Inspector2 2020-06-08
- Client: Aws\Inspector2\Inspector2Client
- Service ID: inspector2
- Version: 2020-06-08
This page describes the parameters and results for the operations of the Inspector2 (2020-06-08), and shows how to use the Aws\Inspector2\Inspector2Client object to call the described operations. This documentation is specific to the 2020-06-08 API version of the service.
Operation Summary
Each of the following operations can be created from a client using
$client->getCommand('CommandName'), where "CommandName" is the
name of one of the following operations. Note: a command is a value that
encapsulates an operation and the parameters used to create an HTTP request.
You can also create and send a command immediately using the magic methods
available on a client object: $client->commandName(/* parameters */).
You can send the command asynchronously (returning a promise) by appending the
word "Async" to the operation name: $client->commandNameAsync(/* parameters */).
- AssociateMember ( array $params = [] )
Associates an Amazon Web Services account with an Amazon Inspector delegated administrator.
- BatchGetAccountStatus ( array $params = [] )
Retrieves the Amazon Inspector status of multiple Amazon Web Services accounts within your environment.
- BatchGetCodeSnippet ( array $params = [] )
Retrieves code snippets from findings that Amazon Inspector detected code vulnerabilities in.
- BatchGetFindingDetails ( array $params = [] )
Gets vulnerability details for findings.
- BatchGetFreeTrialInfo ( array $params = [] )
Gets free trial status for multiple Amazon Web Services accounts.
- BatchGetMemberEc2DeepInspectionStatus ( array $params = [] )
Retrieves Amazon Inspector deep inspection activation status of multiple member accounts within your organization.
- BatchUpdateMemberEc2DeepInspectionStatus ( array $params = [] )
Activates or deactivates Amazon Inspector deep inspection for the provided member accounts in your organization.
- CancelFindingsReport ( array $params = [] )
Cancels the given findings report.
- CancelSbomExport ( array $params = [] )
Cancels a software bill of materials (SBOM) report.
- CreateFilter ( array $params = [] )
Creates a filter resource using specified filter criteria.
- CreateFindingsReport ( array $params = [] )
Creates a finding report.
- CreateSbomExport ( array $params = [] )
Creates a software bill of materials (SBOM) report.
- DeleteFilter ( array $params = [] )
Deletes a filter resource.
- DescribeOrganizationConfiguration ( array $params = [] )
Describe Amazon Inspector configuration settings for an Amazon Web Services organization.
- Disable ( array $params = [] )
Disables Amazon Inspector scans for one or more Amazon Web Services accounts.
- DisableDelegatedAdminAccount ( array $params = [] )
Disables the Amazon Inspector delegated administrator for your organization.
- DisassociateMember ( array $params = [] )
Disassociates a member account from an Amazon Inspector delegated administrator.
- Enable ( array $params = [] )
Enables Amazon Inspector scans for one or more Amazon Web Services accounts.
- EnableDelegatedAdminAccount ( array $params = [] )
Enables the Amazon Inspector delegated administrator for your Organizations organization.
- GetConfiguration ( array $params = [] )
Retrieves setting configurations for Inspector scans.
- GetDelegatedAdminAccount ( array $params = [] )
Retrieves information about the Amazon Inspector delegated administrator for your organization.
- GetEc2DeepInspectionConfiguration ( array $params = [] )
Retrieves the activation status of Amazon Inspector deep inspection and custom paths associated with your account.
- GetEncryptionKey ( array $params = [] )
Gets an encryption key.
- GetFindingsReportStatus ( array $params = [] )
Gets the status of a findings report.
- GetMember ( array $params = [] )
Gets member information for your organization.
- GetSbomExport ( array $params = [] )
Gets details of a software bill of materials (SBOM) report.
- ListAccountPermissions ( array $params = [] )
Lists the permissions an account has to configure Amazon Inspector.
- ListCoverage ( array $params = [] )
Lists coverage details for you environment.
- ListCoverageStatistics ( array $params = [] )
Lists Amazon Inspector coverage statistics for your environment.
- ListDelegatedAdminAccounts ( array $params = [] )
Lists information about the Amazon Inspector delegated administrator of your organization.
- ListFilters ( array $params = [] )
Lists the filters associated with your account.
- ListFindingAggregations ( array $params = [] )
Lists aggregated finding data for your environment based on specific criteria.
- ListFindings ( array $params = [] )
Lists findings for your environment.
- ListMembers ( array $params = [] )
List members associated with the Amazon Inspector delegated administrator for your organization.
- ListTagsForResource ( array $params = [] )
Lists all tags attached to a given resource.
- ListUsageTotals ( array $params = [] )
Lists the Amazon Inspector usage totals over the last 30 days.
- ResetEncryptionKey ( array $params = [] )
Resets an encryption key.
- SearchVulnerabilities ( array $params = [] )
Lists Amazon Inspector coverage details for a specific vulnerability.
- TagResource ( array $params = [] )
Adds tags to a resource.
- UntagResource ( array $params = [] )
Removes tags from a resource.
- UpdateConfiguration ( array $params = [] )
Updates setting configurations for your Amazon Inspector account.
- UpdateEc2DeepInspectionConfiguration ( array $params = [] )
Activates, deactivates Amazon Inspector deep inspection, or updates custom paths for your account.
- UpdateEncryptionKey ( array $params = [] )
Updates an encryption key.
- UpdateFilter ( array $params = [] )
Specifies the action that is to be applied to the findings that match the filter.
- UpdateOrgEc2DeepInspectionConfiguration ( array $params = [] )
Updates the Amazon Inspector deep inspection custom paths for your organization.
- UpdateOrganizationConfiguration ( array $params = [] )
Updates the configurations for your Amazon Inspector organization.
Paginators
Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:
Operations
AssociateMember
$result = $client->associateMember([/* ... */]); $promise = $client->associateMemberAsync([/* ... */]);
Associates an Amazon Web Services account with an Amazon Inspector delegated administrator. An HTTP 200 response indicates the association was successfully started, but doesn’t indicate whether it was completed. You can check if the association completed by using ListMembers for multiple accounts or GetMembers for a single account.
Parameter Syntax
$result = $client->associateMember([
'accountId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- accountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the member account to be associated.
Result Syntax
[
'accountId' => '<string>',
]
Result Details
Members
- accountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the successfully associated member account.
Errors
-
The request has failed validation due to missing required fields or having invalid inputs.
-
You do not have sufficient access to perform this action.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
BatchGetAccountStatus
$result = $client->batchGetAccountStatus([/* ... */]); $promise = $client->batchGetAccountStatusAsync([/* ... */]);
Retrieves the Amazon Inspector status of multiple Amazon Web Services accounts within your environment.
Parameter Syntax
$result = $client->batchGetAccountStatus([
'accountIds' => ['<string>', ...],
]);
Parameter Details
Members
- accountIds
-
- Type: Array of strings
The 12-digit Amazon Web Services account IDs of the accounts to retrieve Amazon Inspector status for.
Result Syntax
[
'accounts' => [
[
'accountId' => '<string>',
'resourceState' => [
'ec2' => [
'errorCode' => 'ALREADY_ENABLED|ENABLE_IN_PROGRESS|DISABLE_IN_PROGRESS|SUSPEND_IN_PROGRESS|RESOURCE_NOT_FOUND|ACCESS_DENIED|INTERNAL_ERROR|SSM_UNAVAILABLE|SSM_THROTTLED|EVENTBRIDGE_UNAVAILABLE|EVENTBRIDGE_THROTTLED|RESOURCE_SCAN_NOT_DISABLED|DISASSOCIATE_ALL_MEMBERS|ACCOUNT_IS_ISOLATED',
'errorMessage' => '<string>',
'status' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
],
'ecr' => [
'errorCode' => 'ALREADY_ENABLED|ENABLE_IN_PROGRESS|DISABLE_IN_PROGRESS|SUSPEND_IN_PROGRESS|RESOURCE_NOT_FOUND|ACCESS_DENIED|INTERNAL_ERROR|SSM_UNAVAILABLE|SSM_THROTTLED|EVENTBRIDGE_UNAVAILABLE|EVENTBRIDGE_THROTTLED|RESOURCE_SCAN_NOT_DISABLED|DISASSOCIATE_ALL_MEMBERS|ACCOUNT_IS_ISOLATED',
'errorMessage' => '<string>',
'status' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
],
'lambda' => [
'errorCode' => 'ALREADY_ENABLED|ENABLE_IN_PROGRESS|DISABLE_IN_PROGRESS|SUSPEND_IN_PROGRESS|RESOURCE_NOT_FOUND|ACCESS_DENIED|INTERNAL_ERROR|SSM_UNAVAILABLE|SSM_THROTTLED|EVENTBRIDGE_UNAVAILABLE|EVENTBRIDGE_THROTTLED|RESOURCE_SCAN_NOT_DISABLED|DISASSOCIATE_ALL_MEMBERS|ACCOUNT_IS_ISOLATED',
'errorMessage' => '<string>',
'status' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
],
'lambdaCode' => [
'errorCode' => 'ALREADY_ENABLED|ENABLE_IN_PROGRESS|DISABLE_IN_PROGRESS|SUSPEND_IN_PROGRESS|RESOURCE_NOT_FOUND|ACCESS_DENIED|INTERNAL_ERROR|SSM_UNAVAILABLE|SSM_THROTTLED|EVENTBRIDGE_UNAVAILABLE|EVENTBRIDGE_THROTTLED|RESOURCE_SCAN_NOT_DISABLED|DISASSOCIATE_ALL_MEMBERS|ACCOUNT_IS_ISOLATED',
'errorMessage' => '<string>',
'status' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
],
],
'state' => [
'errorCode' => 'ALREADY_ENABLED|ENABLE_IN_PROGRESS|DISABLE_IN_PROGRESS|SUSPEND_IN_PROGRESS|RESOURCE_NOT_FOUND|ACCESS_DENIED|INTERNAL_ERROR|SSM_UNAVAILABLE|SSM_THROTTLED|EVENTBRIDGE_UNAVAILABLE|EVENTBRIDGE_THROTTLED|RESOURCE_SCAN_NOT_DISABLED|DISASSOCIATE_ALL_MEMBERS|ACCOUNT_IS_ISOLATED',
'errorMessage' => '<string>',
'status' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
],
],
// ...
],
'failedAccounts' => [
[
'accountId' => '<string>',
'errorCode' => 'ALREADY_ENABLED|ENABLE_IN_PROGRESS|DISABLE_IN_PROGRESS|SUSPEND_IN_PROGRESS|RESOURCE_NOT_FOUND|ACCESS_DENIED|INTERNAL_ERROR|SSM_UNAVAILABLE|SSM_THROTTLED|EVENTBRIDGE_UNAVAILABLE|EVENTBRIDGE_THROTTLED|RESOURCE_SCAN_NOT_DISABLED|DISASSOCIATE_ALL_MEMBERS|ACCOUNT_IS_ISOLATED',
'errorMessage' => '<string>',
'resourceStatus' => [
'ec2' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
'ecr' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
'lambda' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
'lambdaCode' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
],
'status' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
],
// ...
],
]
Result Details
Members
- accounts
-
- Required: Yes
- Type: Array of AccountState structures
An array of objects that provide details on the status of Amazon Inspector for each of the requested accounts.
- failedAccounts
-
- Type: Array of FailedAccount structures
An array of objects detailing any accounts that failed to enable Amazon Inspector and why.
Errors
-
The request has failed validation due to missing required fields or having invalid inputs.
-
You do not have sufficient access to perform this action.
-
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
BatchGetCodeSnippet
$result = $client->batchGetCodeSnippet([/* ... */]); $promise = $client->batchGetCodeSnippetAsync([/* ... */]);
Retrieves code snippets from findings that Amazon Inspector detected code vulnerabilities in.
Parameter Syntax
$result = $client->batchGetCodeSnippet([
'findingArns' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- findingArns
-
- Required: Yes
- Type: Array of strings
An array of finding ARNs for the findings you want to retrieve code snippets from.
Result Syntax
[
'codeSnippetResults' => [
[
'codeSnippet' => [
[
'content' => '<string>',
'lineNumber' => <integer>,
],
// ...
],
'endLine' => <integer>,
'findingArn' => '<string>',
'startLine' => <integer>,
'suggestedFixes' => [
[
'code' => '<string>',
'description' => '<string>',
],
// ...
],
],
// ...
],
'errors' => [
[
'errorCode' => 'INTERNAL_ERROR|ACCESS_DENIED|CODE_SNIPPET_NOT_FOUND|INVALID_INPUT',
'errorMessage' => '<string>',
'findingArn' => '<string>',
],
// ...
],
]
Result Details
Members
- codeSnippetResults
-
- Type: Array of CodeSnippetResult structures
The retrieved code snippets associated with the provided finding ARNs.
- errors
-
- Type: Array of CodeSnippetError structures
Any errors Amazon Inspector encountered while trying to retrieve the requested code snippets.
Errors
-
The request has failed validation due to missing required fields or having invalid inputs.
-
You do not have sufficient access to perform this action.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
BatchGetFindingDetails
$result = $client->batchGetFindingDetails([/* ... */]); $promise = $client->batchGetFindingDetailsAsync([/* ... */]);
Gets vulnerability details for findings.
Parameter Syntax
$result = $client->batchGetFindingDetails([
'findingArns' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- findingArns
-
- Required: Yes
- Type: Array of strings
A list of finding ARNs.
Result Syntax
[
'errors' => [
[
'errorCode' => 'INTERNAL_ERROR|ACCESS_DENIED|FINDING_DETAILS_NOT_FOUND|INVALID_INPUT',
'errorMessage' => '<string>',
'findingArn' => '<string>',
],
// ...
],
'findingDetails' => [
[
'cisaData' => [
'action' => '<string>',
'dateAdded' => <DateTime>,
'dateDue' => <DateTime>,
],
'cwes' => ['<string>', ...],
'epssScore' => <float>,
'evidences' => [
[
'evidenceDetail' => '<string>',
'evidenceRule' => '<string>',
'severity' => '<string>',
],
// ...
],
'exploitObserved' => [
'firstSeen' => <DateTime>,
'lastSeen' => <DateTime>,
],
'findingArn' => '<string>',
'referenceUrls' => ['<string>', ...],
'riskScore' => <integer>,
'tools' => ['<string>', ...],
'ttps' => ['<string>', ...],
],
// ...
],
]
Result Details
Members
- errors
-
- Type: Array of FindingDetailsError structures
Error information for findings that details could not be returned for.
- findingDetails
-
- Type: Array of FindingDetail structures
A finding's vulnerability details.
Errors
-
The request has failed validation due to missing required fields or having invalid inputs.
-
You do not have sufficient access to perform this action.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
BatchGetFreeTrialInfo
$result = $client->batchGetFreeTrialInfo([/* ... */]); $promise = $client->batchGetFreeTrialInfoAsync([/* ... */]);
Gets free trial status for multiple Amazon Web Services accounts.
Parameter Syntax
$result = $client->batchGetFreeTrialInfo([
'accountIds' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- accountIds
-
- Required: Yes
- Type: Array of strings
The account IDs to get free trial status for.
Result Syntax
[
'accounts' => [
[
'accountId' => '<string>',
'freeTrialInfo' => [
[
'end' => <DateTime>,
'start' => <DateTime>,
'status' => 'ACTIVE|INACTIVE',
'type' => 'EC2|ECR|LAMBDA|LAMBDA_CODE',
],
// ...
],
],
// ...
],
'failedAccounts' => [
[
'accountId' => '<string>',
'code' => 'ACCESS_DENIED|INTERNAL_ERROR',
'message' => '<string>',
],
// ...
],
]
Result Details
Members
- accounts
-
- Required: Yes
- Type: Array of FreeTrialAccountInfo structures
An array of objects that provide Amazon Inspector free trial details for each of the requested accounts.
- failedAccounts
-
- Required: Yes
- Type: Array of FreeTrialInfoError structures
An array of objects detailing any accounts that free trial data could not be returned for.
Errors
-
The request has failed validation due to missing required fields or having invalid inputs.
-
You do not have sufficient access to perform this action.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
BatchGetMemberEc2DeepInspectionStatus
$result = $client->batchGetMemberEc2DeepInspectionStatus([/* ... */]); $promise = $client->batchGetMemberEc2DeepInspectionStatusAsync([/* ... */]);
Retrieves Amazon Inspector deep inspection activation status of multiple member accounts within your organization. You must be the delegated administrator of an organization in Amazon Inspector to use this API.
Parameter Syntax
$result = $client->batchGetMemberEc2DeepInspectionStatus([
'accountIds' => ['<string>', ...],
]);
Parameter Details
Members
- accountIds
-
- Type: Array of strings
The unique identifiers for the Amazon Web Services accounts to retrieve Amazon Inspector deep inspection activation status for.
</p>
Result Syntax
[
'accountIds' => [
[
'accountId' => '<string>',
'errorMessage' => '<string>',
'status' => 'ACTIVATED|DEACTIVATED|PENDING|FAILED',
],
// ...
],
'failedAccountIds' => [
[
'accountId' => '<string>',
'ec2ScanStatus' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
'errorMessage' => '<string>',
],
// ...
],
]
Result Details
Members
- accountIds
-
- Type: Array of MemberAccountEc2DeepInspectionStatusState structures
An array of objects that provide details on the activation status of Amazon Inspector deep inspection for each of the requested accounts.
</p> - failedAccountIds
-
- Type: Array of FailedMemberAccountEc2DeepInspectionStatusState structures
An array of objects that provide details on any accounts that failed to activate Amazon Inspector deep inspection and why.
</p>
Errors
-
The request has failed validation due to missing required fields or having invalid inputs.
-
You do not have sufficient access to perform this action.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
BatchUpdateMemberEc2DeepInspectionStatus
$result = $client->batchUpdateMemberEc2DeepInspectionStatus([/* ... */]); $promise = $client->batchUpdateMemberEc2DeepInspectionStatusAsync([/* ... */]);
Activates or deactivates Amazon Inspector deep inspection for the provided member accounts in your organization. You must be the delegated administrator of an organization in Amazon Inspector to use this API.
Parameter Syntax
$result = $client->batchUpdateMemberEc2DeepInspectionStatus([
'accountIds' => [ // REQUIRED
[
'accountId' => '<string>', // REQUIRED
'activateDeepInspection' => true || false, // REQUIRED
],
// ...
],
]);
Parameter Details
Members
- accountIds
-
- Required: Yes
- Type: Array of MemberAccountEc2DeepInspectionStatus structures
The unique identifiers for the Amazon Web Services accounts to change Amazon Inspector deep inspection status for.
Result Syntax
[
'accountIds' => [
[
'accountId' => '<string>',
'errorMessage' => '<string>',
'status' => 'ACTIVATED|DEACTIVATED|PENDING|FAILED',
],
// ...
],
'failedAccountIds' => [
[
'accountId' => '<string>',
'ec2ScanStatus' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
'errorMessage' => '<string>',
],
// ...
