
Members
- codeSnippet
-
- Type: Array of CodeLine structures
A list of
CodeLine
objects that describe where the security vulnerability appears in your code. - endLine
-
- Type: int
The last line number of the code snippet where the security vulnerability appears in your code.
- name
-
- Type: string
The name of the file.
- path
-
- Type: string
The path to the resource with the security vulnerability.
- startLine
-
- Type: int
The first line number of the code snippet where the security vulnerability appears in your code.
Finding
Description
Information about a finding that was detected in your code.
Members
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time when the finding was created.
- description
-
- Type: string
A description of the finding.
- detectorId
-
- Type: string
The identifier for the detector that detected the finding in your code. A detector is a defined rule based on industry standards and AWS best practices.
- detectorName
-
- Type: string
The name of the detector that identified the security vulnerability in your code.
- detectorTags
-
- Type: Array of strings
One or more tags or categorizations that are associated with a detector. These tags are defined by type, programming language, or other classification such as maintainability or consistency.
- generatorId
-
- Type: string
The identifier for the component that generated a finding such as AWSCodeGuruSecurity or AWSInspector.
- id
-
- Type: string
The identifier for a finding.
- remediation
-
- Type: Remediation structure
An object that contains the details about how to remediate a finding.
- resource
-
- Type: Resource structure
The resource where Amazon CodeGuru Security detected a finding.
- ruleId
-
- Type: string
The identifier for the rule that generated the finding.
- severity
-
- Type: string
The severity of the finding.
- status
-
- Type: string
The status of the finding. A finding status can be open or closed.
- title
-
- Type: string
The title of the finding.
- type
-
- Type: string
The type of finding.
- updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time when the finding was last updated. Findings are updated when you remediate them or when the finding code location changes.
- vulnerability
-
- Type: Vulnerability structure
An object that describes the detected security vulnerability.
FindingIdentifier
Description
An object that contains information about a finding and the scan that generated it.
Members
- findingId
-
- Required: Yes
- Type: string
The identifier for a finding.
- scanName
-
- Required: Yes
- Type: string
The name of the scan that generated the finding.
FindingMetricsValuePerSeverity
Description
The severity of the issue in the code that generated a finding.
Members
- critical
-
- Type: double
The severity of the finding is critical and should be addressed immediately.
- high
-
- Type: double
The severity of the finding is high and should be addressed as a near-term priority.
- info
-
- Type: double
The finding is related to quality or readability improvements and not considered actionable.
- low
-
- Type: double
The severity of the finding is low and does require action on its own.
- medium
-
- Type: double
The severity of the finding is medium and should be addressed as a mid-term priority.
InternalServerException
Description
The server encountered an internal error and is unable to complete the request.
Members
- error
-
- Type: string
The internal error encountered by the server.
- message
-
- Type: string
Description of the error.
MetricsSummary
Description
Information about summary metrics in an account.
Members
- categoriesWithMostFindings
-
- Type: Array of CategoryWithFindingNum structures
A list of
CategoryWithFindingNum
objects for the top 5 finding categories with the most open findings in an account. - date
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date from which the metrics summary information was retrieved.
- openFindings
-
- Type: FindingMetricsValuePerSeverity structure
The number of open findings of each severity in an account.
- scansWithMostOpenCriticalFindings
-
- Type: Array of ScanNameWithFindingNum structures
A list of
ScanNameWithFindingNum
objects for the top 3 scans with the most number of open findings in an account. - scansWithMostOpenFindings
-
- Type: Array of ScanNameWithFindingNum structures
A list of
ScanNameWithFindingNum
objects for the top 3 scans with the most number of open critical findings in an account.
Recommendation
Description
Information about the recommended course of action to remediate a finding.
Members
- text
-
- Type: string
The recommended course of action to remediate the finding.
- url
-
- Type: string
The URL address to the recommendation for remediating the finding.
Remediation
Description
Information about how to remediate a finding.
Members
- recommendation
-
- Type: Recommendation structure
An object that contains information about the recommended course of action to remediate a finding.
- suggestedFixes
-
- Type: Array of SuggestedFix structures
A list of
SuggestedFix
objects. Each object contains information about a suggested code fix to remediate the finding.
Resource
Description
Information about a resource, such as an Amazon S3 bucket or AWS Lambda function, that contains a finding.
Members
- id
-
- Type: string
The identifier for the resource.
- subResourceId
-
- Type: string
The identifier for a section of the resource, such as an AWS Lambda layer.
ResourceId
Description
The identifier for a resource object that contains resources where a finding was detected.
Members
- codeArtifactId
-
- Type: string
The identifier for the code file uploaded to the resource where a finding was detected.
ResourceNotFoundException
Description
The resource specified in the request was not found.
Members
- errorCode
-
- Required: Yes
- Type: string
The identifier for the error.
- message
-
- Required: Yes
- Type: string
Description of the error.
- resourceId
-
- Required: Yes
- Type: string
The identifier for the resource that was not found.
- resourceType
-
- Required: Yes
- Type: string
The type of resource that was not found.
ScanNameWithFindingNum
Description
Information about a scan with open findings.
Members
- findingNumber
-
- Type: int
The number of open findings generated by a scan.
- scanName
-
- Type: string
The name of the scan.
ScanSummary
Description
Information about a scan.
Members
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time when the scan was created.
- runId
-
- Required: Yes
- Type: string
The identifier for the scan run.
- scanName
-
- Required: Yes
- Type: string
The name of the scan.
- scanNameArn
-
- Type: string
The ARN for the scan name.
- scanState
-
- Required: Yes
- Type: string
The state of the scan. A scan can be
In Progress
,Complete
, orFailed
. - updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time the scan was last updated. A scan is updated when it is re-run.
SuggestedFix
Description
Information about the suggested code fix to remediate a finding.
Members
- code
-
- Type: string
The suggested code to add to your file.
- description
-
- Type: string
A description of the suggested code fix and why it is being suggested.
ThrottlingException
Description
The request was denied due to request throttling.
Members
- errorCode
-
- Required: Yes
- Type: string
The identifier for the error.
- message
-
- Required: Yes
- Type: string
Description of the error.
- quotaCode
-
- Type: string
The identifier for the originating quota.
- serviceCode
-
- Type: string
The identifier for the originating service.
ValidationException
Description
The input fails to satisfy the specified constraints.
Members
- errorCode
-
- Required: Yes
- Type: string
The identifier for the error.
- fieldList
-
- Type: Array of ValidationExceptionField structures
The field that caused the error, if applicable.
- message
-
- Required: Yes
- Type: string
Description of the error.
- reason
-
- Required: Yes
- Type: string
The reason the request failed validation.
ValidationExceptionField
Description
Information about a validation exception.
Members
- message
-
- Required: Yes
- Type: string
Describes the exception.
- name
-
- Required: Yes
- Type: string
The name of the exception.
Vulnerability
Description
Information about a security vulnerability that Amazon CodeGuru Security detected.
Members
- filePath
-
- Type: FilePath structure
An object that describes the location of the detected security vulnerability in your code.
- id
-
- Type: string
The identifier for the vulnerability.
- itemCount
-
- Type: int
The number of times the vulnerability appears in your code.
- referenceUrls
-
- Type: Array of strings
One or more URL addresses that contain details about a vulnerability.
- relatedVulnerabilities
-
- Type: Array of strings
One or more vulnerabilities that are related to the vulnerability being described.