FindingMetricsValuePerSeverity closedFindings
The number of closed findings of each severity in an account on the specified date.
Date date
The date from which the finding metrics were retrieved.
FindingMetricsValuePerSeverity meanTimeToClose
The average time it takes to close findings of each severity in days.
FindingMetricsValuePerSeverity newFindings
The number of new findings of each severity in account on the specified date.
FindingMetricsValuePerSeverity openFindings
The number of open findings of each severity in an account as of the specified date.
String analysisType
The type of analysis you want CodeGuru Security to perform in the scan, either Security or
All. The Security type only generates findings related to security. The
All type generates both security findings and quality findings. Defaults to Security
type if missing.
String clientToken
The idempotency token for the request. Amazon CodeGuru Security uses this value to prevent the accidental creation of duplicate scans if there are failures and retries.
ResourceId resourceId
The identifier for an input resource used to create a scan.
String scanName
The unique name that CodeGuru Security uses to track revisions across multiple scans of the same resource. Only
allowed for a STANDARD scan type. If not specified, it will be auto generated.
String scanType
The type of scan, either Standard or Express. Defaults to Standard type if
missing.
Express scans run on limited resources and use a limited set of detectors to analyze your code in
near-real time. Standard scans have standard resource limits and use the full set of detectors to
analyze your code.
Map<K,V> tags
An array of key-value pairs used to tag a scan. A tag is a custom attribute label with two parts:
A tag key. For example, CostCenter, Environment, or Secret. Tag keys are
case sensitive.
An optional tag value field. For example, 111122223333, Production, or a team name.
Omitting the tag value is the same as using an empty string. Tag values are case sensitive.
ResourceId resourceId
The identifier for the resource object that contains resources that were scanned.
String runId
UUID that identifies the individual scan run.
String scanName
The name of the scan.
String scanNameArn
The ARN for the scan name.
String scanState
The current state of the scan. Returns either InProgress, Successful, or
Failed.
String scanName
The name of the scan that will use the uploaded resource. CodeGuru Security uses the unique scan name to track
revisions across multiple scans of the same resource. Use this scanName when you call
CreateScan on the code resource you upload to this URL.
String codeArtifactId
The identifier for the uploaded code resource.
Map<K,V> requestHeaders
A set of key-value pairs that contain the required headers when uploading your resource.
String s3Url
A pre-signed S3 URL. You can upload the code file you want to scan and add the required
requestHeaders using any HTTP client.
String kmsKeyArn
The KMS key ARN to use for encryption. This must be provided as a header when uploading your code resource.
List<E> codeSnippet
A list of CodeLine objects that describe where the security vulnerability appears in your code.
Integer endLine
The last line number of the code snippet where the security vulnerability appears in your code.
String name
The name of the file.
String path
The path to the resource with the security vulnerability.
Integer startLine
The first line number of the code snippet where the security vulnerability appears in your code.
Date createdAt
The time when the finding was created.
String description
A description of the finding.
String detectorId
The identifier for the detector that detected the finding in your code. A detector is a defined rule based on industry standards and AWS best practices.
String detectorName
The name of the detector that identified the security vulnerability in your code.
List<E> detectorTags
One or more tags or categorizations that are associated with a detector. These tags are defined by type, programming language, or other classification such as maintainability or consistency.
String generatorId
The identifier for the component that generated a finding such as AWSCodeGuruSecurity or AWSInspector.
String id
The identifier for a finding.
Remediation remediation
An object that contains the details about how to remediate a finding.
Resource resource
The resource where Amazon CodeGuru Security detected a finding.
String ruleId
The identifier for the rule that generated the finding.
String severity
The severity of the finding.
String status
The status of the finding. A finding status can be open or closed.
String title
The title of the finding.
String type
The type of finding.
Date updatedAt
The time when the finding was last updated. Findings are updated when you remediate them or when the finding code location changes.
Vulnerability vulnerability
An object that describes the detected security vulnerability.
Double critical
The severity of the finding is critical and should be addressed immediately.
Double high
The severity of the finding is high and should be addressed as a near-term priority.
Double info
The finding is related to quality or readability improvements and not considered actionable.
Double low
The severity of the finding is low and does require action on its own.
Double medium
The severity of the finding is medium and should be addressed as a mid-term priority.
EncryptionConfig encryptionConfig
An EncryptionConfig object that contains the KMS key ARN to use for encryption. By default, CodeGuru
Security uses an AWS-managed key for encryption. To specify your own key, call
UpdateAccountConfiguration.
Integer maxResults
The maximum number of results to return in the response. Use this parameter when paginating results. If
additional results exist beyond the number you specify, the nextToken element is returned in the
response. Use nextToken in a subsequent request to retrieve additional results.