],
]
Result Details
Members
- accountIds
-
- Type: Array of MemberAccountEc2DeepInspectionStatusState structures
An array of objects that provide details for each of the accounts that Amazon Inspector deep inspection status was successfully changed for.
- failedAccountIds
-
- Type: Array of FailedMemberAccountEc2DeepInspectionStatusState structures
An array of objects that provide details for each of the accounts that Amazon Inspector deep inspection status could not be successfully changed for.
Errors
-
The request has failed validation due to missing required fields or having invalid inputs.
-
You do not have sufficient access to perform this action.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
CancelFindingsReport
$result = $client->cancelFindingsReport([/* ... */]); $promise = $client->cancelFindingsReportAsync([/* ... */]);
Cancels the given findings report.
Parameter Syntax
$result = $client->cancelFindingsReport([
'reportId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- reportId
-
- Required: Yes
- Type: string
The ID of the report to be canceled.
Result Syntax
[
'reportId' => '<string>',
]
Result Details
Members
- reportId
-
- Required: Yes
- Type: string
The ID of the canceled report.
Errors
-
The request has failed validation due to missing required fields or having invalid inputs.
-
You do not have sufficient access to perform this action.
-
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
CancelSbomExport
$result = $client->cancelSbomExport([/* ... */]); $promise = $client->cancelSbomExportAsync([/* ... */]);
Cancels a software bill of materials (SBOM) report.
Parameter Syntax
$result = $client->cancelSbomExport([
'reportId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- reportId
-
- Required: Yes
- Type: string
The report ID of the SBOM export to cancel.
Result Syntax
[
'reportId' => '<string>',
]
Result Details
Members
- reportId
-
- Type: string
The report ID of the canceled SBOM export.
Errors
-
The request has failed validation due to missing required fields or having invalid inputs.
-
You do not have sufficient access to perform this action.
-
The limit on the number of requests per second was exceeded.
-
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
-
The request has failed due to an internal failure of the Amazon Inspector service.
CreateFilter
$result = $client->createFilter([/* ... */]); $promise = $client->createFilterAsync([/* ... */]);
Creates a filter resource using specified filter criteria.
Parameter Syntax
$result = $client->createFilter([
'action' => 'NONE|SUPPRESS', // REQUIRED
'description' => '<string>',
'filterCriteria' => [ // REQUIRED
'awsAccountId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'codeVulnerabilityDetectorName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'codeVulnerabilityDetectorTags' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'codeVulnerabilityFilePath' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'componentId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'componentType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ec2InstanceImageId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ec2InstanceSubnetId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ec2InstanceVpcId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrImageArchitecture' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrImageHash' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrImagePushedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'ecrImageRegistry' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrImageRepositoryName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrImageTags' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'epssScore' => [
[
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
// ...
],
'exploitAvailable' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'findingArn' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'findingStatus' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'findingType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'firstObservedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'fixAvailable' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'inspectorScore' => [
[
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
// ...
],
'lambdaFunctionExecutionRoleArn' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lambdaFunctionLastModifiedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'lambdaFunctionLayers' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lambdaFunctionName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lambdaFunctionRuntime' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lastObservedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'networkProtocol' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'portRange' => [
[
'beginInclusive' => <integer>,
'endInclusive' => <integer>,
],
// ...
],
'relatedVulnerabilities' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'resourceId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'resourceTags' => [
[
'comparison' => 'EQUALS', // REQUIRED
'key' => '<string>', // REQUIRED
'value' => '<string>',
],
// ...
],
'resourceType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'severity' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'title' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'updatedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'vendorSeverity' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'vulnerabilityId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'vulnerabilitySource' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'vulnerablePackages' => [
[
'architecture' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'epoch' => [
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
'name' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'release' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'sourceLambdaLayerArn' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'sourceLayerHash' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'version' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
],
// ...
],
],
'name' => '<string>', // REQUIRED
'reason' => '<string>',
'tags' => ['<string>', ...],
]);
Parameter Details
Members
- action
-
- Required: Yes
- Type: string
Defines the action that is to be applied to the findings that match the filter.
- description
-
- Type: string
A description of the filter.
- filterCriteria
-
- Required: Yes
- Type: FilterCriteria structure
Defines the criteria to be used in the filter for querying findings.
- name
-
- Required: Yes
- Type: string
The name of the filter. Minimum length of 3. Maximum length of 64. Valid characters include alphanumeric characters, dot (.), underscore (_), and dash (-). Spaces are not allowed.
- reason
-
- Type: string
The reason for creating the filter.
- tags
-
- Type: Associative array of custom strings keys (MapKey) to strings
A list of tags for the filter.
Result Syntax
[
'arn' => '<string>',
]
Result Details
Members
- arn
-
- Required: Yes
- Type: string
The Amazon Resource Number (ARN) of the successfully created filter.
Errors
-
ServiceQuotaExceededException:
You have exceeded your service quota. To perform the requested action, remove some of the relevant resources, or use Service Quotas to request a service quota increase.
-
One or more tags submitted as part of the request is not valid.
-
The request has failed validation due to missing required fields or having invalid inputs.
-
You do not have sufficient access to perform this action.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
CreateFindingsReport
$result = $client->createFindingsReport([/* ... */]); $promise = $client->createFindingsReportAsync([/* ... */]);
Creates a finding report. By default only ACTIVE findings are returned in the report. To see SUPRESSED or CLOSED findings you must specify a value for the findingStatus filter criteria.
Parameter Syntax
$result = $client->createFindingsReport([
'filterCriteria' => [
'awsAccountId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'codeVulnerabilityDetectorName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'codeVulnerabilityDetectorTags' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'codeVulnerabilityFilePath' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'componentId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'componentType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ec2InstanceImageId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ec2InstanceSubnetId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ec2InstanceVpcId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrImageArchitecture' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrImageHash' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrImagePushedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'ecrImageRegistry' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrImageRepositoryName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrImageTags' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'epssScore' => [
[
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
// ...
],
'exploitAvailable' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'findingArn' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'findingStatus' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'findingType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'firstObservedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'fixAvailable' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'inspectorScore' => [
[
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
// ...
],
'lambdaFunctionExecutionRoleArn' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lambdaFunctionLastModifiedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'lambdaFunctionLayers' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lambdaFunctionName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lambdaFunctionRuntime' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lastObservedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'networkProtocol' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'portRange' => [
[
'beginInclusive' => <integer>,
'endInclusive' => <integer>,
],
// ...
],
'relatedVulnerabilities' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'resourceId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'resourceTags' => [
[
'comparison' => 'EQUALS', // REQUIRED
'key' => '<string>', // REQUIRED
'value' => '<string>',
],
// ...
],
'resourceType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'severity' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'title' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'updatedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'vendorSeverity' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'vulnerabilityId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'vulnerabilitySource' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'vulnerablePackages' => [
[
'architecture' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'epoch' => [
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
'name' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'release' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'sourceLambdaLayerArn' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'sourceLayerHash' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'version' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
],
// ...
],
],
'reportFormat' => 'CSV|JSON', // REQUIRED
's3Destination' => [ // REQUIRED
'bucketName' => '<string>', // REQUIRED
'keyPrefix' => '<string>',
'kmsKeyArn' => '<string>', // REQUIRED
],
]);
Parameter Details
Members
- filterCriteria
-
- Type: FilterCriteria structure
The filter criteria to apply to the results of the finding report.
- reportFormat
-
- Required: Yes
- Type: string
The format to generate the report in.
- s3Destination
-
- Required: Yes
- Type: Destination structure
The Amazon S3 export destination for the report.
Result Syntax
[
'reportId' => '<string>',
]
Result Details
Members
- reportId
-
- Type: string
The ID of the report.
Errors
-
The request has failed validation due to missing required fields or having invalid inputs.
-
You do not have sufficient access to perform this action.
-
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
CreateSbomExport
$result = $client->createSbomExport([/* ... */]); $promise = $client->createSbomExportAsync([/* ... */]);
Creates a software bill of materials (SBOM) report.
Parameter Syntax
$result = $client->createSbomExport([
'reportFormat' => 'CYCLONEDX_1_4|SPDX_2_3', // REQUIRED
'resourceFilterCriteria' => [
'accountId' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ec2InstanceTags' => [
[
'comparison' => 'EQUALS', // REQUIRED
'key' => '<string>', // REQUIRED
'value' => '<string>',
],
// ...
],
'ecrImageTags' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrRepositoryName' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lambdaFunctionName' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lambdaFunctionTags' => [
[
'comparison' => 'EQUALS', // REQUIRED
'key' => '<string>', // REQUIRED
'value' => '<string>',
],
// ...
],
'resourceId' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'resourceType' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
],
's3Destination' => [ // REQUIRED
'bucketName' => '<string>', // REQUIRED
'keyPrefix' => '<string>',
'kmsKeyArn' => '<string>', // REQUIRED
],
]);
Parameter Details
Members
- reportFormat
-
- Required: Yes
- Type: string
The output format for the software bill of materials (SBOM) report.
- resourceFilterCriteria
-
- Type: ResourceFilterCriteria structure
The resource filter criteria for the software bill of materials (SBOM) report.
- s3Destination
-
- Required: Yes
- Type: Destination structure
Contains details of the Amazon S3 bucket and KMS key used to export findings.
Result Syntax
[
'reportId' => '<string>',
]
Result Details
Members
- reportId
-
- Type: string
The report ID for the software bill of materials (SBOM) report.
Errors
-
The request has failed validation due to missing required fields or having invalid inputs.
-
You do not have sufficient access to perform this action.
-
The limit on the number of requests per second was exceeded.
-
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
-
The request has failed due to an internal failure of the Amazon Inspector service.
DeleteFilter
$result = $client->deleteFilter([/* ... */]); $promise = $client->deleteFilterAsync([/* ... */]);
Deletes a filter resource.
Parameter Syntax
$result = $client->deleteFilter([
'arn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- arn
-
- Required: Yes
- Type: string
The Amazon Resource Number (ARN) of the filter to be deleted.
Result Syntax
[
'arn' => '<string>',
]
Result Details
Members
- arn
-
- Required: Yes
- Type: string
The Amazon Resource Number (ARN) of the filter that has been deleted.
Errors
-
The request has failed validation due to missing required fields or having invalid inputs.
-
You do not have sufficient access to perform this action.
-
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
DescribeOrganizationConfiguration
$result = $client->describeOrganizationConfiguration([/* ... */]); $promise = $client->describeOrganizationConfigurationAsync([/* ... */]);
Describe Amazon Inspector configuration settings for an Amazon Web Services organization.
Parameter Syntax
$result = $client->describeOrganizationConfiguration([ ]);
Parameter Details
Members
Result Syntax
[
'autoEnable' => [
'ec2' => true || false,
'ecr' => true || false,
'lambda' => true || false,
'lambdaCode' => true || false,
],
'maxAccountLimitReached' => true || false,
]
Result Details
Members
- autoEnable
-
- Type: AutoEnable structure
The scan types are automatically enabled for new members of your organization.
- maxAccountLimitReached
-
- Type: boolean
Represents whether your organization has reached the maximum Amazon Web Services account limit for Amazon Inspector.
Errors
-
The request has failed validation due to missing required fields or having invalid inputs.
-
You do not have sufficient access to perform this action.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
Disable
$result = $client->disable([/* ... */]); $promise = $client->disableAsync([/* ... */]);
Disables Amazon Inspector scans for one or more Amazon Web Services accounts. Disabling all scan types in an account disables the Amazon Inspector service.
Parameter Syntax
$result = $client->disable([
'accountIds' => ['<string>', ...],
'resourceTypes' => ['<string>', ...],
]);
Parameter Details
Members
- accountIds
-
- Type: Array of strings
An array of account IDs you want to disable Amazon Inspector scans for.
- resourceTypes
-
- Type: Array of strings
The resource scan types you want to disable.
Result Syntax
[
'accounts' => [
[
'accountId' => '<string>',
'resourceStatus' => [
'ec2' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
'ecr' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
'lambda' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
'lambdaCode' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
],
'status' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
],
// ...
],
'failedAccounts' => [
[
'accountId' => '<string>',
'errorCode' => 'ALREADY_ENABLED|ENABLE_IN_PROGRESS|DISABLE_IN_PROGRESS|SUSPEND_IN_PROGRESS|RESOURCE_NOT_FOUND|ACCESS_DENIED|INTERNAL_ERROR|SSM_UNAVAILABLE|SSM_THROTTLED|EVENTBRIDGE_UNAVAILABLE|EVENTBRIDGE_THROTTLED|RESOURCE_SCAN_NOT_DISABLED|DISASSOCIATE_ALL_MEMBERS|ACCOUNT_IS_ISOLATED',
'errorMessage' => '<string>',
'resourceStatus' => [
'ec2' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
'ecr' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
'lambda' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
'lambdaCode' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
],
'status' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
],
// ...
],
]
Result Details
Members
- accounts
-
- Required: Yes
- Type: Array of Account structures
Information on the accounts that have had Amazon Inspector scans successfully disabled. Details are provided for each account.
- failedAccounts
-
- Type: Array of FailedAccount structures
Information on any accounts for which Amazon Inspector scans could not be disabled. Details are provided for each account.
Errors
-
The request has failed validation due to missing required fields or having invalid inputs.
-
You do not have sufficient access to perform this action.
-
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
DisableDelegatedAdminAccount
$result = $client->disableDelegatedAdminAccount([/* ... */]); $promise = $client->disableDelegatedAdminAccountAsync([/* ... */]);
Disables the Amazon Inspector delegated administrator for your organization.
Parameter Syntax
$result = $client->disableDelegatedAdminAccount([
'delegatedAdminAccountId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- delegatedAdminAccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the current Amazon Inspector delegated administrator.
Result Syntax
[
'delegatedAdminAccountId' => '<string>',
]
Result Details
Members
- delegatedAdminAccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the successfully disabled delegated administrator.
Errors
-
A conflict occurred.
-
The request has failed validation due to missing required fields or having invalid inputs.
-
You do not have sufficient access to perform this action.
-
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
DisassociateMember
$result = $client->disassociateMember([/* ... */]); $promise = $client->disassociateMemberAsync([/* ... */]);
Disassociates a member account from an Amazon Inspector delegated administrator.
Parameter Syntax
$result = $client->disassociateMember([
'accountId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- accountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the member account to disassociate.
Result Syntax
[
'accountId' => '<string>',
]
Result Details
Members
- accountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the successfully disassociated member.
Errors
-
The request has failed validation due to missing required fields or having invalid inputs.
-
You do not have sufficient access to perform this action.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
Enable
$result = $client->enable([/* ... */]); $promise = $client->enableAsync([/* ... */]);
Enables Amazon Inspector scans for one or more Amazon Web Services accounts.
Parameter Syntax
$result = $client->enable([
'accountIds' => ['<string>', ...],
'clientToken' => '<string>',
'resourceTypes' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- accountIds
-
- Type: Array of strings
A list of account IDs you want to enable Amazon Inspector scans for.
- clientToken
-
- Type: string
The idempotency token for the request.
- resourceTypes
-
- Required: Yes
- Type: Array of strings
The resource scan types you want to enable.
Result Syntax
[
'accounts' => [
[
'accountId' => '<string>',
'resourceStatus' => [
'ec2' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
'ecr' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
'lambda' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
'lambdaCode' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
],
'status' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
],
// ...
],
'failedAccounts' => [
[
'accountId' => '<string>',
'errorCode' => 'ALREADY_ENABLED|ENABLE_IN_PROGRESS|DISABLE_IN_PROGRESS|SUSPEND_IN_PROGRESS|RESOURCE_NOT_FOUND|ACCESS_DENIED|INTERNAL_ERROR|SSM_UNAVAILABLE|SSM_THROTTLED|EVENTBRIDGE_UNAVAILABLE|EVENTBRIDGE_THROTTLED|RESOURCE_SCAN_NOT_DISABLED|DISASSOCIATE_ALL_MEMBERS|ACCOUNT_IS_ISOLATED',
'errorMessage' => '<string>',
'resourceStatus' => [
'ec2' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
'ecr' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
'lambda' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
'lambdaCode' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
],
'status' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
],
// ...
],
]
Result Details
Members
- accounts
-
- Required: Yes
- Type: Array of Account structures
Information on the accounts that have had Amazon Inspector scans successfully enabled. Details are provided for each account.
- failedAccounts
-
- Type: Array of FailedAccount structures
Information on any accounts for which Amazon Inspector scans could not be enabled. Details are provided for each account.
Errors
-
The request has failed validation due to missing required fields or having invalid inputs.
-
You do not have sufficient access to perform this action.
-
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
EnableDelegatedAdminAccount
$result = $client->enableDelegatedAdminAccount([/* ... */]); $promise = $client->enableDelegatedAdminAccountAsync([/* ... */]);
Enables the Amazon Inspector delegated administrator for your Organizations organization.
Parameter Syntax
$result = $client->enableDelegatedAdminAccount([
'clientToken' => '<string>',
'delegatedAdminAccountId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- clientToken
-
- Type: string
The idempotency token for the request.
- delegatedAdminAccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the Amazon Inspector delegated administrator.
Result Syntax
[
'delegatedAdminAccountId' => '<string>',
]
Result Details
Members
- delegatedAdminAccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the successfully Amazon Inspector delegated administrator.
Errors
-
A conflict occurred.
-
The request has failed validation due to missing required fields or having invalid inputs.
-
You do not have sufficient access to perform this action.
-
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
GetConfiguration
$result = $client->getConfiguration([/* ... */]); $promise = $client->getConfigurationAsync([/* ... */]);
Retrieves setting configurations for Inspector scans.
Parameter Syntax
$result = $client->getConfiguration([ ]);
Parameter Details
Members
Result Syntax
[
'ecrConfiguration' => [
'rescanDurationState' => [
'rescanDuration' => 'LIFETIME|DAYS_30|DAYS_180',
'status' => 'SUCCESS|PENDING|FAILED',
'updatedAt' => <DateTime>,
],
],
]
Result Details
Members
- ecrConfiguration
-
- Type: EcrConfigurationState structure
Specifies how the ECR automated re-scan duration is currently configured for your environment.
Errors
-
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
GetDelegatedAdminAccount
$result = $client->getDelegatedAdminAccount([/* ... */]); $promise = $client->getDelegatedAdminAccountAsync([/* ... */]);
Retrieves information about the Amazon Inspector delegated administrator for your organization.
Parameter Syntax
$result = $client->getDelegatedAdminAccount([ ]);
Parameter Details
Members
Result Syntax
[
'delegatedAdmin' => [
'accountId' => '<string>',
'relationshipStatus' => 'CREATED|INVITED|DISABLED|ENABLED|REMOVED|RESIGNED|DELETED|EMAIL_VERIFICATION_IN_PROGRESS|EMAIL_VERIFICATION_FAILED|REGION_DISABLED|ACCOUNT_SUSPENDED|CANNOT_CREATE_DETECTOR_IN_ORG_MASTER',
],
]
Result Details
Members
- delegatedAdmin
-
- Type: DelegatedAdmin structure
The Amazon Web Services account ID of the Amazon Inspector delegated administrator.
