SDK for PHP 3.x
Inspector2 2020-06-08
- Client: Aws\Inspector2\Inspector2Client
- Service ID: inspector2
- Version: 2020-06-08
This page describes the parameters and results for the operations of the Inspector2 (2020-06-08), and shows how to use the Aws\Inspector2\Inspector2Client object to call the described operations. This documentation is specific to the 2020-06-08 API version of the service.
Operation Summary
Each of the following operations can be created from a client using
$client->getCommand('CommandName'), where "CommandName" is the
name of one of the following operations. Note: a command is a value that
encapsulates an operation and the parameters used to create an HTTP request.
You can also create and send a command immediately using the magic methods
available on a client object: $client->commandName(/* parameters */).
You can send the command asynchronously (returning a promise) by appending the
word "Async" to the operation name: $client->commandNameAsync(/* parameters */).
- AssociateMember ( array $params = [] )
- Associates an Amazon Web Services account with an Amazon Inspector delegated administrator.
- BatchAssociateCodeSecurityScanConfiguration ( array $params = [] )
- Associates multiple code repositories with an Amazon Inspector code security scan configuration.
- BatchDisassociateCodeSecurityScanConfiguration ( array $params = [] )
- Disassociates multiple code repositories from an Amazon Inspector code security scan configuration.
- BatchGetAccountStatus ( array $params = [] )
- Retrieves the Amazon Inspector status of multiple Amazon Web Services accounts within your environment.
- BatchGetCodeSnippet ( array $params = [] )
- Retrieves code snippets from findings that Amazon Inspector detected code vulnerabilities in.
- BatchGetFindingDetails ( array $params = [] )
- Gets vulnerability details for findings.
- BatchGetFreeTrialInfo ( array $params = [] )
- Gets free trial status for multiple Amazon Web Services accounts.
- BatchGetMemberEc2DeepInspectionStatus ( array $params = [] )
- Retrieves Amazon Inspector deep inspection activation status of multiple member accounts within your organization.
- BatchUpdateMemberEc2DeepInspectionStatus ( array $params = [] )
- Activates or deactivates Amazon Inspector deep inspection for the provided member accounts in your organization.
- CancelFindingsReport ( array $params = [] )
- Cancels the given findings report.
- CancelSbomExport ( array $params = [] )
- Cancels a software bill of materials (SBOM) report.
- CreateCisScanConfiguration ( array $params = [] )
- Creates a CIS scan configuration.
- CreateCodeSecurityIntegration ( array $params = [] )
- Creates a code security integration with a source code repository provider.
- CreateCodeSecurityScanConfiguration ( array $params = [] )
- Creates a scan configuration for code security scanning.
- CreateFilter ( array $params = [] )
- Creates a filter resource using specified filter criteria.
- CreateFindingsReport ( array $params = [] )
- Creates a finding report.
- CreateSbomExport ( array $params = [] )
- Creates a software bill of materials (SBOM) report.
- DeleteCisScanConfiguration ( array $params = [] )
- Deletes a CIS scan configuration.
- DeleteCodeSecurityIntegration ( array $params = [] )
- Deletes a code security integration.
- DeleteCodeSecurityScanConfiguration ( array $params = [] )
- Deletes a code security scan configuration.
- DeleteFilter ( array $params = [] )
- Deletes a filter resource.
- DescribeOrganizationConfiguration ( array $params = [] )
- Describe Amazon Inspector configuration settings for an Amazon Web Services organization.
- Disable ( array $params = [] )
- Disables Amazon Inspector scans for one or more Amazon Web Services accounts.
- DisableDelegatedAdminAccount ( array $params = [] )
- Disables the Amazon Inspector delegated administrator for your organization.
- DisassociateMember ( array $params = [] )
- Disassociates a member account from an Amazon Inspector delegated administrator.
- Enable ( array $params = [] )
- Enables Amazon Inspector scans for one or more Amazon Web Services accounts.
- EnableDelegatedAdminAccount ( array $params = [] )
- Enables the Amazon Inspector delegated administrator for your Organizations organization.
- GetCisScanReport ( array $params = [] )
- Retrieves a CIS scan report.
- GetCisScanResultDetails ( array $params = [] )
- Retrieves CIS scan result details.
- GetClustersForImage ( array $params = [] )
- Returns a list of clusters and metadata associated with an image.
- GetCodeSecurityIntegration ( array $params = [] )
- Retrieves information about a code security integration.
- GetCodeSecurityScan ( array $params = [] )
- Retrieves information about a specific code security scan.
- GetCodeSecurityScanConfiguration ( array $params = [] )
- Retrieves information about a code security scan configuration.
- GetConfiguration ( array $params = [] )
- Retrieves setting configurations for Inspector scans.
- GetDelegatedAdminAccount ( array $params = [] )
- Retrieves information about the Amazon Inspector delegated administrator for your organization.
- GetEc2DeepInspectionConfiguration ( array $params = [] )
- Retrieves the activation status of Amazon Inspector deep inspection and custom paths associated with your account.
- GetEncryptionKey ( array $params = [] )
- Gets an encryption key.
