SecurityAgent / Client / create_code_review

create_code_review

SecurityAgent.Client.create_code_review(**kwargs)

Creates a new code review configuration in an agent space. A code review defines the parameters for automated security-focused code analysis.

See also: AWS API Documentation

Request Syntax

response = client.create_code_review(
    title='string',
    agentSpaceId='string',
    assets={
        'endpoints': [
            {
                'uri': 'string'
            },
        ],
        'actors': [
            {
                'identifier': 'string',
                'uris': [
                    'string',
                ],
                'authentication': {
                    'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
                    'value': 'string'
                },
                'description': 'string'
            },
        ],
        'documents': [
            {
                's3Location': 'string',
                'artifactId': 'string'
            },
        ],
        'sourceCode': [
            {
                's3Location': 'string'
            },
        ],
        'integratedRepositories': [
            {
                'integrationId': 'string',
                'providerResourceId': 'string'
            },
        ]
    },
    serviceRole='string',
    logConfig={
        'logGroup': 'string',
        'logStream': 'string'
    },
    codeRemediationStrategy='AUTOMATIC'|'DISABLED'
)
Parameters:

  • title (string) –

    [REQUIRED]

    The title of the code review.

  • agentSpaceId (string) –

    [REQUIRED]

    The unique identifier of the agent space to create the code review in.

  • assets (dict) –

    [REQUIRED]

    The assets to include in the code review, such as documents and source code.

    • endpoints (list) –

      The list of endpoints to test during the pentest.

      • (dict) –

        Represents a target endpoint for penetration testing.

        • uri (string) –

          The URI of the endpoint.

    • actors (list) –

      The list of actors used during penetration testing.

      • (dict) –

        Represents an actor used during penetration testing. An actor defines a user or entity that interacts with the target application, including authentication credentials and target URIs.

        • identifier (string) –

          The unique identifier for the actor.

        • uris (list) –

          The list of URIs that the actor targets during testing.

          • (string) –

        • authentication (dict) –

          The authentication configuration for the actor.

          • providerType (string) –

            The type of authentication provider. Valid values include SECRETS_MANAGER, AWS_LAMBDA, AWS_IAM_ROLE, and AWS_INTERNAL.

          • value (string) –

            The authentication value, such as a secret ARN, Lambda function ARN, or IAM role ARN, depending on the provider type.

        • description (string) –

          A description of the actor.

    • documents (list) –

      The list of documents that provide context for the pentest.

      • (dict) –

        Represents a document that provides context for security testing.

        • s3Location (string) –

          The Amazon S3 location of the document.

        • artifactId (string) –

          The unique identifier of the artifact associated with the document.

    • sourceCode (list) –

      The list of source code repositories to analyze during the pentest.

      • (dict) –

        Represents a source code repository used for security analysis during a pentest.

        • s3Location (string) –

          The Amazon S3 location of the source code repository archive.

    • integratedRepositories (list) –

      The list of integrated repositories associated with the pentest.

      • (dict) –

        Represents a code repository that is integrated with the service through a third-party provider.

        • integrationId (string) – [REQUIRED]

          The unique identifier of the integration that provides access to the repository.

        • providerResourceId (string) – [REQUIRED]

          The provider-specific resource identifier for the repository.

  • serviceRole (string) – The IAM service role to use for the code review.

  • logConfig (dict) –

    The CloudWatch Logs configuration for the code review.

    • logGroup (string) –

      The name of the CloudWatch log group.

    • logStream (string) –

      The name of the CloudWatch log stream.

  • codeRemediationStrategy (string) – The code remediation strategy for the code review. Valid values are AUTOMATIC and DISABLED.

Return type:

dict

Returns:

Response Syntax

{
    'codeReviewId': 'string',
    'title': 'string',
    'createdAt': datetime(2015, 1, 1),
    'updatedAt': datetime(2015, 1, 1),
    'assets': {
        'endpoints': [
            {
                'uri': 'string'
            },
        ],
        'actors': [
            {
                'identifier': 'string',
                'uris': [
                    'string',
                ],
                'authentication': {
                    'providerType': 'SECRETS_MANAGER'|'AWS_LAMBDA'|'AWS_IAM_ROLE'|'AWS_INTERNAL',
                    'value': 'string'
                },
                'description': 'string'
            },
        ],
        'documents': [
            {
                's3Location': 'string',
                'artifactId': 'string'
            },
        ],
        'sourceCode': [
            {
                's3Location': 'string'
            },
        ],
        'integratedRepositories': [
            {
                'integrationId': 'string',
                'providerResourceId': 'string'
            },
        ]
    },
    'serviceRole': 'string',
    'logConfig': {
        'logGroup': 'string',
        'logStream': 'string'
    },
    'agentSpaceId': 'string',
    'codeRemediationStrategy': 'AUTOMATIC'|'DISABLED'
}

Response Structure

  • (dict) –

    Output for the CreateCodeReview operation.

    • codeReviewId (string) –

      The unique identifier of the created code review.

    • title (string) –

      The title of the code review.

    • createdAt (datetime) –

      The date and time the code review was created, in UTC format.

    • updatedAt (datetime) –

      The date and time the code review was last updated, in UTC format.

    • assets (dict) –

      The assets included in the code review.

      • endpoints (list) –

        The list of endpoints to test during the pentest.

        • (dict) –

          Represents a target endpoint for penetration testing.

          • uri (string) –

            The URI of the endpoint.

      • actors (list) –

        The list of actors used during penetration testing.

        • (dict) –

          Represents an actor used during penetration testing. An actor defines a user or entity that interacts with the target application, including authentication credentials and target URIs.

          • identifier (string) –

            The unique identifier for the actor.

          • uris (list) –

            The list of URIs that the actor targets during testing.

            • (string) –

          • authentication (dict) –

            The authentication configuration for the actor.

            • providerType (string) –

              The type of authentication provider. Valid values include SECRETS_MANAGER, AWS_LAMBDA, AWS_IAM_ROLE, and AWS_INTERNAL.

            • value (string) –

              The authentication value, such as a secret ARN, Lambda function ARN, or IAM role ARN, depending on the provider type.

          • description (string) –

            A description of the actor.

      • documents (list) –

        The list of documents that provide context for the pentest.

        • (dict) –

          Represents a document that provides context for security testing.

          • s3Location (string) –

            The Amazon S3 location of the document.

          • artifactId (string) –

            The unique identifier of the artifact associated with the document.

      • sourceCode (list) –

        The list of source code repositories to analyze during the pentest.

        • (dict) –

          Represents a source code repository used for security analysis during a pentest.

          • s3Location (string) –

            The Amazon S3 location of the source code repository archive.

      • integratedRepositories (list) –

        The list of integrated repositories associated with the pentest.

        • (dict) –

          Represents a code repository that is integrated with the service through a third-party provider.

          • integrationId (string) –

            The unique identifier of the integration that provides access to the repository.

          • providerResourceId (string) –

            The provider-specific resource identifier for the repository.

    • serviceRole (string) –

      The IAM service role used for the code review.

    • logConfig (dict) –

      The CloudWatch Logs configuration for the code review.

      • logGroup (string) –

        The name of the CloudWatch log group.

      • logStream (string) –

        The name of the CloudWatch log stream.

    • agentSpaceId (string) –

      The unique identifier of the agent space that contains the code review.

    • codeRemediationStrategy (string) –

      The code remediation strategy for the code review.