Errors
-
You do not have sufficient access to perform this action.
-
The request has failed validation due to missing required fields or having invalid inputs.
-
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
GetEc2DeepInspectionConfiguration
$result = $client->getEc2DeepInspectionConfiguration([/* ... */]); $promise = $client->getEc2DeepInspectionConfigurationAsync([/* ... */]);
Retrieves the activation status of Amazon Inspector deep inspection and custom paths associated with your account.
Parameter Syntax
$result = $client->getEc2DeepInspectionConfiguration([ ]);
Parameter Details
Members
Result Syntax
[
'errorMessage' => '<string>',
'orgPackagePaths' => ['<string>', ...],
'packagePaths' => ['<string>', ...],
'status' => 'ACTIVATED|DEACTIVATED|PENDING|FAILED',
]
Result Details
Members
- errorMessage
-
- Type: string
An error message explaining why Amazon Inspector deep inspection configurations could not be retrieved for your account.
- orgPackagePaths
-
- Type: Array of strings
The Amazon Inspector deep inspection custom paths for your organization.
- packagePaths
-
- Type: Array of strings
The Amazon Inspector deep inspection custom paths for your account.
- status
-
- Type: string
The activation status of Amazon Inspector deep inspection in your account.
Errors
-
You do not have sufficient access to perform this action.
-
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
GetEncryptionKey
$result = $client->getEncryptionKey([/* ... */]); $promise = $client->getEncryptionKeyAsync([/* ... */]);
Gets an encryption key.
Parameter Syntax
$result = $client->getEncryptionKey([
'resourceType' => 'AWS_EC2_INSTANCE|AWS_ECR_CONTAINER_IMAGE|AWS_ECR_REPOSITORY|AWS_LAMBDA_FUNCTION', // REQUIRED
'scanType' => 'NETWORK|PACKAGE|CODE', // REQUIRED
]);
Parameter Details
Members
- resourceType
-
- Required: Yes
- Type: string
The resource type the key encrypts.
- scanType
-
- Required: Yes
- Type: string
The scan type the key encrypts.
Result Syntax
[
'kmsKeyId' => '<string>',
]
Result Details
Members
- kmsKeyId
-
- Required: Yes
- Type: string
A kms key ID.
Errors
-
The request has failed validation due to missing required fields or having invalid inputs.
-
You do not have sufficient access to perform this action.
-
The limit on the number of requests per second was exceeded.
-
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
-
The request has failed due to an internal failure of the Amazon Inspector service.
GetFindingsReportStatus
$result = $client->getFindingsReportStatus([/* ... */]); $promise = $client->getFindingsReportStatusAsync([/* ... */]);
Gets the status of a findings report.
Parameter Syntax
$result = $client->getFindingsReportStatus([
'reportId' => '<string>',
]);
Parameter Details
Members
- reportId
-
- Type: string
The ID of the report to retrieve the status of.
Result Syntax
[
'destination' => [
'bucketName' => '<string>',
'keyPrefix' => '<string>',
'kmsKeyArn' => '<string>',
],
'errorCode' => 'INTERNAL_ERROR|INVALID_PERMISSIONS|NO_FINDINGS_FOUND|BUCKET_NOT_FOUND|INCOMPATIBLE_BUCKET_REGION|MALFORMED_KMS_KEY',
'errorMessage' => '<string>',
'filterCriteria' => [
'awsAccountId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'codeVulnerabilityDetectorName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'codeVulnerabilityDetectorTags' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'codeVulnerabilityFilePath' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'componentId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'componentType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'ec2InstanceImageId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'ec2InstanceSubnetId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'ec2InstanceVpcId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'ecrImageArchitecture' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'ecrImageHash' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'ecrImagePushedAt' => [
[
'endInclusive' => <DateTime>,
'startInclusive' => <DateTime>,
],
// ...
],
'ecrImageRegistry' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'ecrImageRepositoryName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'ecrImageTags' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'epssScore' => [
[
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
// ...
],
'exploitAvailable' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'findingArn' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'findingStatus' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'findingType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'firstObservedAt' => [
[
'endInclusive' => <DateTime>,
'startInclusive' => <DateTime>,
],
// ...
],
'fixAvailable' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'inspectorScore' => [
[
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
// ...
],
'lambdaFunctionExecutionRoleArn' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'lambdaFunctionLastModifiedAt' => [
[
'endInclusive' => <DateTime>,
'startInclusive' => <DateTime>,
],
// ...
],
'lambdaFunctionLayers' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'lambdaFunctionName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'lambdaFunctionRuntime' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'lastObservedAt' => [
[
'endInclusive' => <DateTime>,
'startInclusive' => <DateTime>,
],
// ...
],
'networkProtocol' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'portRange' => [
[
'beginInclusive' => <integer>,
'endInclusive' => <integer>,
],
// ...
],
'relatedVulnerabilities' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'resourceId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'resourceTags' => [
[
'comparison' => 'EQUALS',
'key' => '<string>',
'value' => '<string>',
],
// ...
],
'resourceType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'severity' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'title' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'updatedAt' => [
[
'endInclusive' => <DateTime>,
'startInclusive' => <DateTime>,
],
// ...
],
'vendorSeverity' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'vulnerabilityId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'vulnerabilitySource' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'vulnerablePackages' => [
[
'architecture' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
'epoch' => [
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
'name' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
'release' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
'sourceLambdaLayerArn' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
'sourceLayerHash' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
'version' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
],
// ...
],
],
'reportId' => '<string>',
'status' => 'SUCCEEDED|IN_PROGRESS|CANCELLED|FAILED',
]
Result Details
Members
- destination
-
- Type: Destination structure
The destination of the report.
- errorCode
-
- Type: string
The error code of the report.
- errorMessage
-
- Type: string
The error message of the report.
- filterCriteria
-
- Type: FilterCriteria structure
The filter criteria associated with the report.
- reportId
-
- Type: string
The ID of the report.
- status
-
- Type: string
The status of the report.
Errors
-
The request has failed validation due to missing required fields or having invalid inputs.
-
You do not have sufficient access to perform this action.
-
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
GetMember
$result = $client->getMember([/* ... */]); $promise = $client->getMemberAsync([/* ... */]);
Gets member information for your organization.
Parameter Syntax
$result = $client->getMember([
'accountId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- accountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the member account to retrieve information on.
Result Syntax
[
'member' => [
'accountId' => '<string>',
'delegatedAdminAccountId' => '<string>',
'relationshipStatus' => 'CREATED|INVITED|DISABLED|ENABLED|REMOVED|RESIGNED|DELETED|EMAIL_VERIFICATION_IN_PROGRESS|EMAIL_VERIFICATION_FAILED|REGION_DISABLED|ACCOUNT_SUSPENDED|CANNOT_CREATE_DETECTOR_IN_ORG_MASTER',
'updatedAt' => <DateTime>,
],
]
Result Details
Members
- member
-
- Type: Member structure
Details of the retrieved member account.
Errors
-
The request has failed validation due to missing required fields or having invalid inputs.
-
You do not have sufficient access to perform this action.
-
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
GetSbomExport
$result = $client->getSbomExport([/* ... */]); $promise = $client->getSbomExportAsync([/* ... */]);
Gets details of a software bill of materials (SBOM) report.
Parameter Syntax
$result = $client->getSbomExport([
'reportId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- reportId
-
- Required: Yes
- Type: string
The report ID of the SBOM export to get details for.
Result Syntax
[
'errorCode' => 'INTERNAL_ERROR|INVALID_PERMISSIONS|NO_FINDINGS_FOUND|BUCKET_NOT_FOUND|INCOMPATIBLE_BUCKET_REGION|MALFORMED_KMS_KEY',
'errorMessage' => '<string>',
'filterCriteria' => [
'accountId' => [
[
'comparison' => 'EQUALS|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'ec2InstanceTags' => [
[
'comparison' => 'EQUALS',
'key' => '<string>',
'value' => '<string>',
],
// ...
],
'ecrImageTags' => [
[
'comparison' => 'EQUALS|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'ecrRepositoryName' => [
[
'comparison' => 'EQUALS|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'lambdaFunctionName' => [
[
'comparison' => 'EQUALS|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'lambdaFunctionTags' => [
[
'comparison' => 'EQUALS',
'key' => '<string>',
'value' => '<string>',
],
// ...
],
'resourceId' => [
[
'comparison' => 'EQUALS|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'resourceType' => [
[
'comparison' => 'EQUALS|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
],
'format' => 'CYCLONEDX_1_4|SPDX_2_3',
'reportId' => '<string>',
's3Destination' => [
'bucketName' => '<string>',
'keyPrefix' => '<string>',
'kmsKeyArn' => '<string>',
],
'status' => 'SUCCEEDED|IN_PROGRESS|CANCELLED|FAILED',
]
Result Details
Members
- errorCode
-
- Type: string
An error code.
- errorMessage
-
- Type: string
An error message.
- filterCriteria
-
- Type: ResourceFilterCriteria structure
Contains details about the resource filter criteria used for the software bill of materials (SBOM) report.
- format
-
- Type: string
The format of the software bill of materials (SBOM) report.
- reportId
-
- Type: string
The report ID of the software bill of materials (SBOM) report.
- s3Destination
-
- Type: Destination structure
Contains details of the Amazon S3 bucket and KMS key used to export findings.
- status
-
- Type: string
The status of the software bill of materials (SBOM) report.
Errors
-
The request has failed validation due to missing required fields or having invalid inputs.
-
You do not have sufficient access to perform this action.
-
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
ListAccountPermissions
$result = $client->listAccountPermissions([/* ... */]); $promise = $client->listAccountPermissionsAsync([/* ... */]);
Lists the permissions an account has to configure Amazon Inspector.
Parameter Syntax
$result = $client->listAccountPermissions([
'maxResults' => <integer>,
'nextToken' => '<string>',
'service' => 'EC2|ECR|LAMBDA',
]);
Parameter Details
Members
- maxResults
-
- Type: int
The maximum number of results to return in the response.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the
NextTokenvalue returned from the previous request to continue listing results after the first page. - service
-
- Type: string
The service scan type to check permissions for.
Result Syntax
[
'nextToken' => '<string>',
'permissions' => [
[
'operation' => 'ENABLE_SCANNING|DISABLE_SCANNING|ENABLE_REPOSITORY|DISABLE_REPOSITORY',
'service' => 'EC2|ECR|LAMBDA',
],
// ...
],
]
Result Details
Members
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the
NextTokenvalue returned from the previous request to continue listing results after the first page. - permissions
-
- Required: Yes
- Type: Array of Permission structures
Contains details on the permissions an account has to configure Amazon Inspector.
Errors
-
The request has failed validation due to missing required fields or having invalid inputs.
-
You do not have sufficient access to perform this action.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
ListCoverage
$result = $client->listCoverage([/* ... */]); $promise = $client->listCoverageAsync([/* ... */]);
Lists coverage details for you environment.
Parameter Syntax
$result = $client->listCoverage([
'filterCriteria' => [
'accountId' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ec2InstanceTags' => [
[
'comparison' => 'EQUALS', // REQUIRED
'key' => '<string>', // REQUIRED
'value' => '<string>',
],
// ...
],
'ecrImageTags' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrRepositoryName' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lambdaFunctionName' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lambdaFunctionRuntime' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lambdaFunctionTags' => [
[
'comparison' => 'EQUALS', // REQUIRED
'key' => '<string>', // REQUIRED
'value' => '<string>',
],
// ...
],
'lastScannedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'resourceId' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'resourceType' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'scanStatusCode' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'scanStatusReason' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'scanType' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
],
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- filterCriteria
-
- Type: CoverageFilterCriteria structure
An object that contains details on the filters to apply to the coverage data for your environment.
- maxResults
-
- Type: int
The maximum number of results to return in the response.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the
NextTokenvalue returned from the previous request to continue listing results after the first page.
Result Syntax
[
'coveredResources' => [
[
'accountId' => '<string>',
'lastScannedAt' => <DateTime>,
'resourceId' => '<string>',
'resourceMetadata' => [
'ec2' => [
'amiId' => '<string>',
'platform' => 'WINDOWS|LINUX|UNKNOWN',
'tags' => ['<string>', ...],
],
'ecrImage' => [
'tags' => ['<string>', ...],
],
'ecrRepository' => [
'name' => '<string>',
'scanFrequency' => 'MANUAL|SCAN_ON_PUSH|CONTINUOUS_SCAN',
],
'lambdaFunction' => [
'functionName' => '<string>',
'functionTags' => ['<string>', ...],
'layers' => ['<string>', ...],
'runtime' => 'NODEJS|NODEJS_12_X|NODEJS_14_X|NODEJS_16_X|JAVA_8|JAVA_8_AL2|JAVA_11|PYTHON_3_7|PYTHON_3_8|PYTHON_3_9|UNSUPPORTED|NODEJS_18_X|GO_1_X|JAVA_17|PYTHON_3_10',
],
],
'resourceType' => 'AWS_EC2_INSTANCE|AWS_ECR_CONTAINER_IMAGE|AWS_ECR_REPOSITORY|AWS_LAMBDA_FUNCTION',
'scanStatus' => [
'reason' => 'PENDING_INITIAL_SCAN|ACCESS_DENIED|INTERNAL_ERROR|UNMANAGED_EC2_INSTANCE|UNSUPPORTED_OS|SCAN_ELIGIBILITY_EXPIRED|RESOURCE_TERMINATED|SUCCESSFUL|NO_RESOURCES_FOUND|IMAGE_SIZE_EXCEEDED|SCAN_FREQUENCY_MANUAL|SCAN_FREQUENCY_SCAN_ON_PUSH|EC2_INSTANCE_STOPPED|PENDING_DISABLE|NO_INVENTORY|STALE_INVENTORY|EXCLUDED_BY_TAG|UNSUPPORTED_RUNTIME|UNSUPPORTED_MEDIA_TYPE|UNSUPPORTED_CONFIG_FILE|DEEP_INSPECTION_PACKAGE_COLLECTION_LIMIT_EXCEEDED|DEEP_INSPECTION_DAILY_SSM_INVENTORY_LIMIT_EXCEEDED|DEEP_INSPECTION_COLLECTION_TIME_LIMIT_EXCEEDED|DEEP_INSPECTION_NO_INVENTORY',
'statusCode' => 'ACTIVE|INACTIVE',
],
'scanType' => 'NETWORK|PACKAGE|CODE',
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- coveredResources
-
- Type: Array of CoveredResource structures
An object that contains details on the covered resources in your environment.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the
NextTokenvalue returned from the previous request to continue listing results after the first page.
Errors
-
The request has failed validation due to missing required fields or having invalid inputs.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
ListCoverageStatistics
$result = $client->listCoverageStatistics([/* ... */]); $promise = $client->listCoverageStatisticsAsync([/* ... */]);
Lists Amazon Inspector coverage statistics for your environment.
Parameter Syntax
$result = $client->listCoverageStatistics([
'filterCriteria' => [
'accountId' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ec2InstanceTags' => [
[
'comparison' => 'EQUALS', // REQUIRED
'key' => '<string>', // REQUIRED
'value' => '<string>',
],
// ...
],
'ecrImageTags' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrRepositoryName' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lambdaFunctionName' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lambdaFunctionRuntime' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lambdaFunctionTags' => [
[
'comparison' => 'EQUALS', // REQUIRED
'key' => '<string>', // REQUIRED
'value' => '<string>',
],
// ...
],
'lastScannedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'resourceId' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'resourceType' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'scanStatusCode' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'scanStatusReason' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'scanType' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
],
'groupBy' => 'SCAN_STATUS_CODE|SCAN_STATUS_REASON|ACCOUNT_ID|RESOURCE_TYPE|ECR_REPOSITORY_NAME',
'nextToken' => '<string>',
]);
Parameter Details
Members
- filterCriteria
-
- Type: CoverageFilterCriteria structure
An object that contains details on the filters to apply to the coverage data for your environment.
- groupBy
-
- Type: string
The value to group the results by.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the
NextTokenvalue returned from the previous request to continue listing results after the first page.
Result Syntax
[
'countsByGroup' => [
[
'count' => <integer>,
'groupKey' => 'SCAN_STATUS_CODE|SCAN_STATUS_REASON|ACCOUNT_ID|RESOURCE_TYPE|ECR_REPOSITORY_NAME',
],
// ...
],
'nextToken' => '<string>',
'totalCounts' => <integer>,
]
Result Details
Members
- countsByGroup
-
- Type: Array of Counts structures
An array with the number for each group.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the
NextTokenvalue returned from the previous request to continue listing results after the first page. - totalCounts
-
- Required: Yes
- Type: long (int|float)
The total number for all groups.
Errors
-
The request has failed validation due to missing required fields or having invalid inputs.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
ListDelegatedAdminAccounts
$result = $client->listDelegatedAdminAccounts([/* ... */]); $promise = $client->listDelegatedAdminAccountsAsync([/* ... */]);
Lists information about the Amazon Inspector delegated administrator of your organization.
Parameter Syntax
$result = $client->listDelegatedAdminAccounts([
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- maxResults
-
- Type: int
The maximum number of results to return in the response.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the
NextTokenvalue returned from the previous request to continue listing results after the first page.
Result Syntax
[
'delegatedAdminAccounts' => [
[
'accountId' => '<string>',
'status' => 'ENABLED|DISABLE_IN_PROGRESS',
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- delegatedAdminAccounts
-
- Type: Array of DelegatedAdminAccount structures
Details of the Amazon Inspector delegated administrator of your organization.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the
NextTokenvalue returned from the previous request to continue listing results after the first page.
Errors
-
The request has failed validation due to missing required fields or having invalid inputs.
-
You do not have sufficient access to perform this action.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
ListFilters
$result = $client->listFilters([/* ... */]); $promise = $client->listFiltersAsync([/* ... */]);
Lists the filters associated with your account.
Parameter Syntax
$result = $client->listFilters([
'action' => 'NONE|SUPPRESS',
'arns' => ['<string>', ...],
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- action
-
- Type: string
The action the filter applies to matched findings.
- arns
-
- Type: Array of strings
The Amazon resource number (ARN) of the filter.
- maxResults
-
- Type: int
The maximum number of results to return in the response.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the
NextTokenvalue returned from the previous request to continue listing results after the first page.
Result Syntax
[
'filters' => [
[
'action' => 'NONE|SUPPRESS',
'arn' => '<string>',
'createdAt' => <DateTime>,
'criteria' => [
'awsAccountId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'codeVulnerabilityDetectorName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'codeVulnerabilityDetectorTags' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'codeVulnerabilityFilePath' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'componentId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'componentType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'ec2InstanceImageId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'ec2InstanceSubnetId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'ec2InstanceVpcId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'ecrImageArchitecture' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'ecrImageHash' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'ecrImagePushedAt' => [
[
'endInclusive' => <DateTime>,
'startInclusive' => <DateTime>,
],
// ...