- GetFindingsReportStatus ( array $params = [] )
- Gets the status of a findings report.
- GetMember ( array $params = [] )
- Gets member information for your organization.
- GetSbomExport ( array $params = [] )
- Gets details of a software bill of materials (SBOM) report.
- ListAccountPermissions ( array $params = [] )
- Lists the permissions an account has to configure Amazon Inspector.
- ListCisScanConfigurations ( array $params = [] )
- Lists CIS scan configurations.
- ListCisScanResultsAggregatedByChecks ( array $params = [] )
- Lists scan results aggregated by checks.
- ListCisScanResultsAggregatedByTargetResource ( array $params = [] )
- Lists scan results aggregated by a target resource.
- ListCisScans ( array $params = [] )
- Returns a CIS scan list.
- ListCodeSecurityIntegrations ( array $params = [] )
- Lists all code security integrations in your account.
- ListCodeSecurityScanConfigurationAssociations ( array $params = [] )
- Lists the associations between code repositories and Amazon Inspector code security scan configurations.
- ListCodeSecurityScanConfigurations ( array $params = [] )
- Lists all code security scan configurations in your account.
- ListCoverage ( array $params = [] )
- Lists coverage details for your environment.
- ListCoverageStatistics ( array $params = [] )
- Lists Amazon Inspector coverage statistics for your environment.
- ListDelegatedAdminAccounts ( array $params = [] )
- Lists information about the Amazon Inspector delegated administrator of your organization.
- ListFilters ( array $params = [] )
- Lists the filters associated with your account.
- ListFindingAggregations ( array $params = [] )
- Lists aggregated finding data for your environment based on specific criteria.
- ListFindings ( array $params = [] )
- Lists findings for your environment.
- ListMembers ( array $params = [] )
- List members associated with the Amazon Inspector delegated administrator for your organization.
- ListTagsForResource ( array $params = [] )
- Lists all tags attached to a given resource.
- ListUsageTotals ( array $params = [] )
- Lists the Amazon Inspector usage totals over the last 30 days.
- ResetEncryptionKey ( array $params = [] )
- Resets an encryption key.
- SearchVulnerabilities ( array $params = [] )
- Lists Amazon Inspector coverage details for a specific vulnerability.
- SendCisSessionHealth ( array $params = [] )
- Sends a CIS session health.
- SendCisSessionTelemetry ( array $params = [] )
- Sends a CIS session telemetry.
- StartCisSession ( array $params = [] )
- Starts a CIS session.
- StartCodeSecurityScan ( array $params = [] )
- Initiates a code security scan on a specified repository.
- StopCisSession ( array $params = [] )
- Stops a CIS session.
- TagResource ( array $params = [] )
- Adds tags to a resource.
- UntagResource ( array $params = [] )
- Removes tags from a resource.
- UpdateCisScanConfiguration ( array $params = [] )
- Updates a CIS scan configuration.
- UpdateCodeSecurityIntegration ( array $params = [] )
- Updates an existing code security integration.
- UpdateCodeSecurityScanConfiguration ( array $params = [] )
- Updates an existing code security scan configuration.
- UpdateConfiguration ( array $params = [] )
- Updates setting configurations for your Amazon Inspector account.
- UpdateEc2DeepInspectionConfiguration ( array $params = [] )
- Activates, deactivates Amazon Inspector deep inspection, or updates custom paths for your account.
- UpdateEncryptionKey ( array $params = [] )
- Updates an encryption key.
- UpdateFilter ( array $params = [] )
- Specifies the action that is to be applied to the findings that match the filter.
- UpdateOrgEc2DeepInspectionConfiguration ( array $params = [] )
- Updates the Amazon Inspector deep inspection custom paths for your organization.
- UpdateOrganizationConfiguration ( array $params = [] )
- Updates the configurations for your Amazon Inspector organization.
Paginators
Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:
- GetCisScanResultDetails
- GetClustersForImage
- ListAccountPermissions
- ListCisScanConfigurations
- ListCisScanResultsAggregatedByChecks
- ListCisScanResultsAggregatedByTargetResource
- ListCisScans
- ListCoverage
- ListCoverageStatistics
- ListDelegatedAdminAccounts
- ListFilters
- ListFindingAggregations
- ListFindings
- ListMembers
- ListUsageTotals
- SearchVulnerabilities
Operations
AssociateMember
$result = $client->associateMember([/* ... */]); $promise = $client->associateMemberAsync([/* ... */]);
Associates an Amazon Web Services account with an Amazon Inspector delegated administrator. An HTTP 200 response indicates the association was successfully started, but doesn’t indicate whether it was completed. You can check if the association completed by using ListMembers for multiple accounts or GetMembers for a single account.
Parameter Syntax
$result = $client->associateMember([
'accountId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- accountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the member account to be associated.
Result Syntax
[
'accountId' => '<string>',
]
Result Details
Members
- accountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the successfully associated member account.
Errors
- ServiceQuotaExceededException:
You have exceeded your service quota. To perform the requested action, remove some of the relevant resources, or use Service Quotas to request a service quota increase.
