Information on the vulnerable package identified by a finding.
Contents
- name
-
The name of the vulnerable package.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Required: Yes
- version
-
The version of the vulnerable package.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Required: Yes
- arch
-
The architecture of the vulnerable package.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 64.
Required: No
- epoch
-
The epoch of the vulnerable package.
Type: Integer
Required: No
- filePath
-
The file path of the vulnerable package.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Required: No
- fixedInVersion
-
The version of the package that contains the vulnerability fix.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Required: No
- packageManager
-
The package manager of the vulnerable package.
Type: String
Valid Values:
BUNDLER | CARGO | COMPOSER | NPM | NUGET | PIPENV | POETRY | YARN | GOBINARY | GOMOD | JAR | OS | PIP | PYTHONPKG | NODEPKG | POM | GEMSPEC | DOTNET_CORERequired: No
- release
-
The release of the vulnerable package.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Required: No
- remediation
-
The code to run in your environment to update packages with a fix available.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Required: No
- sourceLambdaLayerArn
-
The Amazon Resource Number (ARN) of the AWS Lambda function affected by a finding.
Type: String
Pattern:
^arn:[a-zA-Z0-9-]+:lambda:[a-zA-Z0-9-]+:\d{12}:layer:[a-zA-Z0-9-_]+:[0-9]+$Required: No
- sourceLayerHash
-
The source layer hash of the vulnerable package.
Type: String
Length Constraints: Fixed length of 71.
Pattern:
^sha256:[a-z0-9]{64}$Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