],
'ecrImageRegistry' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'ecrImageRepositoryName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'ecrImageTags' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'epssScore' => [
[
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
// ...
],
'exploitAvailable' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'findingArn' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'findingStatus' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'findingType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'firstObservedAt' => [
[
'endInclusive' => <DateTime>,
'startInclusive' => <DateTime>,
],
// ...
],
'fixAvailable' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'inspectorScore' => [
[
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
// ...
],
'lambdaFunctionExecutionRoleArn' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'lambdaFunctionLastModifiedAt' => [
[
'endInclusive' => <DateTime>,
'startInclusive' => <DateTime>,
],
// ...
],
'lambdaFunctionLayers' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'lambdaFunctionName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'lambdaFunctionRuntime' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'lastObservedAt' => [
[
'endInclusive' => <DateTime>,
'startInclusive' => <DateTime>,
],
// ...
],
'networkProtocol' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'portRange' => [
[
'beginInclusive' => <integer>,
'endInclusive' => <integer>,
],
// ...
],
'relatedVulnerabilities' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'resourceId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'resourceTags' => [
[
'comparison' => 'EQUALS',
'key' => '<string>',
'value' => '<string>',
],
// ...
],
'resourceType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'severity' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'title' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'updatedAt' => [
[
'endInclusive' => <DateTime>,
'startInclusive' => <DateTime>,
],
// ...
],
'vendorSeverity' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'vulnerabilityId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'vulnerabilitySource' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'vulnerablePackages' => [
[
'architecture' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
'epoch' => [
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
'name' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
'release' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
'sourceLambdaLayerArn' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
'sourceLayerHash' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
'version' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
],
// ...
],
],
'description' => '<string>',
'name' => '<string>',
'ownerId' => '<string>',
'reason' => '<string>',
'tags' => ['<string>', ...],
'updatedAt' => <DateTime>,
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- filters
-
- Required: Yes
- Type: Array of Filter structures
Contains details on the filters associated with your account.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the
NextTokenvalue returned from the previous request to continue listing results after the first page.
Errors
-
The request has failed validation due to missing required fields or having invalid inputs.
-
You do not have sufficient access to perform this action.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
ListFindingAggregations
$result = $client->listFindingAggregations([/* ... */]); $promise = $client->listFindingAggregationsAsync([/* ... */]);
Lists aggregated finding data for your environment based on specific criteria.
Parameter Syntax
$result = $client->listFindingAggregations([
'accountIds' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'aggregationRequest' => [
'accountAggregation' => [
'findingType' => 'NETWORK_REACHABILITY|PACKAGE_VULNERABILITY|CODE_VULNERABILITY',
'resourceType' => 'AWS_EC2_INSTANCE|AWS_ECR_CONTAINER_IMAGE|AWS_LAMBDA_FUNCTION',
'sortBy' => 'CRITICAL|HIGH|ALL',
'sortOrder' => 'ASC|DESC',
],
'amiAggregation' => [
'amis' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'sortBy' => 'CRITICAL|HIGH|ALL|AFFECTED_INSTANCES',
'sortOrder' => 'ASC|DESC',
],
'awsEcrContainerAggregation' => [
'architectures' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'imageShas' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'imageTags' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'repositories' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'resourceIds' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'sortBy' => 'CRITICAL|HIGH|ALL',
'sortOrder' => 'ASC|DESC',
],
'ec2InstanceAggregation' => [
'amis' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'instanceIds' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'instanceTags' => [
[
'comparison' => 'EQUALS', // REQUIRED
'key' => '<string>', // REQUIRED
'value' => '<string>',
],
// ...
],
'operatingSystems' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'sortBy' => 'NETWORK_FINDINGS|CRITICAL|HIGH|ALL',
'sortOrder' => 'ASC|DESC',
],
'findingTypeAggregation' => [
'findingType' => 'NETWORK_REACHABILITY|PACKAGE_VULNERABILITY|CODE_VULNERABILITY',
'resourceType' => 'AWS_EC2_INSTANCE|AWS_ECR_CONTAINER_IMAGE|AWS_LAMBDA_FUNCTION',
'sortBy' => 'CRITICAL|HIGH|ALL',
'sortOrder' => 'ASC|DESC',
],
'imageLayerAggregation' => [
'layerHashes' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'repositories' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'resourceIds' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'sortBy' => 'CRITICAL|HIGH|ALL',
'sortOrder' => 'ASC|DESC',
],
'lambdaFunctionAggregation' => [
'functionNames' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'functionTags' => [
[
'comparison' => 'EQUALS', // REQUIRED
'key' => '<string>', // REQUIRED
'value' => '<string>',
],
// ...
],
'resourceIds' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'runtimes' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'sortBy' => 'CRITICAL|HIGH|ALL',
'sortOrder' => 'ASC|DESC',
],
'lambdaLayerAggregation' => [
'functionNames' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'layerArns' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'resourceIds' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'sortBy' => 'CRITICAL|HIGH|ALL',
'sortOrder' => 'ASC|DESC',
],
'packageAggregation' => [
'packageNames' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'sortBy' => 'CRITICAL|HIGH|ALL',
'sortOrder' => 'ASC|DESC',
],
'repositoryAggregation' => [
'repositories' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'sortBy' => 'CRITICAL|HIGH|ALL|AFFECTED_IMAGES',
'sortOrder' => 'ASC|DESC',
],
'titleAggregation' => [
'findingType' => 'NETWORK_REACHABILITY|PACKAGE_VULNERABILITY|CODE_VULNERABILITY',
'resourceType' => 'AWS_EC2_INSTANCE|AWS_ECR_CONTAINER_IMAGE|AWS_LAMBDA_FUNCTION',
'sortBy' => 'CRITICAL|HIGH|ALL',
'sortOrder' => 'ASC|DESC',
'titles' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'vulnerabilityIds' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
],
],
'aggregationType' => 'FINDING_TYPE|PACKAGE|TITLE|REPOSITORY|AMI|AWS_EC2_INSTANCE|AWS_ECR_CONTAINER|IMAGE_LAYER|ACCOUNT|AWS_LAMBDA_FUNCTION|LAMBDA_LAYER', // REQUIRED
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- accountIds
-
- Type: Array of StringFilter structures
The Amazon Web Services account IDs to retrieve finding aggregation data for.
- aggregationRequest
-
- Type: AggregationRequest structure
Details of the aggregation request that is used to filter your aggregation results.
- aggregationType
-
- Required: Yes
- Type: string
The type of the aggregation request.
- maxResults
-
- Type: int
The maximum number of results to return in the response.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the
NextTokenvalue returned from the previous request to continue listing results after the first page.
Result Syntax
[
'aggregationType' => 'FINDING_TYPE|PACKAGE|TITLE|REPOSITORY|AMI|AWS_EC2_INSTANCE|AWS_ECR_CONTAINER|IMAGE_LAYER|ACCOUNT|AWS_LAMBDA_FUNCTION|LAMBDA_LAYER',
'nextToken' => '<string>',
'responses' => [
[
'accountAggregation' => [
'accountId' => '<string>',
'severityCounts' => [
'all' => <integer>,
'critical' => <integer>,
'high' => <integer>,
'medium' => <integer>,
],
],
'amiAggregation' => [
'accountId' => '<string>',
'affectedInstances' => <integer>,
'ami' => '<string>',
'severityCounts' => [
'all' => <integer>,
'critical' => <integer>,
'high' => <integer>,
'medium' => <integer>,
],
],
'awsEcrContainerAggregation' => [
'accountId' => '<string>',
'architecture' => '<string>',
'imageSha' => '<string>',
'imageTags' => ['<string>', ...],
'repository' => '<string>',
'resourceId' => '<string>',
'severityCounts' => [
'all' => <integer>,
'critical' => <integer>,
'high' => <integer>,
'medium' => <integer>,
],
],
'ec2InstanceAggregation' => [
'accountId' => '<string>',
'ami' => '<string>',
'instanceId' => '<string>',
'instanceTags' => ['<string>', ...],
'networkFindings' => <integer>,
'operatingSystem' => '<string>',
'severityCounts' => [
'all' => <integer>,
'critical' => <integer>,
'high' => <integer>,
'medium' => <integer>,
],
],
'findingTypeAggregation' => [
'accountId' => '<string>',
'severityCounts' => [
'all' => <integer>,
'critical' => <integer>,
'high' => <integer>,
'medium' => <integer>,
],
],
'imageLayerAggregation' => [
'accountId' => '<string>',
'layerHash' => '<string>',
'repository' => '<string>',
'resourceId' => '<string>',
'severityCounts' => [
'all' => <integer>,
'critical' => <integer>,
'high' => <integer>,
'medium' => <integer>,
],
],
'lambdaFunctionAggregation' => [
'accountId' => '<string>',
'functionName' => '<string>',
'lambdaTags' => ['<string>', ...],
'lastModifiedAt' => <DateTime>,
'resourceId' => '<string>',
'runtime' => '<string>',
'severityCounts' => [
'all' => <integer>,
'critical' => <integer>,
'high' => <integer>,
'medium' => <integer>,
],
],
'lambdaLayerAggregation' => [
'accountId' => '<string>',
'functionName' => '<string>',
'layerArn' => '<string>',
'resourceId' => '<string>',
'severityCounts' => [
'all' => <integer>,
'critical' => <integer>,
'high' => <integer>,
'medium' => <integer>,
],
],
'packageAggregation' => [
'accountId' => '<string>',
'packageName' => '<string>',
'severityCounts' => [
'all' => <integer>,
'critical' => <integer>,
'high' => <integer>,
'medium' => <integer>,
],
],
'repositoryAggregation' => [
'accountId' => '<string>',
'affectedImages' => <integer>,
'repository' => '<string>',
'severityCounts' => [
'all' => <integer>,
'critical' => <integer>,
'high' => <integer>,
'medium' => <integer>,
],
],
'titleAggregation' => [
'accountId' => '<string>',
'severityCounts' => [
'all' => <integer>,
'critical' => <integer>,
'high' => <integer>,
'medium' => <integer>,
],
'title' => '<string>',
'vulnerabilityId' => '<string>',
],
],
// ...
],
]
Result Details
Members
- aggregationType
-
- Required: Yes
- Type: string
The type of aggregation to perform.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the
NextTokenvalue returned from the previous request to continue listing results after the first page. - responses
-
- Type: Array of AggregationResponse structures
Objects that contain the results of an aggregation operation.
Errors
-
The request has failed validation due to missing required fields or having invalid inputs.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
ListFindings
$result = $client->listFindings([/* ... */]); $promise = $client->listFindingsAsync([/* ... */]);
Lists findings for your environment.
Parameter Syntax
$result = $client->listFindings([
'filterCriteria' => [
'awsAccountId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'codeVulnerabilityDetectorName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'codeVulnerabilityDetectorTags' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'codeVulnerabilityFilePath' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'componentId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'componentType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ec2InstanceImageId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ec2InstanceSubnetId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ec2InstanceVpcId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrImageArchitecture' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrImageHash' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrImagePushedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'ecrImageRegistry' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrImageRepositoryName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrImageTags' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'epssScore' => [
[
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
// ...
],
'exploitAvailable' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'findingArn' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'findingStatus' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'findingType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'firstObservedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'fixAvailable' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'inspectorScore' => [
[
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
// ...
],
'lambdaFunctionExecutionRoleArn' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lambdaFunctionLastModifiedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'lambdaFunctionLayers' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lambdaFunctionName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lambdaFunctionRuntime' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lastObservedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'networkProtocol' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'portRange' => [
[
'beginInclusive' => <integer>,
'endInclusive' => <integer>,
],
// ...
],
'relatedVulnerabilities' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'resourceId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'resourceTags' => [
[
'comparison' => 'EQUALS', // REQUIRED
'key' => '<string>', // REQUIRED
'value' => '<string>',
],
// ...
],
'resourceType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'severity' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'title' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'updatedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'vendorSeverity' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'vulnerabilityId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'vulnerabilitySource' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'vulnerablePackages' => [
[
'architecture' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'epoch' => [
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
'name' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'release' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'sourceLambdaLayerArn' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'sourceLayerHash' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'version' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
],
// ...
],
],
'maxResults' => <integer>,
'nextToken' => '<string>',
'sortCriteria' => [
'field' => 'AWS_ACCOUNT_ID|FINDING_TYPE|SEVERITY|FIRST_OBSERVED_AT|LAST_OBSERVED_AT|FINDING_STATUS|RESOURCE_TYPE|ECR_IMAGE_PUSHED_AT|ECR_IMAGE_REPOSITORY_NAME|ECR_IMAGE_REGISTRY|NETWORK_PROTOCOL|COMPONENT_TYPE|VULNERABILITY_ID|VULNERABILITY_SOURCE|INSPECTOR_SCORE|VENDOR_SEVERITY|EPSS_SCORE', // REQUIRED
'sortOrder' => 'ASC|DESC', // REQUIRED
],
]);
Parameter Details
Members
- filterCriteria
-
- Type: FilterCriteria structure
Details on the filters to apply to your finding results.
- maxResults
-
- Type: int
The maximum number of results to return in the response.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the
NextTokenvalue returned from the previous request to continue listing results after the first page. - sortCriteria
-
- Type: SortCriteria structure
Details on the sort criteria to apply to your finding results.
Result Syntax
[
'findings' => [
[
'awsAccountId' => '<string>',
'codeVulnerabilityDetails' => [
'cwes' => ['<string>', ...],
'detectorId' => '<string>',
'detectorName' => '<string>',
'detectorTags' => ['<string>', ...],
'filePath' => [
'endLine' => <integer>,
'fileName' => '<string>',
'filePath' => '<string>',
'startLine' => <integer>,
],
'referenceUrls' => ['<string>', ...],
'ruleId' => '<string>',
'sourceLambdaLayerArn' => '<string>',
],
'description' => '<string>',
'epss' => [
'score' => <float>,
],
'exploitAvailable' => 'YES|NO',
'exploitabilityDetails' => [
'lastKnownExploitAt' => <DateTime>,
],
'findingArn' => '<string>',
'firstObservedAt' => <DateTime>,
'fixAvailable' => 'YES|NO|PARTIAL',
'inspectorScore' => <float>,
'inspectorScoreDetails' => [
'adjustedCvss' => [
'adjustments' => [
[
'metric' => '<string>',
'reason' => '<string>',
],
// ...
],
'cvssSource' => '<string>',
'score' => <float>,
'scoreSource' => '<string>',
'scoringVector' => '<string>',
'version' => '<string>',
],
],
'lastObservedAt' => <DateTime>,
'networkReachabilityDetails' => [
'networkPath' => [
'steps' => [
[
'componentId' => '<string>',
'componentType' => '<string>',
],
// ...
],
],
'openPortRange' => [
'begin' => <integer>,
'end' => <integer>,
],
'protocol' => 'TCP|UDP',
],
'packageVulnerabilityDetails' => [
'cvss' => [
[
'baseScore' => <float>,
'scoringVector' => '<string>',
'source' => '<string>',
'version' => '<string>',
],
// ...
],
'referenceUrls' => ['<string>', ...],
'relatedVulnerabilities' => ['<string>', ...],
'source' => '<string>',
'sourceUrl' => '<string>',
'vendorCreatedAt' => <DateTime>,
'vendorSeverity' => '<string>',
'vendorUpdatedAt' => <DateTime>,
'vulnerabilityId' => '<string>',
'vulnerablePackages' => [
[
'arch' => '<string>',
'epoch' => <integer>,
'filePath' => '<string>',
'fixedInVersion' => '<string>',
'name' => '<string>',
'packageManager' => 'BUNDLER|CARGO|COMPOSER|NPM|NUGET|PIPENV|POETRY|YARN|GOBINARY|GOMOD|JAR|OS|PIP|PYTHONPKG|NODEPKG|POM|GEMSPEC',
'release' => '<string>',
'remediation' => '<string>',
'sourceLambdaLayerArn' => '<string>',
'sourceLayerHash' => '<string>',
'version' => '<string>',
],
// ...
],
],
'remediation' => [
'recommendation' => [
'Url' => '<string>',
'text' => '<string>',
],
],
'resources' => [
[
'details' => [
'awsEc2Instance' => [
'iamInstanceProfileArn' => '<string>',
'imageId' => '<string>',
'ipV4Addresses' => ['<string>', ...],
'ipV6Addresses' => ['<string>', ...],
'keyName' => '<string>',
'launchedAt' => <DateTime>,
'platform' => '<string>',
'subnetId' => '<string>',
'type' => '<string>',
'vpcId' => '<string>',
],
'awsEcrContainerImage' => [
'architecture' => '<string>',
'author' => '<string>',
'imageHash' => '<string>',
'imageTags' => ['<string>', ...],
'platform' => '<string>',
'pushedAt' => <DateTime>,
'registry' => '<string>',
'repositoryName' => '<string>',
],
'awsLambdaFunction' => [
'architectures' => ['<string>', ...],
'codeSha256' => '<string>',
'executionRoleArn' => '<string>',
'functionName' => '<string>',
'lastModifiedAt' => <DateTime>,
'layers' => ['<string>', ...],
'packageType' => 'IMAGE|ZIP',
'runtime' => 'NODEJS|NODEJS_12_X|NODEJS_14_X|NODEJS_16_X|JAVA_8|JAVA_8_AL2|JAVA_11|PYTHON_3_7|PYTHON_3_8|PYTHON_3_9|UNSUPPORTED|NODEJS_18_X|GO_1_X|JAVA_17|PYTHON_3_10',
'version' => '<string>',
'vpcConfig' => [
'securityGroupIds' => ['<string>', ...],
'subnetIds' => ['<string>', ...],
'vpcId' => '<string>',
],
],
],
'id' => '<string>',
'partition' => '<string>',
'region' => '<string>',
'tags' => ['<string>', ...],
'type' => 'AWS_EC2_INSTANCE|AWS_ECR_CONTAINER_IMAGE|AWS_ECR_REPOSITORY|AWS_LAMBDA_FUNCTION',
],
// ...
],
'severity' => 'INFORMATIONAL|LOW|MEDIUM|HIGH|CRITICAL|UNTRIAGED',
'status' => 'ACTIVE|SUPPRESSED|CLOSED',
'title' => '<string>',
'type' => 'NETWORK_REACHABILITY|PACKAGE_VULNERABILITY|CODE_VULNERABILITY',
'updatedAt' => <DateTime>,
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- findings
-
- Type: Array of Finding structures
Contains details on the findings in your environment.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the
NextTokenvalue returned from the previous request to continue listing results after the first page.
Errors
-
The request has failed validation due to missing required fields or having invalid inputs.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
ListMembers
$result = $client->listMembers([/* ... */]); $promise = $client->listMembersAsync([/* ... */]);
List members associated with the Amazon Inspector delegated administrator for your organization.
Parameter Syntax
$result = $client->listMembers([
'maxResults' => <integer>,
'nextToken' => '<string>',
'onlyAssociated' => true || false,
]);
Parameter Details
Members
- maxResults
-
- Type: int
The maximum number of results to return in the response.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the
NextTokenvalue returned from the previous request to continue listing results after the first page. - onlyAssociated
-
- Type: boolean
Specifies whether to list only currently associated members if
Trueor to list all members within the organization ifFalse.