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
BatchAssociateCodeSecurityScanConfiguration
$result = $client->batchAssociateCodeSecurityScanConfiguration([/* ... */]); $promise = $client->batchAssociateCodeSecurityScanConfigurationAsync([/* ... */]);
Associates multiple code repositories with an Amazon Inspector code security scan configuration.
Parameter Syntax
$result = $client->batchAssociateCodeSecurityScanConfiguration([
'associateConfigurationRequests' => [ // REQUIRED
[
'resource' => [ // REQUIRED
'projectId' => '<string>',
],
'scanConfigurationArn' => '<string>', // REQUIRED
],
// ...
],
]);
Parameter Details
Members
- associateConfigurationRequests
-
- Required: Yes
- Type: Array of AssociateConfigurationRequest structures
A list of code repositories to associate with the specified scan configuration.
Result Syntax
[
'failedAssociations' => [
[
'resource' => [
'projectId' => '<string>',
],
'scanConfigurationArn' => '<string>',
'statusCode' => 'INTERNAL_ERROR|ACCESS_DENIED|SCAN_CONFIGURATION_NOT_FOUND|INVALID_INPUT|RESOURCE_NOT_FOUND|QUOTA_EXCEEDED',
'statusMessage' => '<string>',
],
// ...
],
'successfulAssociations' => [
[
'resource' => [
'projectId' => '<string>',
],
'scanConfigurationArn' => '<string>',
],
// ...
],
]
Result Details
Members
- failedAssociations
-
- Type: Array of FailedAssociationResult structures
Details of any code repositories that failed to be associated with the scan configuration.
- successfulAssociations
-
- Type: Array of SuccessfulAssociationResult structures
Details of code repositories that were successfully associated with the scan configuration.
Errors
- ConflictException:
A conflict occurred. This exception occurs when the same resource is being modified by concurrent requests.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
BatchDisassociateCodeSecurityScanConfiguration
$result = $client->batchDisassociateCodeSecurityScanConfiguration([/* ... */]); $promise = $client->batchDisassociateCodeSecurityScanConfigurationAsync([/* ... */]);
Disassociates multiple code repositories from an Amazon Inspector code security scan configuration.
Parameter Syntax
$result = $client->batchDisassociateCodeSecurityScanConfiguration([
'disassociateConfigurationRequests' => [ // REQUIRED
[
'resource' => [ // REQUIRED
'projectId' => '<string>',
],
'scanConfigurationArn' => '<string>', // REQUIRED
],
// ...
],
]);
Parameter Details
Members
- disassociateConfigurationRequests
-
- Required: Yes
- Type: Array of DisassociateConfigurationRequest structures
A list of code repositories to disassociate from the specified scan configuration.
Result Syntax
[
'failedAssociations' => [
[
'resource' => [
'projectId' => '<string>',
],
'scanConfigurationArn' => '<string>',
'statusCode' => 'INTERNAL_ERROR|ACCESS_DENIED|SCAN_CONFIGURATION_NOT_FOUND|INVALID_INPUT|RESOURCE_NOT_FOUND|QUOTA_EXCEEDED',
'statusMessage' => '<string>',
],
// ...
],
'successfulAssociations' => [
[
'resource' => [
'projectId' => '<string>',
],
'scanConfigurationArn' => '<string>',
],
// ...
],
]
Result Details
Members
- failedAssociations
-
- Type: Array of FailedAssociationResult structures
Details of any code repositories that failed to be disassociated from the scan configuration.
- successfulAssociations
-
- Type: Array of SuccessfulAssociationResult structures
Details of code repositories that were successfully disassociated from the scan configuration.
Errors
- ConflictException:
A conflict occurred. This exception occurs when the same resource is being modified by concurrent requests.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
BatchGetAccountStatus
$result = $client->batchGetAccountStatus([/* ... */]); $promise = $client->batchGetAccountStatusAsync([/* ... */]);
Retrieves the Amazon Inspector status of multiple Amazon Web Services accounts within your environment.
Parameter Syntax
$result = $client->batchGetAccountStatus([
'accountIds' => ['<string>', ...],
]);
Parameter Details
Members
- accountIds
-
- Type: Array of strings
The 12-digit Amazon Web Services account IDs of the accounts to retrieve Amazon Inspector status for.
