PentestJob

Represents a pentest job, which is an execution instance of a pentest. A pentest job progresses through preflight, static analysis, pentest, and finalizing steps.

Contents

actors

The list of actors used during the pentest job.

Type: Array of Actor objects

Required: No

allowedDomains

The list of domains allowed during the pentest job.

Type: Array of Endpoint objects

Required: No

codeRemediationStrategy

The code remediation strategy for the pentest job.

Type: String

Valid Values: AUTOMATIC | DISABLED

Required: No

createdAt

The date and time the pentest job was created, in UTC format.

Type: Timestamp

Required: No

documents

The list of documents providing context for the pentest job.

Type: Array of DocumentInfo objects

Required: No

endpoints

The list of endpoints being tested in the pentest job.

Type: Array of Endpoint objects

Required: No

errorInformation

Error information if the pentest job encountered an error.

Type: ErrorInformation object

Required: No

excludePaths

The list of paths excluded from the pentest job.

Type: Array of Endpoint objects

Required: No

excludeRiskTypes

The list of risk types excluded from the pentest job.

Type: Array of strings

Valid Values: CROSS_SITE_SCRIPTING | DEFAULT_CREDENTIALS | INSECURE_DIRECT_OBJECT_REFERENCE | PRIVILEGE_ESCALATION | SERVER_SIDE_TEMPLATE_INJECTION | COMMAND_INJECTION | CODE_INJECTION | SQL_INJECTION | ARBITRARY_FILE_UPLOAD | INSECURE_DESERIALIZATION | LOCAL_FILE_INCLUSION | INFORMATION_DISCLOSURE | PATH_TRAVERSAL | SERVER_SIDE_REQUEST_FORGERY | JSON_WEB_TOKEN_VULNERABILITIES | XML_EXTERNAL_ENTITY | FILE_DELETION | OTHER | GRAPHQL_VULNERABILITIES | BUSINESS_LOGIC_VULNERABILITIES | CRYPTOGRAPHIC_VULNERABILITIES | DENIAL_OF_SERVICE | FILE_ACCESS | FILE_CREATION | DATABASE_MODIFICATION | DATABASE_ACCESS | OUTBOUND_SERVICE_REQUEST | UNKNOWN

Required: No

executionContext

The execution context messages for the pentest job.

Type: Array of ExecutionContext objects

Required: No

integratedRepositories

The list of integrated repositories associated with the pentest job.

Type: Array of IntegratedRepository objects

Required: No

logConfig

The CloudWatch Logs configuration for the pentest job.

Type: CloudWatchLog object

Required: No

networkTrafficConfig

The network traffic configuration for the pentest job.

Type: NetworkTrafficConfig object

Required: No

overview

An overview of the pentest job results.

Type: String

Required: No

pentestId

The unique identifier of the pentest associated with the job.

Type: String

Required: No

pentestJobId

The unique identifier of the pentest job.

Type: String

Required: No

serviceRole

The IAM service role used for the pentest job.

Type: String

Required: No

sourceCode

The list of source code repositories analyzed during the pentest job.

Type: Array of SourceCodeRepository objects

Required: No

status

The current status of the pentest job.

Type: String

Valid Values: IN_PROGRESS | STOPPING | STOPPED | FAILED | COMPLETED

Required: No

steps

The list of steps in the pentest job execution.

Type: Array of Step objects

Required: No

title

The title of the pentest job.

Type: String

Required: No

updatedAt

The date and time the pentest job was last updated, in UTC format.

Type: Timestamp

Required: No

vpcConfig

The VPC configuration for the pentest job.

Type: VpcConfig object

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++

• AWS SDK for Java V2

• AWS SDK for Ruby V3