Result Syntax
[
'members' => [
[
'accountId' => '<string>',
'delegatedAdminAccountId' => '<string>',
'relationshipStatus' => 'CREATED|INVITED|DISABLED|ENABLED|REMOVED|RESIGNED|DELETED|EMAIL_VERIFICATION_IN_PROGRESS|EMAIL_VERIFICATION_FAILED|REGION_DISABLED|ACCOUNT_SUSPENDED|CANNOT_CREATE_DETECTOR_IN_ORG_MASTER',
'updatedAt' => <DateTime>,
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- members
-
- Type: Array of Member structures
An object that contains details for each member account.
- nextToken
-
- Type: string
The pagination parameter to be used on the next list operation to retrieve more items.
Errors
-
The request has failed validation due to missing required fields or having invalid inputs.
-
You do not have sufficient access to perform this action.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
ListTagsForResource
$result = $client->listTagsForResource([/* ... */]); $promise = $client->listTagsForResourceAsync([/* ... */]);
Lists all tags attached to a given resource.
Parameter Syntax
$result = $client->listTagsForResource([
'resourceArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- resourceArn
-
- Required: Yes
- Type: string
The Amazon resource number (ARN) of the resource to list tags of.
Result Syntax
[
'tags' => ['<string>', ...],
]
Result Details
Members
- tags
-
- Type: Associative array of custom strings keys (MapKey) to strings
The tags associated with the resource.
Errors
-
The request has failed validation due to missing required fields or having invalid inputs.
-
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
ListUsageTotals
$result = $client->listUsageTotals([/* ... */]); $promise = $client->listUsageTotalsAsync([/* ... */]);
Lists the Amazon Inspector usage totals over the last 30 days.
Parameter Syntax
$result = $client->listUsageTotals([
'accountIds' => ['<string>', ...],
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- accountIds
-
- Type: Array of strings
The Amazon Web Services account IDs to retrieve usage totals for.
- maxResults
-
- Type: int
The maximum number of results to return in the response.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the
NextTokenvalue returned from the previous request to continue listing results after the first page.
Result Syntax
[
'nextToken' => '<string>',
'totals' => [
[
'accountId' => '<string>',
'usage' => [
[
'currency' => 'USD',
'estimatedMonthlyCost' => <float>,
'total' => <float>,
'type' => 'EC2_INSTANCE_HOURS|ECR_INITIAL_SCAN|ECR_RESCAN|LAMBDA_FUNCTION_HOURS|LAMBDA_FUNCTION_CODE_HOURS',
],
// ...
],
],
// ...
],
]
Result Details
Members
- nextToken
-
- Type: string
The pagination parameter to be used on the next list operation to retrieve more items.
- totals
-
- Type: Array of UsageTotal structures
An object with details on the total usage for the requested account.
Errors
-
The request has failed validation due to missing required fields or having invalid inputs.
-
You do not have sufficient access to perform this action.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
ResetEncryptionKey
$result = $client->resetEncryptionKey([/* ... */]); $promise = $client->resetEncryptionKeyAsync([/* ... */]);
Resets an encryption key. After the key is reset your resources will be encrypted by an Amazon Web Services owned key.
Parameter Syntax
$result = $client->resetEncryptionKey([
'resourceType' => 'AWS_EC2_INSTANCE|AWS_ECR_CONTAINER_IMAGE|AWS_ECR_REPOSITORY|AWS_LAMBDA_FUNCTION', // REQUIRED
'scanType' => 'NETWORK|PACKAGE|CODE', // REQUIRED
]);
Parameter Details
Members
- resourceType
-
- Required: Yes
- Type: string
The resource type the key encrypts.
- scanType
-
- Required: Yes
- Type: string
The scan type the key encrypts.
Result Syntax
[]
Result Details
Errors
-
The request has failed validation due to missing required fields or having invalid inputs.
-
You do not have sufficient access to perform this action.
-
The limit on the number of requests per second was exceeded.
-
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
-
The request has failed due to an internal failure of the Amazon Inspector service.
SearchVulnerabilities
$result = $client->searchVulnerabilities([/* ... */]); $promise = $client->searchVulnerabilitiesAsync([/* ... */]);
Lists Amazon Inspector coverage details for a specific vulnerability.
Parameter Syntax
$result = $client->searchVulnerabilities([
'filterCriteria' => [ // REQUIRED
'vulnerabilityIds' => ['<string>', ...], // REQUIRED
],
'nextToken' => '<string>',
]);
Parameter Details
Members
- filterCriteria
-
- Required: Yes
- Type: SearchVulnerabilitiesFilterCriteria structure
The criteria used to filter the results of a vulnerability search.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the
NextTokenvalue returned from the previous request to continue listing results after the first page.
Result Syntax
[
'nextToken' => '<string>',
'vulnerabilities' => [
[
'atigData' => [
'firstSeen' => <DateTime>,
'lastSeen' => <DateTime>,
'targets' => ['<string>', ...],
'ttps' => ['<string>', ...],
],
'cisaData' => [
'action' => '<string>',
'dateAdded' => <DateTime>,
'dateDue' => <DateTime>,
],
'cvss2' => [
'baseScore' => <float>,
'scoringVector' => '<string>',
],
'cvss3' => [
'baseScore' => <float>,
'scoringVector' => '<string>',
],
'cwes' => ['<string>', ...],
'description' => '<string>',
'detectionPlatforms' => ['<string>', ...],
'epss' => [
'score' => <float>,
],
'exploitObserved' => [
'firstSeen' => <DateTime>,
'lastSeen' => <DateTime>,
],
'id' => '<string>',
'referenceUrls' => ['<string>', ...],
'relatedVulnerabilities' => ['<string>', ...],
'source' => 'NVD',
'sourceUrl' => '<string>',
'vendorCreatedAt' => <DateTime>,
'vendorSeverity' => '<string>',
'vendorUpdatedAt' => <DateTime>,
],
// ...
],
]
Result Details
Members
- nextToken
-
- Type: string
The pagination parameter to be used on the next list operation to retrieve more items.
- vulnerabilities
-
- Required: Yes
- Type: Array of Vulnerability structures
Details about the listed vulnerability.
Errors
-
The request has failed validation due to missing required fields or having invalid inputs.
-
You do not have sufficient access to perform this action.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
TagResource
$result = $client->tagResource([/* ... */]); $promise = $client->tagResourceAsync([/* ... */]);
Adds tags to a resource.
Parameter Syntax
$result = $client->tagResource([
'resourceArn' => '<string>', // REQUIRED
'tags' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- resourceArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the resource to apply a tag to.
- tags
-
- Required: Yes
- Type: Associative array of custom strings keys (MapKey) to strings
The tags to be added to a resource.
Result Syntax
[]
Result Details
Errors
-
One or more tags submitted as part of the request is not valid.
-
The request has failed validation due to missing required fields or having invalid inputs.
-
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
UntagResource
$result = $client->untagResource([/* ... */]); $promise = $client->untagResourceAsync([/* ... */]);
Removes tags from a resource.
Parameter Syntax
$result = $client->untagResource([
'resourceArn' => '<string>', // REQUIRED
'tagKeys' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- resourceArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) for the resource to remove tags from.
- tagKeys
-
- Required: Yes
- Type: Array of strings
The tag keys to remove from the resource.
Result Syntax
[]
Result Details
Errors
-
The request has failed validation due to missing required fields or having invalid inputs.
-
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
UpdateConfiguration
$result = $client->updateConfiguration([/* ... */]); $promise = $client->updateConfigurationAsync([/* ... */]);
Updates setting configurations for your Amazon Inspector account. When you use this API as an Amazon Inspector delegated administrator this updates the setting for all accounts you manage. Member accounts in an organization cannot update this setting.
Parameter Syntax
$result = $client->updateConfiguration([
'ecrConfiguration' => [ // REQUIRED
'rescanDuration' => 'LIFETIME|DAYS_30|DAYS_180', // REQUIRED
],
]);
Parameter Details
Members
- ecrConfiguration
-
- Required: Yes
- Type: EcrConfiguration structure
Specifies how the ECR automated re-scan will be updated for your environment.
Result Syntax
[]
Result Details
Errors
-
The request has failed validation due to missing required fields or having invalid inputs.
-
You do not have sufficient access to perform this action.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
UpdateEc2DeepInspectionConfiguration
$result = $client->updateEc2DeepInspectionConfiguration([/* ... */]); $promise = $client->updateEc2DeepInspectionConfigurationAsync([/* ... */]);
Activates, deactivates Amazon Inspector deep inspection, or updates custom paths for your account.
Parameter Syntax
$result = $client->updateEc2DeepInspectionConfiguration([
'activateDeepInspection' => true || false,
'packagePaths' => ['<string>', ...],
]);
Parameter Details
Members
- activateDeepInspection
-
- Type: boolean
Specify
TRUEto activate Amazon Inspector deep inspection in your account, orFALSEto deactivate. Member accounts in an organization cannot deactivate deep inspection, instead the delegated administrator for the organization can deactivate a member account using BatchUpdateMemberEc2DeepInspectionStatus. - packagePaths
-
- Type: Array of strings
The Amazon Inspector deep inspection custom paths you are adding for your account.
Result Syntax
[
'errorMessage' => '<string>',
'orgPackagePaths' => ['<string>', ...],
'packagePaths' => ['<string>', ...],
'status' => 'ACTIVATED|DEACTIVATED|PENDING|FAILED',
]
Result Details
Members
- errorMessage
-
- Type: string
An error message explaining why new Amazon Inspector deep inspection custom paths could not be added.
- orgPackagePaths
-
- Type: Array of strings
The current Amazon Inspector deep inspection custom paths for the organization.
- packagePaths
-
- Type: Array of strings
The current Amazon Inspector deep inspection custom paths for your account.
- status
-
- Type: string
The status of Amazon Inspector deep inspection in your account.
Errors
-
The request has failed validation due to missing required fields or having invalid inputs.
-
You do not have sufficient access to perform this action.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
UpdateEncryptionKey
$result = $client->updateEncryptionKey([/* ... */]); $promise = $client->updateEncryptionKeyAsync([/* ... */]);
Updates an encryption key. A ResourceNotFoundException means that an AWS owned key is being used for encryption.
Parameter Syntax
$result = $client->updateEncryptionKey([
'kmsKeyId' => '<string>', // REQUIRED
'resourceType' => 'AWS_EC2_INSTANCE|AWS_ECR_CONTAINER_IMAGE|AWS_ECR_REPOSITORY|AWS_LAMBDA_FUNCTION', // REQUIRED
'scanType' => 'NETWORK|PACKAGE|CODE', // REQUIRED
]);
Parameter Details
Members
- kmsKeyId
-
- Required: Yes
- Type: string
A KMS key ID for the encryption key.
- resourceType
-
- Required: Yes
- Type: string
The resource type for the encryption key.
- scanType
-
- Required: Yes
- Type: string
The scan type for the encryption key.
Result Syntax
[]
Result Details
Errors
-
The request has failed validation due to missing required fields or having invalid inputs.
-
You do not have sufficient access to perform this action.
-
The limit on the number of requests per second was exceeded.
-
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
-
The request has failed due to an internal failure of the Amazon Inspector service.
UpdateFilter
$result = $client->updateFilter([/* ... */]); $promise = $client->updateFilterAsync([/* ... */]);
Specifies the action that is to be applied to the findings that match the filter.
Parameter Syntax
$result = $client->updateFilter([
'action' => 'NONE|SUPPRESS',
'description' => '<string>',
'filterArn' => '<string>', // REQUIRED
'filterCriteria' => [
'awsAccountId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'codeVulnerabilityDetectorName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'codeVulnerabilityDetectorTags' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'codeVulnerabilityFilePath' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'componentId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'componentType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ec2InstanceImageId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ec2InstanceSubnetId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ec2InstanceVpcId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrImageArchitecture' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrImageHash' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrImagePushedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'ecrImageRegistry' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrImageRepositoryName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrImageTags' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'epssScore' => [
[
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
// ...
],
'exploitAvailable' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'findingArn' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'findingStatus' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'findingType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'firstObservedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'fixAvailable' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'inspectorScore' => [
[
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
// ...
],
'lambdaFunctionExecutionRoleArn' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lambdaFunctionLastModifiedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'lambdaFunctionLayers' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lambdaFunctionName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lambdaFunctionRuntime' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lastObservedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'networkProtocol' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'portRange' => [
[
'beginInclusive' => <integer>,
'endInclusive' => <integer>,
],
// ...
],
'relatedVulnerabilities' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'resourceId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'resourceTags' => [
[
'comparison' => 'EQUALS', // REQUIRED
'key' => '<string>', // REQUIRED
'value' => '<string>',
],
// ...
],
'resourceType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'severity' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'title' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'updatedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'vendorSeverity' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'vulnerabilityId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'vulnerabilitySource' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'vulnerablePackages' => [
[
'architecture' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'epoch' => [
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
'name' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'release' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'sourceLambdaLayerArn' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'sourceLayerHash' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'version' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
],
// ...
],
],
'name' => '<string>',
'reason' => '<string>',
]);
Parameter Details
Members
- action
-
- Type: string
Specifies the action that is to be applied to the findings that match the filter.
- description
-
- Type: string
A description of the filter.
- filterArn
-
- Required: Yes
- Type: string
The Amazon Resource Number (ARN) of the filter to update.
- filterCriteria
-
- Type: FilterCriteria structure
Defines the criteria to be update in the filter.
- name
-
- Type: string
The name of the filter.
- reason
-
- Type: string
The reason the filter was updated.
Result Syntax
[
'arn' => '<string>',
]
Result Details
Members
- arn
-
- Required: Yes
- Type: string
The Amazon Resource Number (ARN) of the successfully updated filter.
Errors
-
The request has failed validation due to missing required fields or having invalid inputs.
-
You do not have sufficient access to perform this action.
-
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
UpdateOrgEc2DeepInspectionConfiguration
$result = $client->updateOrgEc2DeepInspectionConfiguration([/* ... */]); $promise = $client->updateOrgEc2DeepInspectionConfigurationAsync([/* ... */]);
Updates the Amazon Inspector deep inspection custom paths for your organization. You must be an Amazon Inspector delegated administrator to use this API.
Parameter Syntax
$result = $client->updateOrgEc2DeepInspectionConfiguration([
'orgPackagePaths' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- orgPackagePaths
-
- Required: Yes
- Type: Array of strings
The Amazon Inspector deep inspection custom paths you are adding for your organization.
Result Syntax
[]
Result Details
Errors
-
The request has failed validation due to missing required fields or having invalid inputs.
-
You do not have sufficient access to perform this action.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
UpdateOrganizationConfiguration
$result = $client->updateOrganizationConfiguration([/* ... */]); $promise = $client->updateOrganizationConfigurationAsync([/* ... */]);
Updates the configurations for your Amazon Inspector organization.
Parameter Syntax
$result = $client->updateOrganizationConfiguration([
'autoEnable' => [ // REQUIRED
'ec2' => true || false, // REQUIRED
'ecr' => true || false, // REQUIRED
'lambda' => true || false,
'lambdaCode' => true || false,
],
]);
Parameter Details
Members
- autoEnable
-
- Required: Yes
- Type: AutoEnable structure
Defines which scan types are enabled automatically for new members of your Amazon Inspector organization.
Result Syntax
[
'autoEnable' => [
'ec2' => true || false,
'ecr' => true || false,
'lambda' => true || false,
'lambdaCode' => true || false,
],
]
Result Details
Members
- autoEnable
-
- Required: Yes
- Type: AutoEnable structure
The updated status of scan types automatically enabled for new members of your Amazon Inspector organization.
Errors
-
You do not have sufficient access to perform this action.
-
The request has failed validation due to missing required fields or having invalid inputs.
-
The limit on the number of requests per second was exceeded.
-
The request has failed due to an internal failure of the Amazon Inspector service.
Shapes
AccessDeniedException
Description
You do not have sufficient access to perform this action.
Members
- message
-
- Required: Yes
- Type: string
Account
Description
An Amazon Web Services account within your environment that Amazon Inspector has been enabled for.
Members
- accountId
-
- Required: Yes
- Type: string
The ID of the Amazon Web Services account.
- resourceStatus
-
- Required: Yes
- Type: ResourceStatus structure
Details of the status of Amazon Inspector scans by resource type.
- status
-
- Required: Yes
- Type: string
The status of Amazon Inspector for the account.
AccountAggregation
Description
An object that contains details about an aggregation response based on Amazon Web Services accounts.
Members
- findingType
-
- Type: string
The type of finding.
- resourceType
-
- Type: string
The type of resource.
- sortBy
-
- Type: string
The value to sort by.
- sortOrder
-
- Type: string
The sort order (ascending or descending).
AccountAggregationResponse
Description
An aggregation of findings by Amazon Web Services account ID.
Members
- accountId
-
- Type: string
The Amazon Web Services account ID.
- severityCounts
-
- Type: SeverityCounts structure
The number of findings by severity.
AccountState
Description
An object with details the status of an Amazon Web Services account within your Amazon Inspector environment.
Members
- accountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID.
- resourceState
-
- Required: Yes
- Type: ResourceState structure
An object detailing which resources Amazon Inspector is enabled to scan for the account.
- state
-
- Required: Yes
- Type: State structure
An object detailing the status of Amazon Inspector for the account.
AggregationRequest
Description
Contains details about an aggregation request.
Members
- accountAggregation
-
- Type: AccountAggregation structure
An object that contains details about an aggregation request based on Amazon Web Services account IDs.
- amiAggregation
-
- Type: AmiAggregation structure
An object that contains details about an aggregation request based on Amazon Machine Images (AMIs).
- awsEcrContainerAggregation
-
- Type: AwsEcrContainerAggregation structure
An object that contains details about an aggregation request based on Amazon ECR container images.
- ec2InstanceAggregation
-
- Type: Ec2InstanceAggregation structure
An object that contains details about an aggregation request based on Amazon EC2 instances.
- findingTypeAggregation
-
- Type: FindingTypeAggregation structure
An object that contains details about an aggregation request based on finding types.
- imageLayerAggregation
-
- Type: ImageLayerAggregation structure
An object that contains details about an aggregation request based on container image layers.
- lambdaFunctionAggregation
-
- Type: LambdaFunctionAggregation structure
Returns an object with findings aggregated by AWS Lambda function.
- lambdaLayerAggregation
-
- Type: LambdaLayerAggregation structure
Returns an object with findings aggregated by AWS Lambda layer.
- packageAggregation
-
- Type: PackageAggregation structure
An object that contains details about an aggregation request based on operating system package type.
- repositoryAggregation
-
- Type: RepositoryAggregation structure
An object that contains details about an aggregation request based on Amazon ECR repositories.
- titleAggregation
-
- Type: TitleAggregation structure
An object that contains details about an aggregation request based on finding title.