Result Syntax
[
'accounts' => [
[
'accountId' => '<string>',
'resourceState' => [
'codeRepository' => [
'errorCode' => 'ALREADY_ENABLED|ENABLE_IN_PROGRESS|DISABLE_IN_PROGRESS|SUSPEND_IN_PROGRESS|RESOURCE_NOT_FOUND|ACCESS_DENIED|INTERNAL_ERROR|SSM_UNAVAILABLE|SSM_THROTTLED|EVENTBRIDGE_UNAVAILABLE|EVENTBRIDGE_THROTTLED|RESOURCE_SCAN_NOT_DISABLED|DISASSOCIATE_ALL_MEMBERS|ACCOUNT_IS_ISOLATED|EC2_SSM_RESOURCE_DATA_SYNC_LIMIT_EXCEEDED|EC2_SSM_ASSOCIATION_VERSION_LIMIT_EXCEEDED',
'errorMessage' => '<string>',
'status' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
],
'ec2' => [
'errorCode' => 'ALREADY_ENABLED|ENABLE_IN_PROGRESS|DISABLE_IN_PROGRESS|SUSPEND_IN_PROGRESS|RESOURCE_NOT_FOUND|ACCESS_DENIED|INTERNAL_ERROR|SSM_UNAVAILABLE|SSM_THROTTLED|EVENTBRIDGE_UNAVAILABLE|EVENTBRIDGE_THROTTLED|RESOURCE_SCAN_NOT_DISABLED|DISASSOCIATE_ALL_MEMBERS|ACCOUNT_IS_ISOLATED|EC2_SSM_RESOURCE_DATA_SYNC_LIMIT_EXCEEDED|EC2_SSM_ASSOCIATION_VERSION_LIMIT_EXCEEDED',
'errorMessage' => '<string>',
'status' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
],
'ecr' => [
'errorCode' => 'ALREADY_ENABLED|ENABLE_IN_PROGRESS|DISABLE_IN_PROGRESS|SUSPEND_IN_PROGRESS|RESOURCE_NOT_FOUND|ACCESS_DENIED|INTERNAL_ERROR|SSM_UNAVAILABLE|SSM_THROTTLED|EVENTBRIDGE_UNAVAILABLE|EVENTBRIDGE_THROTTLED|RESOURCE_SCAN_NOT_DISABLED|DISASSOCIATE_ALL_MEMBERS|ACCOUNT_IS_ISOLATED|EC2_SSM_RESOURCE_DATA_SYNC_LIMIT_EXCEEDED|EC2_SSM_ASSOCIATION_VERSION_LIMIT_EXCEEDED',
'errorMessage' => '<string>',
'status' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
],
'lambda' => [
'errorCode' => 'ALREADY_ENABLED|ENABLE_IN_PROGRESS|DISABLE_IN_PROGRESS|SUSPEND_IN_PROGRESS|RESOURCE_NOT_FOUND|ACCESS_DENIED|INTERNAL_ERROR|SSM_UNAVAILABLE|SSM_THROTTLED|EVENTBRIDGE_UNAVAILABLE|EVENTBRIDGE_THROTTLED|RESOURCE_SCAN_NOT_DISABLED|DISASSOCIATE_ALL_MEMBERS|ACCOUNT_IS_ISOLATED|EC2_SSM_RESOURCE_DATA_SYNC_LIMIT_EXCEEDED|EC2_SSM_ASSOCIATION_VERSION_LIMIT_EXCEEDED',
'errorMessage' => '<string>',
'status' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
],
'lambdaCode' => [
'errorCode' => 'ALREADY_ENABLED|ENABLE_IN_PROGRESS|DISABLE_IN_PROGRESS|SUSPEND_IN_PROGRESS|RESOURCE_NOT_FOUND|ACCESS_DENIED|INTERNAL_ERROR|SSM_UNAVAILABLE|SSM_THROTTLED|EVENTBRIDGE_UNAVAILABLE|EVENTBRIDGE_THROTTLED|RESOURCE_SCAN_NOT_DISABLED|DISASSOCIATE_ALL_MEMBERS|ACCOUNT_IS_ISOLATED|EC2_SSM_RESOURCE_DATA_SYNC_LIMIT_EXCEEDED|EC2_SSM_ASSOCIATION_VERSION_LIMIT_EXCEEDED',
'errorMessage' => '<string>',
'status' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
],
],
'state' => [
'errorCode' => 'ALREADY_ENABLED|ENABLE_IN_PROGRESS|DISABLE_IN_PROGRESS|SUSPEND_IN_PROGRESS|RESOURCE_NOT_FOUND|ACCESS_DENIED|INTERNAL_ERROR|SSM_UNAVAILABLE|SSM_THROTTLED|EVENTBRIDGE_UNAVAILABLE|EVENTBRIDGE_THROTTLED|RESOURCE_SCAN_NOT_DISABLED|DISASSOCIATE_ALL_MEMBERS|ACCOUNT_IS_ISOLATED|EC2_SSM_RESOURCE_DATA_SYNC_LIMIT_EXCEEDED|EC2_SSM_ASSOCIATION_VERSION_LIMIT_EXCEEDED',
'errorMessage' => '<string>',
'status' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
],
],
// ...
],
'failedAccounts' => [
[
'accountId' => '<string>',
'errorCode' => 'ALREADY_ENABLED|ENABLE_IN_PROGRESS|DISABLE_IN_PROGRESS|SUSPEND_IN_PROGRESS|RESOURCE_NOT_FOUND|ACCESS_DENIED|INTERNAL_ERROR|SSM_UNAVAILABLE|SSM_THROTTLED|EVENTBRIDGE_UNAVAILABLE|EVENTBRIDGE_THROTTLED|RESOURCE_SCAN_NOT_DISABLED|DISASSOCIATE_ALL_MEMBERS|ACCOUNT_IS_ISOLATED|EC2_SSM_RESOURCE_DATA_SYNC_LIMIT_EXCEEDED|EC2_SSM_ASSOCIATION_VERSION_LIMIT_EXCEEDED',
'errorMessage' => '<string>',
'resourceStatus' => [
'codeRepository' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
'ec2' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
'ecr' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
'lambda' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
'lambdaCode' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
],
'status' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
],
// ...