String nextToken
A token to use for paginating results that are returned in the response. Set the value of this parameter to null
for the first request. For subsequent calls, use the nextToken value returned from the previous
request to continue listing results after the first page.
String scanName
The name of the scan you want to retrieve findings from.
String status
The status of the findings you want to get. Pass either Open, Closed, or
All.
Date date
The date you want to retrieve summary metrics from, rounded to the nearest day. The date must be within the past two years since metrics data is only stored for two years. If a date outside of this range is passed, the response will be empty.
MetricsSummary metricsSummary
The summary metrics from the specified date.
String analysisType
The type of analysis CodeGuru Security performed in the scan, either Security or All.
The Security type only generates findings related to security. The All type generates
both security findings and quality findings.
Date createdAt
The time the scan was created.
Long numberOfRevisions
The number of times a scan has been re-run on a revised resource.
String runId
UUID that identifies the individual scan run.
String scanName
The name of the scan.
String scanNameArn
The ARN for the scan name.
String scanState
The current state of the scan. Pass either InProgress, Successful, or
Failed.
Date updatedAt
The time when the scan was last updated. Only available for STANDARD scan types.
String error
The internal error encountered by the server.
Date endDate
The end date of the interval which you want to retrieve metrics from.
Integer maxResults
The maximum number of results to return in the response. Use this parameter when paginating results. If
additional results exist beyond the number you specify, the nextToken element is returned in the
response. Use nextToken in a subsequent request to retrieve additional results.
String nextToken
A token to use for paginating results that are returned in the response. Set the value of this parameter to null
for the first request. For subsequent calls, use the nextToken value returned from the previous
request to continue listing results after the first page.
Date startDate
The start date of the interval which you want to retrieve metrics from.
Integer maxResults
The maximum number of results to return in the response. Use this parameter when paginating results. If
additional results exist beyond the number you specify, the nextToken element is returned in the
response. Use nextToken in a subsequent request to retrieve additional results.
String nextToken
A token to use for paginating results that are returned in the response. Set the value of this parameter to null
for the first request. For subsequent calls, use the nextToken value returned from the previous
request to continue listing results after the first page.
String resourceArn
The ARN of the ScanName object. You can retrieve this ARN by calling ListScans or
GetScan.
Map<K,V> tags
An array of key-value pairs used to tag an existing scan. A tag is a custom attribute label with two parts:
A tag key. For example, CostCenter, Environment, or Secret. Tag keys are
case sensitive.
An optional tag value field. For example, 111122223333, Production, or a team name.
Omitting the tag value is the same as using an empty string. Tag values are case sensitive.
List<E> categoriesWithMostFindings
A list of CategoryWithFindingNum objects for the top 5 finding categories with the most open
findings in an account.
Date date
The date from which the metrics summary information was retrieved.
FindingMetricsValuePerSeverity openFindings
The number of open findings of each severity in an account.
List<E> scansWithMostOpenCriticalFindings
A list of ScanNameWithFindingNum objects for the top 3 scans with the most number of open findings
in an account.
List<E> scansWithMostOpenFindings
A list of ScanNameWithFindingNum objects for the top 3 scans with the most number of open critical
findings in an account.
Recommendation recommendation
An object that contains information about the recommended course of action to remediate a finding.
List<E> suggestedFixes
A list of SuggestedFix objects. Each object contains information about a suggested code fix to
remediate the finding.
String codeArtifactId
The identifier for the code file uploaded to the resource where a finding was detected.
Date createdAt
The time when the scan was created.
String runId
The identifier for the scan run.
String scanName
The name of the scan.
String scanNameArn
The ARN for the scan name.
String scanState
The state of the scan. A scan can be In Progress, Complete, or Failed.
Date updatedAt
The time the scan was last updated. A scan is updated when it is re-run.
String resourceArn
The ARN of the ScanName object. You can retrieve this ARN by calling ListScans or
GetScan.
Map<K,V> tags
An array of key-value pairs used to tag an existing scan. A tag is a custom attribute label with two parts:
A tag key. For example, CostCenter, Environment, or Secret. Tag keys are
case sensitive.
An optional tag value field. For example, 111122223333, Production, or a team name.
Omitting the tag value is the same as using an empty string. Tag values are case sensitive.
EncryptionConfig encryptionConfig
The KMS key ARN you want to use for encryption. Defaults to service-side encryption if missing.
EncryptionConfig encryptionConfig
An EncryptionConfig object that contains the KMS key ARN to use for encryption.
FilePath filePath
An object that describes the location of the detected security vulnerability in your code.
String id
The identifier for the vulnerability.
Integer itemCount
The number of times the vulnerability appears in your code.
List<E> referenceUrls
One or more URL addresses that contain details about a vulnerability.
List<E> relatedVulnerabilities
One or more vulnerabilities that are related to the vulnerability being described.
Copyright © 2024. All rights reserved.