AggregationResponse
Description
A structure that contains details about the results of an aggregation type.
Members
- accountAggregation
-
- Type: AccountAggregationResponse structure
An object that contains details about an aggregation response based on Amazon Web Services account IDs.
- amiAggregation
-
- Type: AmiAggregationResponse structure
An object that contains details about an aggregation response based on Amazon Machine Images (AMIs).
- awsEcrContainerAggregation
-
- Type: AwsEcrContainerAggregationResponse structure
An object that contains details about an aggregation response based on Amazon ECR container images.
- ec2InstanceAggregation
-
- Type: Ec2InstanceAggregationResponse structure
An object that contains details about an aggregation response based on Amazon EC2 instances.
- findingTypeAggregation
-
- Type: FindingTypeAggregationResponse structure
An object that contains details about an aggregation response based on finding types.
- imageLayerAggregation
-
- Type: ImageLayerAggregationResponse structure
An object that contains details about an aggregation response based on container image layers.
- lambdaFunctionAggregation
-
- Type: LambdaFunctionAggregationResponse structure
An aggregation of findings by AWS Lambda function.
- lambdaLayerAggregation
-
- Type: LambdaLayerAggregationResponse structure
An aggregation of findings by AWS Lambda layer.
- packageAggregation
-
- Type: PackageAggregationResponse structure
An object that contains details about an aggregation response based on operating system package type.
- repositoryAggregation
-
- Type: RepositoryAggregationResponse structure
An object that contains details about an aggregation response based on Amazon ECR repositories.
- titleAggregation
-
- Type: TitleAggregationResponse structure
An object that contains details about an aggregation response based on finding title.
AmiAggregation
Description
The details that define an aggregation based on Amazon machine images (AMIs).
Members
- amis
-
- Type: Array of StringFilter structures
The IDs of AMIs to aggregate findings for.
- sortBy
-
- Type: string
The value to sort results by.
- sortOrder
-
- Type: string
The order to sort results by.
AmiAggregationResponse
Description
A response that contains the results of a finding aggregation by AMI.
Members
- accountId
-
- Type: string
The Amazon Web Services account ID for the AMI.
- affectedInstances
-
- Type: long (int|float)
The IDs of Amazon EC2 instances using this AMI.
- ami
-
- Required: Yes
- Type: string
The ID of the AMI that findings were aggregated for.
- severityCounts
-
- Type: SeverityCounts structure
An object that contains the count of matched findings per severity.
AtigData
Description
The Amazon Web Services Threat Intel Group (ATIG) details for a specific vulnerability.
Members
- firstSeen
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time this vulnerability was first observed.
- lastSeen
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time this vulnerability was last observed.
- targets
-
- Type: Array of strings
The commercial sectors this vulnerability targets.
- ttps
-
- Type: Array of strings
The MITRE ATT&CK tactics, techniques, and procedures (TTPs) associated with vulnerability.
AutoEnable
Description
Represents which scan types are automatically enabled for new members of your Amazon Inspector organization.
Members
- ec2
-
- Required: Yes
- Type: boolean
Represents whether Amazon EC2 scans are automatically enabled for new members of your Amazon Inspector organization.
- ecr
-
- Required: Yes
- Type: boolean
Represents whether Amazon ECR scans are automatically enabled for new members of your Amazon Inspector organization.
- lambda
-
- Type: boolean
Represents whether AWS Lambda standard scans are automatically enabled for new members of your Amazon Inspector organization.
- lambdaCode
-
- Type: boolean
Represents whether AWS Lambda code scans are automatically enabled for new members of your Amazon Inspector organization.
</p>
AwsEc2InstanceDetails
Description
Details of the Amazon EC2 instance involved in a finding.
Members
- iamInstanceProfileArn
-
- Type: string
The IAM instance profile ARN of the Amazon EC2 instance.
- imageId
-
- Type: string
The image ID of the Amazon EC2 instance.
- ipV4Addresses
-
- Type: Array of strings
The IPv4 addresses of the Amazon EC2 instance.
- ipV6Addresses
-
- Type: Array of strings
The IPv6 addresses of the Amazon EC2 instance.
- keyName
-
- Type: string
The name of the key pair used to launch the Amazon EC2 instance.
- launchedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the Amazon EC2 instance was launched at.
- platform
-
- Type: string
The platform of the Amazon EC2 instance.
- subnetId
-
- Type: string
The subnet ID of the Amazon EC2 instance.
- type
-
- Type: string
The type of the Amazon EC2 instance.
- vpcId
-
- Type: string
The VPC ID of the Amazon EC2 instance.
AwsEcrContainerAggregation
Description
An aggregation of information about Amazon ECR containers.
Members
- architectures
-
- Type: Array of StringFilter structures
The architecture of the containers.
- imageShas
-
- Type: Array of StringFilter structures
The image SHA values.
- imageTags
-
- Type: Array of StringFilter structures
The image tags.
- repositories
-
- Type: Array of StringFilter structures
The container repositories.
- resourceIds
-
- Type: Array of StringFilter structures
The container resource IDs.
- sortBy
-
- Type: string
The value to sort by.
- sortOrder
-
- Type: string
The sort order (ascending or descending).
AwsEcrContainerAggregationResponse
Description
An aggregation of information about Amazon ECR containers.
Members
- accountId
-
- Type: string
The Amazon Web Services account ID of the account that owns the container.
- architecture
-
- Type: string
The architecture of the container.
- imageSha
-
- Type: string
The SHA value of the container image.
- imageTags
-
- Type: Array of strings
The container image stags.
- repository
-
- Type: string
The container repository.
- resourceId
-
- Required: Yes
- Type: string
The resource ID of the container.
- severityCounts
-
- Type: SeverityCounts structure
The number of finding by severity.
AwsEcrContainerImageDetails
Description
The image details of the Amazon ECR container image.
Members
- architecture
-
- Type: string
The architecture of the Amazon ECR container image.
- author
-
- Type: string
The image author of the Amazon ECR container image.
- imageHash
-
- Required: Yes
- Type: string
The image hash of the Amazon ECR container image.
- imageTags
-
- Type: Array of strings
The image tags attached to the Amazon ECR container image.
- platform
-
- Type: string
The platform of the Amazon ECR container image.
- pushedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the Amazon ECR container image was pushed.
- registry
-
- Required: Yes
- Type: string
The registry for the Amazon ECR container image.
- repositoryName
-
- Required: Yes
- Type: string
The name of the repository the Amazon ECR container image resides in.
AwsLambdaFunctionDetails
Description
A summary of information about the AWS Lambda function.
Members
- architectures
-
- Type: Array of strings
The instruction set architecture that the AWS Lambda function supports. Architecture is a string array with one of the valid values. The default architecture value is
x86_64. - codeSha256
-
- Required: Yes
- Type: string
The SHA256 hash of the AWS Lambda function's deployment package.
- executionRoleArn
-
- Required: Yes
- Type: string
The AWS Lambda function's execution role.
- functionName
-
- Required: Yes
- Type: string
The name of the AWS Lambda function.
- lastModifiedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that a user last updated the configuration, in ISO 8601 format
- layers
-
- Type: Array of strings
The AWS Lambda function's layers. A Lambda function can have up to five layers.
- packageType
-
- Type: string
The type of deployment package. Set to
Imagefor container image and setZipfor .zip file archive. - runtime
-
- Required: Yes
- Type: string
The runtime environment for the AWS Lambda function.
- version
-
- Required: Yes
- Type: string
The version of the AWS Lambda function.
- vpcConfig
-
- Type: LambdaVpcConfig structure
The AWS Lambda function's networking configuration.
BadRequestException
Description
One or more tags submitted as part of the request is not valid.
Members
- message
-
- Required: Yes
- Type: string
CisaData
Description
The Cybersecurity and Infrastructure Security Agency (CISA) details for a specific vulnerability.
Members
- action
-
- Type: string
The remediation action recommended by CISA for this vulnerability.
- dateAdded
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time CISA added this vulnerability to their catalogue.
- dateDue
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time CISA expects a fix to have been provided vulnerability.
CodeFilePath
Description
Contains information on where a code vulnerability is located in your Lambda function.
Members
- endLine
-
- Required: Yes
- Type: int
The line number of the last line of code that a vulnerability was found in.
- fileName
-
- Required: Yes
- Type: string
The name of the file the code vulnerability was found in.
- filePath
-
- Required: Yes
- Type: string
The file path to the code that a vulnerability was found in.
- startLine
-
- Required: Yes
- Type: int
The line number of the first line of code that a vulnerability was found in.
CodeLine
Description
Contains information on the lines of code associated with a code snippet.
Members
- content
-
- Required: Yes
- Type: string
The content of a line of code
- lineNumber
-
- Required: Yes
- Type: int
The line number that a section of code is located at.
CodeSnippetError
Description
Contains information about any errors encountered while trying to retrieve a code snippet.
Members
- errorCode
-
- Required: Yes
- Type: string
The error code for the error that prevented a code snippet from being retrieved.
- errorMessage
-
- Required: Yes
- Type: string
The error message received when Amazon Inspector failed to retrieve a code snippet.
- findingArn
-
- Required: Yes
- Type: string
The ARN of the finding that a code snippet couldn't be retrieved for.
CodeSnippetResult
Description
Contains information on a code snippet retrieved by Amazon Inspector from a code vulnerability finding.
Members
- codeSnippet
-
- Type: Array of CodeLine structures
Contains information on the retrieved code snippet.
- endLine
-
- Type: int
The line number of the last line of a code snippet.
- findingArn
-
- Type: string
The ARN of a finding that the code snippet is associated with.
- startLine
-
- Type: int
The line number of the first line of a code snippet.
- suggestedFixes
-
- Type: Array of SuggestedFix structures
Details of a suggested code fix.
CodeVulnerabilityDetails
Description
Contains information on the code vulnerability identified in your Lambda function.
Members
- cwes
-
- Required: Yes
- Type: Array of strings
The Common Weakness Enumeration (CWE) item associated with the detected vulnerability.
- detectorId
-
- Required: Yes
- Type: string
The ID for the Amazon CodeGuru detector associated with the finding. For more information on detectors see Amazon CodeGuru Detector Library.
- detectorName
-
- Required: Yes
- Type: string
The name of the detector used to identify the code vulnerability. For more information on detectors see CodeGuru Detector Library.
- detectorTags
-
- Type: Array of strings
The detector tag associated with the vulnerability. Detector tags group related vulnerabilities by common themes or tactics. For a list of available tags by programming language, see Java tags, or Python tags.
- filePath
-
- Required: Yes
- Type: CodeFilePath structure
Contains information on where the code vulnerability is located in your code.
- referenceUrls
-
- Type: Array of strings
A URL containing supporting documentation about the code vulnerability detected.
- ruleId
-
- Type: string
The identifier for a rule that was used to detect the code vulnerability.
- sourceLambdaLayerArn
-
- Type: string
The Amazon Resource Name (ARN) of the Lambda layer that the code vulnerability was detected in.
ConflictException
Description
A conflict occurred.
Members
- message
-
- Required: Yes
- Type: string
- resourceId
-
- Required: Yes
- Type: string
The ID of the conflicting resource.
- resourceType
-
- Required: Yes
- Type: string
The type of the conflicting resource.
Counts
Description
a structure that contains information on the count of resources within a group.
Members
- count
-
- Type: long (int|float)
The number of resources.
- groupKey
-
- Type: string
The key associated with this group
CoverageDateFilter
Description
Contains details of a coverage date filter.
Members
- endInclusive
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
A timestamp representing the end of the time period to filter results by.
- startInclusive
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
A timestamp representing the start of the time period to filter results by.
CoverageFilterCriteria
Description
A structure that identifies filter criteria for GetCoverageStatistics.
Members
- accountId
-
- Type: Array of CoverageStringFilter structures
An array of Amazon Web Services account IDs to return coverage statistics for.
- ec2InstanceTags
-
- Type: Array of CoverageMapFilter structures
The Amazon EC2 instance tags to filter on.
- ecrImageTags
-
- Type: Array of CoverageStringFilter structures
The Amazon ECR image tags to filter on.
- ecrRepositoryName
-
- Type: Array of CoverageStringFilter structures
The Amazon ECR repository name to filter on.
- lambdaFunctionName
-
- Type: Array of CoverageStringFilter structures
Returns coverage statistics for AWS Lambda functions filtered by function names.
- lambdaFunctionRuntime
-
- Type: Array of CoverageStringFilter structures
Returns coverage statistics for AWS Lambda functions filtered by runtime.
- lambdaFunctionTags
-
- Type: Array of CoverageMapFilter structures
Returns coverage statistics for AWS Lambda functions filtered by tag.
- lastScannedAt
-
- Type: Array of CoverageDateFilter structures
Filters Amazon Web Services resources based on whether Amazon Inspector has checked them for vulnerabilities within the specified time range.
- resourceId
-
- Type: Array of CoverageStringFilter structures
An array of Amazon Web Services resource IDs to return coverage statistics for.
- resourceType
-
- Type: Array of CoverageStringFilter structures
An array of Amazon Web Services resource types to return coverage statistics for. The values can be
AWS_EC2_INSTANCE,AWS_LAMBDA_FUNCTIONorAWS_ECR_REPOSITORY. - scanStatusCode
-
- Type: Array of CoverageStringFilter structures
The scan status code to filter on.
- scanStatusReason
-
- Type: Array of CoverageStringFilter structures
The scan status reason to filter on.
- scanType
-
- Type: Array of CoverageStringFilter structures
An array of Amazon Inspector scan types to return coverage statistics for.
CoverageMapFilter
Description
Contains details of a coverage map filter.
Members
- comparison
-
- Required: Yes
- Type: string
The operator to compare coverage on.
- key
-
- Required: Yes
- Type: string
The tag key associated with the coverage map filter.
- value
-
- Type: string
The tag value associated with the coverage map filter.
CoverageStringFilter
Description
Contains details of a coverage string filter.
Members
- comparison
-
- Required: Yes
- Type: string
The operator to compare strings on.
- value
-
- Required: Yes
- Type: string
The value to compare strings on.
CoveredResource
Description
An object that contains details about a resource covered by Amazon Inspector.
Members
- accountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the covered resource.
- lastScannedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the resource was last checked for vulnerabilities.
- resourceId
-
- Required: Yes
- Type: string
The ID of the covered resource.
- resourceMetadata
-
- Type: ResourceScanMetadata structure
An object that contains details about the metadata.
- resourceType
-
- Required: Yes
- Type: string
The type of the covered resource.
- scanStatus
-
- Type: ScanStatus structure
The status of the scan covering the resource.
- scanType
-
- Required: Yes
- Type: string
The Amazon Inspector scan type covering the resource.
Cvss2
Description
The Common Vulnerability Scoring System (CVSS) version 2 details for the vulnerability.
Members
- baseScore
-
- Type: double
The CVSS v2 base score for the vulnerability.
- scoringVector
-
- Type: string
The scoring vector associated with the CVSS v2 score.
Cvss3
Description
The Common Vulnerability Scoring System (CVSS) version 3 details for the vulnerability.
Members
- baseScore
-
- Type: double
The CVSS v3 base score for the vulnerability.
- scoringVector
-
- Type: string
The scoring vector associated with the CVSS v3 score.
CvssScore
Description
The CVSS score for a finding.
Members
- baseScore
-
- Required: Yes
- Type: double
The base CVSS score used for the finding.
- scoringVector
-
- Required: Yes
- Type: string
The vector string of the CVSS score.
- source
-
- Required: Yes
- Type: string
The source of the CVSS score.
- version
-
- Required: Yes
- Type: string
The version of CVSS used for the score.
CvssScoreAdjustment
Description
Details on adjustments Amazon Inspector made to the CVSS score for a finding.
Members
- metric
-
- Required: Yes
- Type: string
The metric used to adjust the CVSS score.
- reason
-
- Required: Yes
- Type: string
The reason the CVSS score has been adjustment.
CvssScoreDetails
Description
Information about the CVSS score.
Members
- adjustments
-
- Type: Array of CvssScoreAdjustment structures
An object that contains details about adjustment Amazon Inspector made to the CVSS score.
- cvssSource
-
- Type: string
The source of the CVSS data.
- score
-
- Required: Yes
- Type: double
The CVSS score.
- scoreSource
-
- Required: Yes
- Type: string
The source for the CVSS score.
- scoringVector
-
- Required: Yes
- Type: string
The vector for the CVSS score.
- version
-
- Required: Yes
- Type: string
The CVSS version used in scoring.
DateFilter
Description
Contains details on the time range used to filter findings.
Members
- endInclusive
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
A timestamp representing the end of the time period filtered on.
- startInclusive
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
A timestamp representing the start of the time period filtered on.
DelegatedAdmin
Description
Details of the Amazon Inspector delegated administrator for your organization.
Members
- accountId
-
- Type: string
The Amazon Web Services account ID of the Amazon Inspector delegated administrator for your organization.
- relationshipStatus
-
- Type: string
The status of the Amazon Inspector delegated administrator.
DelegatedAdminAccount
Description
Details of the Amazon Inspector delegated administrator for your organization.
Members
- accountId
-
- Type: string
The Amazon Web Services account ID of the Amazon Inspector delegated administrator for your organization.
- status
-
- Type: string
The status of the Amazon Inspector delegated administrator.
Destination
Description
Contains details of the Amazon S3 bucket and KMS key used to export findings.
Members
- bucketName
-
- Required: Yes
- Type: string
The name of the Amazon S3 bucket to export findings to.
- keyPrefix
-
- Type: string
The prefix that the findings will be written under.
- kmsKeyArn
-
- Required: Yes
- Type: string
The ARN of the KMS key used to encrypt data when exporting findings.
Ec2InstanceAggregation
Description
The details that define an aggregation based on Amazon EC2 instances.
Members
- amis
-
- Type: Array of StringFilter structures
The AMI IDs associated with the Amazon EC2 instances to aggregate findings for.
- instanceIds
-
- Type: Array of StringFilter structures
The Amazon EC2 instance IDs to aggregate findings for.
- instanceTags
-
- Type: Array of MapFilter structures
The Amazon EC2 instance tags to aggregate findings for.
- operatingSystems
-
- Type: Array of StringFilter structures
The operating system types to aggregate findings for. Valid values must be uppercase and underscore separated, examples are
ORACLE_LINUX_7andALPINE_LINUX_3_8. - sortBy
-
- Type: string
The value to sort results by.
- sortOrder
-
- Type: string
The order to sort results by.
Ec2InstanceAggregationResponse
Description
A response that contains the results of a finding aggregation by Amazon EC2 instance.
Members
- accountId
-
- Type: string
The Amazon Web Services account for the Amazon EC2 instance.
- ami
-
- Type: string
The Amazon Machine Image (AMI) of the Amazon EC2 instance.
- instanceId
-
- Required: Yes
- Type: string
The Amazon EC2 instance ID.
- instanceTags
-
- Type: Associative array of custom strings keys (MapKey) to strings
The tags attached to the instance.