],
]
Result Details
Members
- accounts
-
- Required: Yes
- Type: Array of AccountState structures
An array of objects that provide details on the status of Amazon Inspector for each of the requested accounts.
- failedAccounts
-
- Type: Array of FailedAccount structures
An array of objects detailing any accounts that failed to enable Amazon Inspector and why.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
BatchGetCodeSnippet
$result = $client->batchGetCodeSnippet([/* ... */]); $promise = $client->batchGetCodeSnippetAsync([/* ... */]);
Retrieves code snippets from findings that Amazon Inspector detected code vulnerabilities in.
Parameter Syntax
$result = $client->batchGetCodeSnippet([
'findingArns' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- findingArns
-
- Required: Yes
- Type: Array of strings
An array of finding ARNs for the findings you want to retrieve code snippets from.
Result Syntax
[
'codeSnippetResults' => [
[
'codeSnippet' => [
[
'content' => '<string>',
'lineNumber' => <integer>,
],
// ...
],
'endLine' => <integer>,
'findingArn' => '<string>',
'startLine' => <integer>,
'suggestedFixes' => [
[
'code' => '<string>',
'description' => '<string>',
],
// ...
],
],
// ...
],
'errors' => [
[
'errorCode' => 'INTERNAL_ERROR|ACCESS_DENIED|CODE_SNIPPET_NOT_FOUND|INVALID_INPUT',
'errorMessage' => '<string>',
'findingArn' => '<string>',
],
// ...
],
]
Result Details
Members
- codeSnippetResults
-
- Type: Array of CodeSnippetResult structures
The retrieved code snippets associated with the provided finding ARNs.
- errors
-
- Type: Array of CodeSnippetError structures
Any errors Amazon Inspector encountered while trying to retrieve the requested code snippets.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
BatchGetFindingDetails
$result = $client->batchGetFindingDetails([/* ... */]); $promise = $client->batchGetFindingDetailsAsync([/* ... */]);
Gets vulnerability details for findings.
Parameter Syntax
$result = $client->batchGetFindingDetails([
'findingArns' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- findingArns
-
- Required: Yes
- Type: Array of strings
A list of finding ARNs.
Result Syntax
[
'errors' => [
[
'errorCode' => 'INTERNAL_ERROR|ACCESS_DENIED|FINDING_DETAILS_NOT_FOUND|INVALID_INPUT',
'errorMessage' => '<string>',
'findingArn' => '<string>',
],
// ...
],
'findingDetails' => [
[
'cisaData' => [
'action' => '<string>',
'dateAdded' => <DateTime>,
'dateDue' => <DateTime>,
],
'cwes' => ['<string>', ...],
'epssScore' => <float>,
'evidences' => [
[
'evidenceDetail' => '<string>',
'evidenceRule' => '<string>',
'severity' => '<string>',
],
// ...
],
'exploitObserved' => [
'firstSeen' => <DateTime>,
'lastSeen' => <DateTime>,
],
'findingArn' => '<string>',
'referenceUrls' => ['<string>', ...],
'riskScore' => <integer>,
'tools' => ['<string>', ...],
'ttps' => ['<string>', ...],
],
// ...
],
]
Result Details
Members
- errors
-
- Type: Array of FindingDetailsError structures
Error information for findings that details could not be returned for.
- findingDetails
-
- Type: Array of FindingDetail structures
A finding's vulnerability details.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
Examples
Example 1: Sample BatchGetFindingDetails Call
$result = $client->batchGetFindingDetails([
'findingArns' => [
'arn:aws:inspector2:eu-west-1:123456789012:finding/78b88cc9aa1d78b6e14fde90d774dde7',
'arn:aws:inspector2:eu-west-1:111111111111:finding/78b88cc9aa1d78b6e14fde90d874dde7',
],
]);
Result syntax:
[
'errors' => [
[
'errorCode' => 'ACCESS_DENIED',
'errorMessage' => 'You don't have permission to access this finding',
'findingArn' => 'arn:aws:inspector2:eu-west-1:111111111111:finding/78b88cc9aa1d78b6e14fde90d874dde7',
],
],
'findingDetails' => [
[
'cisaData' => [
'action' => 'For all affected software assets for which updates exist, the only acceptable remediation actions are: 1) Apply updates; OR 2) remove affected assets from agency networks.',
'dateAdded' => ,
'dateDue' => ,
],
'cwes' => [
'cwe-1234',
],
'epssScore' => 0.85,
'evidences' => [
[
'evidenceDetail' => '2 sightings on 1 source',
'evidenceRule' => 'Historically Linked to Penetration Testing Tools',
'severity' => 'Low',
],
],
'exploitObserved' => [
'firstSeen' => ,
'lastSeen' => ,
],
'findingArn' => 'arn:aws:inspector2:eu-west-1:123456789012:finding/78b88cc9aa1d78b6e14fde90d774dde7',
'referenceUrls' => [
'https://nvd.nist.gov/vuln/detail/CVE-2019-20367',
],
'riskScore' => 66,
'tools' => [
'Metasploit',
],
'ttps' => [
'TA0001',
'TA0002',
],
],
],
]
BatchGetFreeTrialInfo
$result = $client->batchGetFreeTrialInfo([/* ... */]); $promise = $client->batchGetFreeTrialInfoAsync([/* ... */]);
Gets free trial status for multiple Amazon Web Services accounts.
Parameter Syntax
$result = $client->batchGetFreeTrialInfo([
'accountIds' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- accountIds
-
- Required: Yes
- Type: Array of strings
The account IDs to get free trial status for.
Result Syntax
[
'accounts' => [
[
'accountId' => '<string>',
'freeTrialInfo' => [
[
'end' => <DateTime>,
'start' => <DateTime>,
'status' => 'ACTIVE|INACTIVE',
'type' => 'EC2|ECR|LAMBDA|LAMBDA_CODE|CODE_REPOSITORY',
],
// ...
],
],
// ...
],
'failedAccounts' => [
[
'accountId' => '<string>',
'code' => 'ACCESS_DENIED|INTERNAL_ERROR',
'message' => '<string>',
],
// ...
],
]
Result Details
Members
- accounts
-
- Required: Yes
- Type: Array of FreeTrialAccountInfo structures
An array of objects that provide Amazon Inspector free trial details for each of the requested accounts.
- failedAccounts
-
- Required: Yes
- Type: Array of FreeTrialInfoError structures
An array of objects detailing any accounts that free trial data could not be returned for.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
BatchGetMemberEc2DeepInspectionStatus
$result = $client->batchGetMemberEc2DeepInspectionStatus([/* ... */]); $promise = $client->batchGetMemberEc2DeepInspectionStatusAsync([/* ... */]);
Retrieves Amazon Inspector deep inspection activation status of multiple member accounts within your organization. You must be the delegated administrator of an organization in Amazon Inspector to use this API.
Parameter Syntax
$result = $client->batchGetMemberEc2DeepInspectionStatus([
'accountIds' => ['<string>', ...],
]);
Parameter Details
Members
- accountIds
-
- Type: Array of strings
The unique identifiers for the Amazon Web Services accounts to retrieve Amazon Inspector deep inspection activation status for.
Result Syntax
[
'accountIds' => [
[
'accountId' => '<string>',
'errorMessage' => '<string>',
'status' => 'ACTIVATED|DEACTIVATED|PENDING|FAILED',
],
// ...
],
'failedAccountIds' => [
[
'accountId' => '<string>',
'ec2ScanStatus' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
'errorMessage' => '<string>',
],
// ...
],
]
Result Details
Members
- accountIds
-
- Type: Array of MemberAccountEc2DeepInspectionStatusState structures
An array of objects that provide details on the activation status of Amazon Inspector deep inspection for each of the requested accounts.
- failedAccountIds
-
- Type: Array of FailedMemberAccountEc2DeepInspectionStatusState structures
An array of objects that provide details on any accounts that failed to activate Amazon Inspector deep inspection and why.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
BatchUpdateMemberEc2DeepInspectionStatus
$result = $client->batchUpdateMemberEc2DeepInspectionStatus([/* ... */]); $promise = $client->batchUpdateMemberEc2DeepInspectionStatusAsync([/* ... */]);
Activates or deactivates Amazon Inspector deep inspection for the provided member accounts in your organization. You must be the delegated administrator of an organization in Amazon Inspector to use this API.
Parameter Syntax
$result = $client->batchUpdateMemberEc2DeepInspectionStatus([
'accountIds' => [ // REQUIRED
[
'accountId' => '<string>', // REQUIRED
'activateDeepInspection' => true || false, // REQUIRED
],
// ...
],
]);
Parameter Details
Members
- accountIds
-
- Required: Yes
- Type: Array of MemberAccountEc2DeepInspectionStatus structures
The unique identifiers for the Amazon Web Services accounts to change Amazon Inspector deep inspection status for.
Result Syntax
[
'accountIds' => [
[
'accountId' => '<string>',
'errorMessage' => '<string>',
'status' => 'ACTIVATED|DEACTIVATED|PENDING|FAILED',
],
// ...
],
'failedAccountIds' => [
[
'accountId' => '<string>',
'ec2ScanStatus' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
'errorMessage' => '<string>',
],
// ...
],
]
Result Details
Members
- accountIds
-
- Type: Array of MemberAccountEc2DeepInspectionStatusState structures
An array of objects that provide details for each of the accounts that Amazon Inspector deep inspection status was successfully changed for.