- networkFindings
-
- Type: long (int|float)
The number of network findings for the Amazon EC2 instance.
- operatingSystem
-
- Type: string
The operating system of the Amazon EC2 instance.
- severityCounts
-
- Type: SeverityCounts structure
An object that contains the count of matched findings per severity.
Ec2Metadata
Description
Meta data details of an Amazon EC2 instance.
Members
- amiId
-
- Type: string
The ID of the Amazon Machine Image (AMI) used to launch the instance.
- platform
-
- Type: string
The platform of the instance.
- tags
-
- Type: Associative array of custom strings keys (MapKey) to strings
The tags attached to the instance.
EcrConfiguration
Description
Details about the ECR automated re-scan duration setting for your environment.
Members
- rescanDuration
-
- Required: Yes
- Type: string
The ECR automated re-scan duration defines how long an ECR image will be actively scanned by Amazon Inspector. When the number of days since an image was last pushed exceeds the automated re-scan duration the monitoring state of that image becomes
inactiveand all associated findings are scheduled for closure.
EcrConfigurationState
Description
Details about the state of the ECR scans for your environment.
Members
- rescanDurationState
-
- Type: EcrRescanDurationState structure
An object that contains details about the state of the ECR automated re-scan setting.
EcrContainerImageMetadata
Description
Information on the Amazon ECR image metadata associated with a finding.
Members
- tags
-
- Type: Array of strings
Tags associated with the Amazon ECR image metadata.
EcrRepositoryMetadata
Description
Information on the Amazon ECR repository metadata associated with a finding.
Members
- name
-
- Type: string
The name of the Amazon ECR repository.
- scanFrequency
-
- Type: string
The frequency of scans.
EcrRescanDurationState
Description
Details about the state of any changes to the ECR automated re-scan duration setting.
Members
- rescanDuration
-
- Type: string
The ECR automated re-scan duration defines how long an ECR image will be actively scanned by Amazon Inspector. When the number of days since an image was last pushed exceeds the automated re-scan duration the monitoring state of that image becomes
inactiveand all associated findings are scheduled for closure. - status
-
- Type: string
The status of changes to the ECR automated re-scan duration.
- updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
A timestamp representing when the last time the ECR scan duration setting was changed.
Epss
Description
Details about the Exploit Prediction Scoring System (EPSS) score.
Members
- score
-
- Type: double
The Exploit Prediction Scoring System (EPSS) score.
EpssDetails
Description
Details about the Exploit Prediction Scoring System (EPSS) score for a finding.
Members
- score
-
- Type: double
The EPSS score.
Evidence
Description
Details of the evidence for a vulnerability identified in a finding.
Members
- evidenceDetail
-
- Type: string
The evidence details.
- evidenceRule
-
- Type: string
The evidence rule.
- severity
-
- Type: string
The evidence severity.
ExploitObserved
Description
Contains information on when this exploit was observed.
Members
- firstSeen
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date an time when the exploit was first seen.
- lastSeen
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date an time when the exploit was last seen.
ExploitabilityDetails
Description
The details of an exploit available for a finding discovered in your environment.
Members
- lastKnownExploitAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time of the last exploit associated with a finding discovered in your environment.
FailedAccount
Description
An object with details on why an account failed to enable Amazon Inspector.
Members
- accountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID.
- errorCode
-
- Required: Yes
- Type: string
The error code explaining why the account failed to enable Amazon Inspector.
- errorMessage
-
- Required: Yes
- Type: string
The error message received when the account failed to enable Amazon Inspector.
- resourceStatus
-
- Type: ResourceStatus structure
An object detailing which resources Amazon Inspector is enabled to scan for the account.
- status
-
- Type: string
The status of Amazon Inspector for the account.
FailedMemberAccountEc2DeepInspectionStatusState
Description
An object that contains details about a member account in your organization that failed to activate Amazon Inspector deep inspection.
Members
- accountId
-
- Required: Yes
- Type: string
The unique identifier for the Amazon Web Services account of the organization member that failed to activate Amazon Inspector deep inspection.
- ec2ScanStatus
-
- Type: string
The status of EC2 scanning in the account that failed to activate Amazon Inspector deep inspection.
- errorMessage
-
- Type: string
The error message explaining why the account failed to activate Amazon Inspector deep inspection.
Filter
Description
Details about a filter.
Members
- action
-
- Required: Yes
- Type: string
The action that is to be applied to the findings that match the filter.
- arn
-
- Required: Yes
- Type: string
The Amazon Resource Number (ARN) associated with this filter.
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time this filter was created at.
- criteria
-
- Required: Yes
- Type: FilterCriteria structure
Details on the filter criteria associated with this filter.
- description
-
- Type: string
A description of the filter.
- name
-
- Required: Yes
- Type: string
The name of the filter.
- ownerId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the account that created the filter.
- reason
-
- Type: string
The reason for the filter.
- tags
-
- Type: Associative array of custom strings keys (MapKey) to strings
The tags attached to the filter.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the filter was last updated at.
FilterCriteria
Description
Details on the criteria used to define the filter.
Members
- awsAccountId
-
- Type: Array of StringFilter structures
Details of the Amazon Web Services account IDs used to filter findings.
- codeVulnerabilityDetectorName
-
- Type: Array of StringFilter structures
The name of the detector used to identify a code vulnerability in a Lambda function used to filter findings.
- codeVulnerabilityDetectorTags
-
- Type: Array of StringFilter structures
The detector type tag associated with the vulnerability used to filter findings. Detector tags group related vulnerabilities by common themes or tactics. For a list of available tags by programming language, see Java tags, or Python tags.
- codeVulnerabilityFilePath
-
- Type: Array of StringFilter structures
The file path to the file in a Lambda function that contains a code vulnerability used to filter findings.
- componentId
-
- Type: Array of StringFilter structures
Details of the component IDs used to filter findings.
- componentType
-
- Type: Array of StringFilter structures
Details of the component types used to filter findings.
- ec2InstanceImageId
-
- Type: Array of StringFilter structures
Details of the Amazon EC2 instance image IDs used to filter findings.
- ec2InstanceSubnetId
-
- Type: Array of StringFilter structures
Details of the Amazon EC2 instance subnet IDs used to filter findings.
- ec2InstanceVpcId
-
- Type: Array of StringFilter structures
Details of the Amazon EC2 instance VPC IDs used to filter findings.
- ecrImageArchitecture
-
- Type: Array of StringFilter structures
Details of the Amazon ECR image architecture types used to filter findings.
- ecrImageHash
-
- Type: Array of StringFilter structures
Details of the Amazon ECR image hashes used to filter findings.
- ecrImagePushedAt
-
- Type: Array of DateFilter structures
Details on the Amazon ECR image push date and time used to filter findings.
- ecrImageRegistry
-
- Type: Array of StringFilter structures
Details on the Amazon ECR registry used to filter findings.
- ecrImageRepositoryName
-
- Type: Array of StringFilter structures
Details on the name of the Amazon ECR repository used to filter findings.
- ecrImageTags
-
- Type: Array of StringFilter structures
The tags attached to the Amazon ECR container image.
- epssScore
-
- Type: Array of NumberFilter structures
The EPSS score used to filter findings.
- exploitAvailable
-
- Type: Array of StringFilter structures
Filters the list of AWS Lambda findings by the availability of exploits.
- findingArn
-
- Type: Array of StringFilter structures
Details on the finding ARNs used to filter findings.
- findingStatus
-
- Type: Array of StringFilter structures
Details on the finding status types used to filter findings.
- findingType
-
- Type: Array of StringFilter structures
Details on the finding types used to filter findings.
- firstObservedAt
-
- Type: Array of DateFilter structures
Details on the date and time a finding was first seen used to filter findings.
- fixAvailable
-
- Type: Array of StringFilter structures
Details on whether a fix is available through a version update. This value can be
YES,NO, orPARTIAL. APARTIALfix means that some, but not all, of the packages identified in the finding have fixes available through updated versions. - inspectorScore
-
- Type: Array of NumberFilter structures
The Amazon Inspector score to filter on.
- lambdaFunctionExecutionRoleArn
-
- Type: Array of StringFilter structures
Filters the list of AWS Lambda functions by execution role.
- lambdaFunctionLastModifiedAt
-
- Type: Array of DateFilter structures
Filters the list of AWS Lambda functions by the date and time that a user last updated the configuration, in ISO 8601 format
- lambdaFunctionLayers
-
- Type: Array of StringFilter structures
Filters the list of AWS Lambda functions by the function's layers. A Lambda function can have up to five layers.
- lambdaFunctionName
-
- Type: Array of StringFilter structures
Filters the list of AWS Lambda functions by the name of the function.
- lambdaFunctionRuntime
-
- Type: Array of StringFilter structures
Filters the list of AWS Lambda functions by the runtime environment for the Lambda function.
- lastObservedAt
-
- Type: Array of DateFilter structures
Details on the date and time a finding was last seen used to filter findings.
- networkProtocol
-
- Type: Array of StringFilter structures
Details on network protocol used to filter findings.
- portRange
-
- Type: Array of PortRangeFilter structures
Details on the port ranges used to filter findings.
- relatedVulnerabilities
-
- Type: Array of StringFilter structures
Details on the related vulnerabilities used to filter findings.
- resourceId
-
- Type: Array of StringFilter structures
Details on the resource IDs used to filter findings.
- resourceTags
-
- Type: Array of MapFilter structures
Details on the resource tags used to filter findings.
- resourceType
-
- Type: Array of StringFilter structures
Details on the resource types used to filter findings.
- severity
-
- Type: Array of StringFilter structures
Details on the severity used to filter findings.
- title
-
- Type: Array of StringFilter structures
Details on the finding title used to filter findings.
- updatedAt
-
- Type: Array of DateFilter structures
Details on the date and time a finding was last updated at used to filter findings.
- vendorSeverity
-
- Type: Array of StringFilter structures
Details on the vendor severity used to filter findings.
- vulnerabilityId
-
- Type: Array of StringFilter structures
Details on the vulnerability ID used to filter findings.
- vulnerabilitySource
-
- Type: Array of StringFilter structures
Details on the vulnerability type used to filter findings.
- vulnerablePackages
-
- Type: Array of PackageFilter structures
Details on the vulnerable packages used to filter findings.
Finding
Description
Details about an Amazon Inspector finding.
Members
- awsAccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID associated with the finding.
- codeVulnerabilityDetails
-
- Type: CodeVulnerabilityDetails structure
Details about the code vulnerability identified in a Lambda function used to filter findings.
- description
-
- Required: Yes
- Type: string
The description of the finding.
- epss
-
- Type: EpssDetails structure
The finding's EPSS score.
- exploitAvailable
-
- Type: string
If a finding discovered in your environment has an exploit available.
- exploitabilityDetails
-
- Type: ExploitabilityDetails structure
The details of an exploit available for a finding discovered in your environment.
- findingArn
-
- Required: Yes
- Type: string
The Amazon Resource Number (ARN) of the finding.
- firstObservedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that the finding was first observed.
- fixAvailable
-
- Type: string
Details on whether a fix is available through a version update. This value can be
YES,NO, orPARTIAL. APARTIALfix means that some, but not all, of the packages identified in the finding have fixes available through updated versions. - inspectorScore
-
- Type: double
The Amazon Inspector score given to the finding.
- inspectorScoreDetails
-
- Type: InspectorScoreDetails structure
An object that contains details of the Amazon Inspector score.
- lastObservedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that the finding was last observed.
- networkReachabilityDetails
-
- Type: NetworkReachabilityDetails structure
An object that contains the details of a network reachability finding.
- packageVulnerabilityDetails
-
- Type: PackageVulnerabilityDetails structure
An object that contains the details of a package vulnerability finding.
- remediation
-
- Required: Yes
- Type: Remediation structure
An object that contains the details about how to remediate a finding.
- resources
-
- Required: Yes
- Type: Array of Resource structures
Contains information on the resources involved in a finding.
- severity
-
- Required: Yes
- Type: string
The severity of the finding.
- status
-
- Required: Yes
- Type: string
The status of the finding.
- title
-
- Type: string
The title of the finding.
- type
-
- Required: Yes
- Type: string
The type of the finding.
- updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the finding was last updated at.
FindingDetail
Description
Details of the vulnerability identified in a finding.
Members
- cisaData
-
- Type: CisaData structure
The Cybersecurity and Infrastructure Security Agency (CISA) details for a specific vulnerability.
- cwes
-
- Type: Array of strings
The Common Weakness Enumerations (CWEs) associated with the vulnerability.
- epssScore
-
- Type: double
The Exploit Prediction Scoring System (EPSS) score of the vulnerability.
- evidences
-
- Type: Array of Evidence structures
Information on the evidence of the vulnerability.
- exploitObserved
-
- Type: ExploitObserved structure
Contains information on when this exploit was observed.
- findingArn
-
- Type: string
The finding ARN that the vulnerability details are associated with.
- referenceUrls
-
- Type: Array of strings
The reference URLs for the vulnerability data.
- riskScore
-
- Type: int
The risk score of the vulnerability.
- tools
-
- Type: Array of strings
The known malware tools or kits that can exploit the vulnerability.
- ttps
-
- Type: Array of strings
The MITRE adversary tactics, techniques, or procedures (TTPs) associated with the vulnerability.
FindingDetailsError
Description
Details about an error encountered when trying to return vulnerability data for a finding.
Members
- errorCode
-
- Required: Yes
- Type: string
The error code.
- errorMessage
-
- Required: Yes
- Type: string
The error message.
- findingArn
-
- Required: Yes
- Type: string
The finding ARN that returned an error.
FindingTypeAggregation
Description
The details that define an aggregation based on finding type.
Members
- findingType
-
- Type: string
The finding type to aggregate.
- resourceType
-
- Type: string
The resource type to aggregate.
- sortBy
-
- Type: string
The value to sort results by.
- sortOrder
-
- Type: string
The order to sort results by.
FindingTypeAggregationResponse
Description
A response that contains the results of a finding type aggregation.
Members
- accountId
-
- Type: string
The ID of the Amazon Web Services account associated with the findings.
- severityCounts
-
- Type: SeverityCounts structure
The value to sort results by.
FreeTrialAccountInfo
Description
Information about the Amazon Inspector free trial for an account.
Members
- accountId
-
- Required: Yes
- Type: string
The account associated with the Amazon Inspector free trial information.
- freeTrialInfo
-
- Required: Yes
- Type: Array of FreeTrialInfo structures
Contains information about the Amazon Inspector free trial for an account.
FreeTrialInfo
Description
An object that contains information about the Amazon Inspector free trial for an account.
Members
- end
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that the Amazon Inspector free trail ends for a given account.
- start
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that the Amazon Inspector free trail started for a given account.
- status
-
- Required: Yes
- Type: string
The order to sort results by.
- type
-
- Required: Yes
- Type: string
The type of scan covered by the Amazon Inspector free trail.
FreeTrialInfoError
Description
Information about an error received while accessing free trail data for an account.
Members
- accountId
-
- Required: Yes
- Type: string
The account associated with the Amazon Inspector free trial information.
- code
-
- Required: Yes
- Type: string
The error code.
- message
-
- Required: Yes
- Type: string
The error message returned.
ImageLayerAggregation
Description
The details that define an aggregation based on container image layers.
Members
- layerHashes
-
- Type: Array of StringFilter structures
The hashes associated with the layers.
- repositories
-
- Type: Array of StringFilter structures
The repository associated with the container image hosting the layers.
- resourceIds
-
- Type: Array of StringFilter structures
The ID of the container image layer.
- sortBy
-
- Type: string
The value to sort results by.
- sortOrder
-
- Type: string
The order to sort results by.
ImageLayerAggregationResponse
Description
A response that contains the results of a finding aggregation by image layer.
Members
- accountId
-
- Required: Yes
- Type: string
The ID of the Amazon Web Services account that owns the container image hosting the layer image.
- layerHash
-
- Required: Yes
- Type: string
The layer hash.
- repository
-
- Required: Yes
- Type: string
The repository the layer resides in.
- resourceId
-
- Required: Yes
- Type: string
The resource ID of the container image layer.
- severityCounts
-
- Type: SeverityCounts structure
An object that represents the count of matched findings per severity.
InspectorScoreDetails
Description
Information about the Amazon Inspector score given to a finding.
Members
- adjustedCvss
-
- Type: CvssScoreDetails structure
An object that contains details about the CVSS score given to a finding.
InternalServerException
Description
The request has failed due to an internal failure of the Amazon Inspector service.
Members
- message
-
- Required: Yes
- Type: string
- retryAfterSeconds
-
- Type: int
The number of seconds to wait before retrying the request.
LambdaFunctionAggregation
Description
The details that define a findings aggregation based on AWS Lambda functions.
Members
- functionNames
-
- Type: Array of StringFilter structures
The AWS Lambda function names to include in the aggregation results.
- functionTags
-
- Type: Array of MapFilter structures
The tags to include in the aggregation results.
- resourceIds
-
- Type: Array of StringFilter structures
The resource IDs to include in the aggregation results.
- runtimes
-
- Type: Array of StringFilter structures
Returns findings aggregated by AWS Lambda function runtime environments.
- sortBy
-
- Type: string
The finding severity to use for sorting the results.
- sortOrder
-
- Type: string
The order to use for sorting the results.
LambdaFunctionAggregationResponse
Description
A response that contains the results of an AWS Lambda function finding aggregation.
Members
- accountId
-
- Type: string
The ID of the AWS account that owns the AWS Lambda function.
- functionName
-
- Type: string
The AWS Lambda function names included in the aggregation results.
- lambdaTags
-
- Type: Associative array of custom strings keys (MapKey) to strings
The tags included in the aggregation results.
- lastModifiedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date that the AWS Lambda function included in the aggregation results was last changed.
- resourceId
-
- Required: Yes
- Type: string
The resource IDs included in the aggregation results.
- runtime
-
- Type: string
The runtimes included in the aggregation results.
- severityCounts
-
- Type: SeverityCounts structure
An object that contains the counts of aggregated finding per severity.
LambdaFunctionMetadata
Description
The AWS Lambda function metadata.
Members
- functionName
-
- Type: string
The name of a function.
- functionTags
-
- Type: Associative array of custom strings keys (MapKey) to strings
The resource tags on an AWS Lambda function.
- layers
-
- Type: Array of strings
The layers for an AWS Lambda function. A Lambda function can have up to five layers.
- runtime
-
- Type: string
An AWS Lambda function's runtime.
LambdaLayerAggregation
Description
The details that define a findings aggregation based on an AWS Lambda function's layers.
Members
- functionNames
-
- Type: Array of StringFilter structures
The names of the AWS Lambda functions associated with the layers.
- layerArns
-
- Type: Array of StringFilter structures
The Amazon Resource Name (ARN) of the AWS Lambda function layer.
- resourceIds
-
- Type: Array of StringFilter structures
The resource IDs for the AWS Lambda function layers.
- sortBy
-
- Type: string
The finding severity to use for sorting the results.
- sortOrder
-
- Type: string
The order to use for sorting the results.