- failedAccountIds
-
- Type: Array of FailedMemberAccountEc2DeepInspectionStatusState structures
An array of objects that provide details for each of the accounts that Amazon Inspector deep inspection status could not be successfully changed for.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
CancelFindingsReport
$result = $client->cancelFindingsReport([/* ... */]); $promise = $client->cancelFindingsReportAsync([/* ... */]);
Cancels the given findings report.
Parameter Syntax
$result = $client->cancelFindingsReport([
'reportId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- reportId
-
- Required: Yes
- Type: string
The ID of the report to be canceled.
Result Syntax
[
'reportId' => '<string>',
]
Result Details
Members
- reportId
-
- Required: Yes
- Type: string
The ID of the canceled report.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
CancelSbomExport
$result = $client->cancelSbomExport([/* ... */]); $promise = $client->cancelSbomExportAsync([/* ... */]);
Cancels a software bill of materials (SBOM) report.
Parameter Syntax
$result = $client->cancelSbomExport([
'reportId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- reportId
-
- Required: Yes
- Type: string
The report ID of the SBOM export to cancel.
Result Syntax
[
'reportId' => '<string>',
]
Result Details
Members
- reportId
-
- Type: string
The report ID of the canceled SBOM export.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
CreateCisScanConfiguration
$result = $client->createCisScanConfiguration([/* ... */]); $promise = $client->createCisScanConfigurationAsync([/* ... */]);
Creates a CIS scan configuration.
Parameter Syntax
$result = $client->createCisScanConfiguration([
'scanName' => '<string>', // REQUIRED
'schedule' => [ // REQUIRED
'daily' => [
'startTime' => [ // REQUIRED
'timeOfDay' => '<string>', // REQUIRED
'timezone' => '<string>', // REQUIRED
],
],
'monthly' => [
'day' => 'SUN|MON|TUE|WED|THU|FRI|SAT', // REQUIRED
'startTime' => [ // REQUIRED
'timeOfDay' => '<string>', // REQUIRED
'timezone' => '<string>', // REQUIRED
],
],
'oneTime' => [
],
'weekly' => [
'days' => ['<string>', ...], // REQUIRED
'startTime' => [ // REQUIRED
'timeOfDay' => '<string>', // REQUIRED
'timezone' => '<string>', // REQUIRED
],
],
],
'securityLevel' => 'LEVEL_1|LEVEL_2', // REQUIRED
'tags' => ['<string>', ...],
'targets' => [ // REQUIRED
'accountIds' => ['<string>', ...], // REQUIRED
'targetResourceTags' => [ // REQUIRED
'<TargetResourceTagsKey>' => ['<string>', ...],
// ...
],
],
]);
Parameter Details
Members
- scanName
-
- Required: Yes
- Type: string
The scan name for the CIS scan configuration.
- schedule
-
- Required: Yes
- Type: Schedule structure
The schedule for the CIS scan configuration.
- securityLevel
-
- Required: Yes
- Type: string
The security level for the CIS scan configuration. Security level refers to the Benchmark levels that CIS assigns to a profile.
- tags
-
- Type: Associative array of custom strings keys (MapKey) to strings
The tags for the CIS scan configuration.
- targets
-
- Required: Yes
- Type: CreateCisTargets structure
The targets for the CIS scan configuration.
Result Syntax
[
'scanConfigurationArn' => '<string>',
]
Result Details
Members
- scanConfigurationArn
-
- Type: string
The scan configuration ARN for the CIS scan configuration.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
Examples
Example 1: Sample CreateCisScanConfiguration Call
$result = $client->createCisScanConfiguration([
'scanName' => 'sample',
'schedule' => [
'daily' => [
'startTime' => [
'timeOfDay' => '12:34',
'timezone' => 'UTC',
],
],
],
'securityLevel' => 'LEVEL_1',
'targets' => [
'accountIds' => [
'SELF',
],
'targetResourceTags' => [
'key' => [
'value',
],
],
],
]);
Result syntax:
[
'scanConfigurationArn' => 'arn:aws:inspector2:us-east-1:123412341234:owner/123412341234/cis-configuration/624b746d-e080-44ae-8c1d-48e653365a38',
]
CreateCodeSecurityIntegration
$result = $client->createCodeSecurityIntegration([/* ... */]); $promise = $client->createCodeSecurityIntegrationAsync([/* ... */]);
Creates a code security integration with a source code repository provider.
After calling the CreateCodeSecurityIntegration operation, you complete authentication and authorization with your provider. Next you call the UpdateCodeSecurityIntegration operation to provide the details to complete the integration setup
Parameter Syntax
$result = $client->createCodeSecurityIntegration([
'details' => [
'gitlabSelfManaged' => [
'accessToken' => '<string>', // REQUIRED
'instanceUrl' => '<string>', // REQUIRED
],
],
'name' => '<string>', // REQUIRED
'tags' => ['<string>', ...],
'type' => 'GITLAB_SELF_MANAGED|GITHUB', // REQUIRED
]);
Parameter Details
Members
- details
-
- Type: CreateIntegrationDetail structure
The integration details specific to the repository provider type.
- name
-
- Required: Yes
- Type: string
The name of the code security integration.