LambdaLayerAggregationResponse
Description
A response that contains the results of an AWS Lambda function layer finding aggregation.
Members
- accountId
-
- Required: Yes
- Type: string
The account ID of the AWS Lambda function layer.
- functionName
-
- Required: Yes
- Type: string
The names of the AWS Lambda functions associated with the layers.
- layerArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the AWS Lambda function layer.
- resourceId
-
- Required: Yes
- Type: string
The Resource ID of the AWS Lambda function layer.
- severityCounts
-
- Type: SeverityCounts structure
An object that contains the counts of aggregated finding per severity.
LambdaVpcConfig
Description
The VPC security groups and subnets that are attached to an AWS Lambda function. For more information, see VPC Settings.
Members
- securityGroupIds
-
- Type: Array of strings
The VPC security groups and subnets that are attached to an AWS Lambda function. For more information, see VPC Settings.
- subnetIds
-
- Type: Array of strings
A list of VPC subnet IDs.
- vpcId
-
- Type: string
The ID of the VPC.
MapFilter
Description
An object that describes details of a map filter.
Members
- comparison
-
- Required: Yes
- Type: string
The operator to use when comparing values in the filter.
- key
-
- Required: Yes
- Type: string
The tag key used in the filter.
- value
-
- Type: string
The tag value used in the filter.
Member
Description
Details on a member account in your organization.
Members
- accountId
-
- Type: string
The Amazon Web Services account ID of the member account.
- delegatedAdminAccountId
-
- Type: string
The Amazon Web Services account ID of the Amazon Inspector delegated administrator for this member account.
- relationshipStatus
-
- Type: string
The status of the member account.
- updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
A timestamp showing when the status of this member was last updated.
MemberAccountEc2DeepInspectionStatus
Description
An object that contains details about the status of Amazon Inspector deep inspection for a member account in your organization.
Members
- accountId
-
- Required: Yes
- Type: string
The unique identifier for the Amazon Web Services account of the organization member.
- activateDeepInspection
-
- Required: Yes
- Type: boolean
Whether Amazon Inspector deep inspection is active in the account. If
TRUEAmazon Inspector deep inspection is active, ifFALSEit is not active.
MemberAccountEc2DeepInspectionStatusState
Description
An object that contains details about the state of Amazon Inspector deep inspection for a member account.
Members
- accountId
-
- Required: Yes
- Type: string
The unique identifier for the Amazon Web Services account of the organization member
- errorMessage
-
- Type: string
The error message explaining why the account failed to activate Amazon Inspector deep inspection.
- status
-
- Type: string
The state of Amazon Inspector deep inspection in the member account.
NetworkPath
Description
Information on the network path associated with a finding.
Members
- steps
-
- Type: Array of Step structures
The details on the steps in the network path.
NetworkReachabilityDetails
Description
Contains the details of a network reachability finding.
Members
- networkPath
-
- Required: Yes
- Type: NetworkPath structure
An object that contains details about a network path associated with a finding.
- openPortRange
-
- Required: Yes
- Type: PortRange structure
An object that contains details about the open port range associated with a finding.
- protocol
-
- Required: Yes
- Type: string
The protocol associated with a finding.
NumberFilter
Description
An object that describes the details of a number filter.
Members
- lowerInclusive
-
- Type: double
The lowest number to be included in the filter.
- upperInclusive
-
- Type: double
The highest number to be included in the filter.
PackageAggregation
Description
The details that define an aggregation based on operating system package type.
Members
- packageNames
-
- Type: Array of StringFilter structures
The names of packages to aggregate findings on.
- sortBy
-
- Type: string
The value to sort results by.
- sortOrder
-
- Type: string
The order to sort results by.
PackageAggregationResponse
Description
A response that contains the results of a finding aggregation by image layer.
Members
- accountId
-
- Type: string
The ID of the Amazon Web Services account associated with the findings.
- packageName
-
- Required: Yes
- Type: string
The name of the operating system package.
- severityCounts
-
- Type: SeverityCounts structure
An object that contains the count of matched findings per severity.
PackageFilter
Description
Contains information on the details of a package filter.
Members
- architecture
-
- Type: StringFilter structure
An object that contains details on the package architecture type to filter on.
- epoch
-
- Type: NumberFilter structure
An object that contains details on the package epoch to filter on.
- name
-
- Type: StringFilter structure
An object that contains details on the name of the package to filter on.
- release
-
- Type: StringFilter structure
An object that contains details on the package release to filter on.
- sourceLambdaLayerArn
-
- Type: StringFilter structure
An object that describes the details of a string filter.
- sourceLayerHash
-
- Type: StringFilter structure
An object that contains details on the source layer hash to filter on.
- version
-
- Type: StringFilter structure
The package version to filter on.
PackageVulnerabilityDetails
Description
Information about a package vulnerability finding.
Members
- cvss
-
- Type: Array of CvssScore structures
An object that contains details about the CVSS score of a finding.
- referenceUrls
-
- Type: Array of strings
One or more URLs that contain details about this vulnerability type.
- relatedVulnerabilities
-
- Type: Array of strings
One or more vulnerabilities related to the one identified in this finding.
- source
-
- Required: Yes
- Type: string
The source of the vulnerability information.
- sourceUrl
-
- Type: string
A URL to the source of the vulnerability information.
- vendorCreatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that this vulnerability was first added to the vendor's database.
- vendorSeverity
-
- Type: string
The severity the vendor has given to this vulnerability type.
- vendorUpdatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the vendor last updated this vulnerability in their database.
- vulnerabilityId
-
- Required: Yes
- Type: string
The ID given to this vulnerability.
- vulnerablePackages
-
- Type: Array of VulnerablePackage structures
The packages impacted by this vulnerability.
Permission
Description
Contains information on the permissions an account has within Amazon Inspector.
Members
- operation
-
- Required: Yes
- Type: string
The operations that can be performed with the given permissions.
- service
-
- Required: Yes
- Type: string
The services that the permissions allow an account to perform the given operations for.
PortRange
Description
Details about the port range associated with a finding.
Members
- begin
-
- Required: Yes
- Type: int
The beginning port in a port range.
- end
-
- Required: Yes
- Type: int
The ending port in a port range.
PortRangeFilter
Description
An object that describes the details of a port range filter.
Members
- beginInclusive
-
- Type: int
The port number the port range begins at.
- endInclusive
-
- Type: int
The port number the port range ends at.
Recommendation
Description
Details about the recommended course of action to remediate the finding.
Members
- Url
-
- Type: string
The URL address to the CVE remediation recommendations.
- text
-
- Type: string
The recommended course of action to remediate the finding.
Remediation
Description
Information on how to remediate a finding.
Members
- recommendation
-
- Type: Recommendation structure
An object that contains information about the recommended course of action to remediate the finding.
RepositoryAggregation
Description
The details that define an aggregation based on repository.
Members
- repositories
-
- Type: Array of StringFilter structures
The names of repositories to aggregate findings on.
- sortBy
-
- Type: string
The value to sort results by.
- sortOrder
-
- Type: string
The order to sort results by.
RepositoryAggregationResponse
Description
A response that contains details on the results of a finding aggregation by repository.
Members
- accountId
-
- Type: string
The ID of the Amazon Web Services account associated with the findings.
- affectedImages
-
- Type: long (int|float)
The number of container images impacted by the findings.
- repository
-
- Required: Yes
- Type: string
The name of the repository associated with the findings.
- severityCounts
-
- Type: SeverityCounts structure
An object that represent the count of matched findings per severity.
Resource
Description
Details about the resource involved in a finding.
Members
- details
-
- Type: ResourceDetails structure
An object that contains details about the resource involved in a finding.
- id
-
- Required: Yes
- Type: string
The ID of the resource.
- partition
-
- Type: string
The partition of the resource.
- region
-
- Type: string
The Amazon Web Services Region the impacted resource is located in.
- tags
-
- Type: Associative array of custom strings keys (MapKey) to strings
The tags attached to the resource.
- type
-
- Required: Yes
- Type: string
The type of resource.
ResourceDetails
Description
Contains details about the resource involved in the finding.
Members
- awsEc2Instance
-
- Type: AwsEc2InstanceDetails structure
An object that contains details about the Amazon EC2 instance involved in the finding.
- awsEcrContainerImage
-
- Type: AwsEcrContainerImageDetails structure
An object that contains details about the Amazon ECR container image involved in the finding.
- awsLambdaFunction
-
- Type: AwsLambdaFunctionDetails structure
A summary of the information about an AWS Lambda function affected by a finding.
ResourceFilterCriteria
Description
The resource filter criteria for a Software bill of materials (SBOM) report.
Members
- accountId
-
- Type: Array of ResourceStringFilter structures
The account IDs used as resource filter criteria.
- ec2InstanceTags
-
- Type: Array of ResourceMapFilter structures
The EC2 instance tags used as resource filter criteria.
- ecrImageTags
-
- Type: Array of ResourceStringFilter structures
The ECR image tags used as resource filter criteria.
- ecrRepositoryName
-
- Type: Array of ResourceStringFilter structures
The ECR repository names used as resource filter criteria.
- lambdaFunctionName
-
- Type: Array of ResourceStringFilter structures
The AWS Lambda function name used as resource filter criteria.
- lambdaFunctionTags
-
- Type: Array of ResourceMapFilter structures
The AWS Lambda function tags used as resource filter criteria.
- resourceId
-
- Type: Array of ResourceStringFilter structures
The resource IDs used as resource filter criteria.
- resourceType
-
- Type: Array of ResourceStringFilter structures
The resource types used as resource filter criteria.
ResourceMapFilter
Description
A resource map filter for a software bill of material report.
Members
- comparison
-
- Required: Yes
- Type: string
The filter's comparison.
- key
-
- Required: Yes
- Type: string
The filter's key.
- value
-
- Type: string
The filter's value.
ResourceNotFoundException
Description
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
Members
- message
-
- Required: Yes
- Type: string
ResourceScanMetadata
Description
An object that contains details about the metadata for an Amazon ECR resource.
Members
- ec2
-
- Type: Ec2Metadata structure
An object that contains metadata details for an Amazon EC2 instance.
- ecrImage
-
- Type: EcrContainerImageMetadata structure
An object that contains details about the container metadata for an Amazon ECR image.
- ecrRepository
-
- Type: EcrRepositoryMetadata structure
An object that contains details about the repository an Amazon ECR image resides in.
- lambdaFunction
-
- Type: LambdaFunctionMetadata structure
An object that contains metadata details for an AWS Lambda function.
ResourceState
Description
Details the state of Amazon Inspector for each resource type Amazon Inspector scans.
Members
- ec2
-
- Required: Yes
- Type: State structure
An object detailing the state of Amazon Inspector scanning for Amazon EC2 resources.
- ecr
-
- Required: Yes
- Type: State structure
An object detailing the state of Amazon Inspector scanning for Amazon ECR resources.
- lambda
-
- Type: State structure
An object that described the state of Amazon Inspector scans for an account.
- lambdaCode
-
- Type: State structure
An object that described the state of Amazon Inspector scans for an account.
ResourceStatus
Description
Details the status of Amazon Inspector for each resource type Amazon Inspector scans.
Members
- ec2
-
- Required: Yes
- Type: string
The status of Amazon Inspector scanning for Amazon EC2 resources.
- ecr
-
- Required: Yes
- Type: string
The status of Amazon Inspector scanning for Amazon ECR resources.
- lambda
-
- Type: string
The status of Amazon Inspector scanning for AWS Lambda function.
- lambdaCode
-
- Type: string
The status of Amazon Inspector scanning for custom application code for Amazon Web Services Lambda functions.
ResourceStringFilter
Description
A resource string filter for a software bill of materials report.
Members
- comparison
-
- Required: Yes
- Type: string
The filter's comparison.
- value
-
- Required: Yes
- Type: string
The filter's value.
ScanStatus
Description
The status of the scan.
Members
- reason
-
- Required: Yes
- Type: string
The reason for the scan.
- statusCode
-
- Required: Yes
- Type: string
The status code of the scan.
SearchVulnerabilitiesFilterCriteria
Description
Details on the criteria used to define the filter for a vulnerability search.
Members
- vulnerabilityIds
-
- Required: Yes
- Type: Array of strings
The IDs for specific vulnerabilities.
ServiceQuotaExceededException
Description
You have exceeded your service quota. To perform the requested action, remove some of the relevant resources, or use Service Quotas to request a service quota increase.
Members
- message
-
- Required: Yes
- Type: string
- resourceId
-
- Required: Yes
- Type: string
The ID of the resource that exceeds a service quota.
SeverityCounts
Description
An object that contains the counts of aggregated finding per severity.
Members
- all
-
- Type: long (int|float)
The total count of findings from all severities.
- critical
-
- Type: long (int|float)
The total count of critical severity findings.
- high
-
- Type: long (int|float)
The total count of high severity findings.
- medium
-
- Type: long (int|float)
The total count of medium severity findings.
SortCriteria
Description
Details about the criteria used to sort finding results.
Members
- field
-
- Required: Yes
- Type: string
The finding detail field by which results are sorted.
- sortOrder
-
- Required: Yes
- Type: string
The order by which findings are sorted.
State
Description
An object that described the state of Amazon Inspector scans for an account.
Members
- errorCode
-
- Required: Yes
- Type: string
The error code explaining why the account failed to enable Amazon Inspector.
- errorMessage
-
- Required: Yes
- Type: string
The error message received when the account failed to enable Amazon Inspector.
- status
-
- Required: Yes
- Type: string
The status of Amazon Inspector for the account.
Step
Description
Details about the step associated with a finding.
Members
- componentId
-
- Required: Yes
- Type: string
The component ID.
- componentType
-
- Required: Yes
- Type: string
The component type.
StringFilter
Description
An object that describes the details of a string filter.
Members
- comparison
-
- Required: Yes
- Type: string
The operator to use when comparing values in the filter.
- value
-
- Required: Yes
- Type: string
The value to filter on.
SuggestedFix
Description
A suggested fix for a vulnerability in your Lambda function code.
Members
- code
-
- Type: string
The fix's code.
- description
-
- Type: string
The fix's description.
ThrottlingException
Description
The limit on the number of requests per second was exceeded.
Members
- message
-
- Required: Yes
- Type: string
- retryAfterSeconds
-
- Type: int
The number of seconds to wait before retrying the request.
TitleAggregation
Description
The details that define an aggregation based on finding title.
Members
- findingType
-
- Type: string
The type of finding to aggregate on.
- resourceType
-
- Type: string
The resource type to aggregate on.
- sortBy
-
- Type: string
The value to sort results by.
- sortOrder
-
- Type: string
The order to sort results by.
- titles
-
- Type: Array of StringFilter structures
The finding titles to aggregate on.
- vulnerabilityIds
-
- Type: Array of StringFilter structures
The vulnerability IDs of the findings.
TitleAggregationResponse
Description
A response that contains details on the results of a finding aggregation by title.
Members
- accountId
-
- Type: string
The ID of the Amazon Web Services account associated with the findings.
- severityCounts
-
- Type: SeverityCounts structure
An object that represent the count of matched findings per severity.
- title
-
- Required: Yes
- Type: string
The title that the findings were aggregated on.
- vulnerabilityId
-
- Type: string
The vulnerability ID of the finding.
Usage
Description
Contains usage information about the cost of Amazon Inspector operation.
Members
- currency
-
- Type: string
The currency type used when calculating usage data.
- estimatedMonthlyCost
-
- Type: double
The estimated monthly cost of Amazon Inspector.
- total
-
- Type: double
The total of usage.
- type
-
- Type: string
The type scan.
UsageTotal
Description
The total of usage for an account ID.
Members
- accountId
-
- Type: string
The account ID of the account that usage data was retrieved for.
- usage
-
- Type: Array of Usage structures
An object representing the total usage for an account.
ValidationException
Description
The request has failed validation due to missing required fields or having invalid inputs.
Members
- fields
-
- Type: Array of ValidationExceptionField structures
The fields that failed validation.
- message
-
- Required: Yes
- Type: string
- reason
-
- Required: Yes
- Type: string
The reason for the validation failure.
ValidationExceptionField
Description
An object that describes a validation exception.
Members
- message
-
- Required: Yes
- Type: string
The validation exception message.
- name
-
- Required: Yes
- Type: string
The name of the validation exception.
Vulnerability
Description
Contains details about a specific vulnerability Amazon Inspector can detect.
Members
- atigData
-
- Type: AtigData structure
An object that contains information about the Amazon Web Services Threat Intel Group (ATIG) details for the vulnerability.
- cisaData
-
- Type: CisaData structure
An object that contains the Cybersecurity and Infrastructure Security Agency (CISA) details for the vulnerability.
- cvss2
-
- Type: Cvss2 structure
An object that contains the Common Vulnerability Scoring System (CVSS) Version 2 details for the vulnerability.
- cvss3
-
- Type: Cvss3 structure
An object that contains the Common Vulnerability Scoring System (CVSS) Version 3 details for the vulnerability.
- cwes
-
- Type: Array of strings
The Common Weakness Enumeration (CWE) associated with the vulnerability.
- description
-
- Type: string
A description of the vulnerability.
- detectionPlatforms
-
- Type: Array of strings
Platforms that the vulnerability can be detected on.
- epss
-
- Type: Epss structure
An object that contains the Exploit Prediction Scoring System (EPSS) score for a vulnerability.
- exploitObserved
-
- Type: ExploitObserved structure
An object that contains details on when the exploit was observed.
- id
-
- Required: Yes
- Type: string
The ID for the specific vulnerability.
- referenceUrls
-
- Type: Array of strings
Links to various resources with more information on this vulnerability.
- relatedVulnerabilities
-
- Type: Array of strings
A list of related vulnerabilities.
- source
-
- Type: string
The source of the vulnerability information.
- sourceUrl
-
- Type: string
A link to the official source material for this vulnerability.
- vendorCreatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time when the vendor created this vulnerability.
- vendorSeverity
-
- Type: string
The severity assigned by the vendor.
- vendorUpdatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time when the vendor last updated this vulnerability.
VulnerablePackage
Description
Information on the vulnerable package identified by a finding.
Members
- arch
-
- Type: string
The architecture of the vulnerable package.
- epoch
-
- Type: int
The epoch of the vulnerable package.
- filePath
-
- Type: string
The file path of the vulnerable package.
- fixedInVersion
-
- Type: string
The version of the package that contains the vulnerability fix.
- name
-
- Required: Yes
- Type: string
The name of the vulnerable package.
- packageManager
-
- Type: string
The package manager of the vulnerable package.
- release
-
- Type: string
The release of the vulnerable package.
- remediation
-
- Type: string
The code to run in your environment to update packages with a fix available.
- sourceLambdaLayerArn
-
- Type: string
The Amazon Resource Number (ARN) of the AWS Lambda function affected by a finding.
- sourceLayerHash
-
- Type: string
The source layer hash of the vulnerable package.
- version
-
- Required: Yes
- Type: string
The version of the vulnerable package.