- tags
-
- Type: Associative array of custom strings keys (MapKey) to strings
The tags to apply to the code security integration.
- type
-
- Required: Yes
- Type: string
The type of repository provider for the integration.
Result Syntax
[
'authorizationUrl' => '<string>',
'integrationArn' => '<string>',
'status' => 'PENDING|IN_PROGRESS|ACTIVE|INACTIVE|DISABLING',
]
Result Details
Members
- authorizationUrl
-
- Type: string
The URL used to authorize the integration with the repository provider.
- integrationArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the created code security integration.
- status
-
- Required: Yes
- Type: string
The current status of the code security integration.
Errors
- ServiceQuotaExceededException:
You have exceeded your service quota. To perform the requested action, remove some of the relevant resources, or use Service Quotas to request a service quota increase.
- ConflictException:
A conflict occurred. This exception occurs when the same resource is being modified by concurrent requests.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
CreateCodeSecurityScanConfiguration
$result = $client->createCodeSecurityScanConfiguration([/* ... */]); $promise = $client->createCodeSecurityScanConfigurationAsync([/* ... */]);
Creates a scan configuration for code security scanning.
Parameter Syntax
$result = $client->createCodeSecurityScanConfiguration([
'configuration' => [ // REQUIRED
'continuousIntegrationScanConfiguration' => [
'supportedEvents' => ['<string>', ...], // REQUIRED
],
'periodicScanConfiguration' => [
'frequency' => 'WEEKLY|MONTHLY|NEVER',
'frequencyExpression' => '<string>',
],
'ruleSetCategories' => ['<string>', ...], // REQUIRED
],
'level' => 'ORGANIZATION|ACCOUNT', // REQUIRED
'name' => '<string>', // REQUIRED
'scopeSettings' => [
'projectSelectionScope' => 'ALL',
],
'tags' => ['<string>', ...],
]);
Parameter Details
Members
- configuration
-
- Required: Yes
- Type: CodeSecurityScanConfiguration structure
The configuration settings for the code security scan.
- level
-
- Required: Yes
- Type: string
The security level for the scan configuration.
- name
-
- Required: Yes
- Type: string
The name of the scan configuration.
- scopeSettings
-
- Type: ScopeSettings structure
The scope settings that define which repositories will be scanned. Include this parameter to create a default scan configuration. Otherwise Amazon Inspector creates a general scan configuration.
A default scan configuration automatically applies to all existing and future projects imported into Amazon Inspector. Use the
BatchAssociateCodeSecurityScanConfigurationoperation to associate a general scan configuration with projects. - tags
-
- Type: Associative array of custom strings keys (MapKey) to strings
The tags to apply to the scan configuration.
Result Syntax
[
'scanConfigurationArn' => '<string>',
]
Result Details
Members
- scanConfigurationArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the created scan configuration.
Errors
- ServiceQuotaExceededException:
You have exceeded your service quota. To perform the requested action, remove some of the relevant resources, or use Service Quotas to request a service quota increase.
- ConflictException:
A conflict occurred. This exception occurs when the same resource is being modified by concurrent requests.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
CreateFilter
$result = $client->createFilter([/* ... */]); $promise = $client->createFilterAsync([/* ... */]);
Creates a filter resource using specified filter criteria. When the filter action is set to SUPPRESS this action creates a suppression rule.
Parameter Syntax
$result = $client->createFilter([
'action' => 'NONE|SUPPRESS', // REQUIRED
'description' => '<string>',
'filterCriteria' => [ // REQUIRED
'awsAccountId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'codeRepositoryProjectName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'codeRepositoryProviderType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'codeVulnerabilityDetectorName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'codeVulnerabilityDetectorTags' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'codeVulnerabilityFilePath' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'componentId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'componentType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ec2InstanceImageId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ec2InstanceSubnetId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ec2InstanceVpcId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrImageArchitecture' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrImageHash' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrImageInUseCount' => [
[
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
// ...
],
'ecrImageLastInUseAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'ecrImagePushedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'ecrImageRegistry' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrImageRepositoryName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrImageTags' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'epssScore' => [
[
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
// ...
],
'exploitAvailable' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'findingArn' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'findingStatus' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'findingType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'firstObservedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'fixAvailable' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'inspectorScore' => [
[
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
// ...
],
'lambdaFunctionExecutionRoleArn' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lambdaFunctionLastModifiedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'lambdaFunctionLayers' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lambdaFunctionName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lambdaFunctionRuntime' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lastObservedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'networkProtocol' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'portRange' => [
[
'beginInclusive' => <integer>,
'endInclusive' => <integer>,
],
// ...
],
'relatedVulnerabilities' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'resourceId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'resourceTags' => [
[
'comparison' => 'EQUALS', // REQUIRED
'key' => '<string>', // REQUIRED
'value' => '<string>',
],
// ...
],
'resourceType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'severity' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'title' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'updatedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'vendorSeverity' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'vulnerabilityId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'vulnerabilitySource' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'vulnerablePackages' => [
[
'architecture' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'epoch' => [
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
'filePath' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'name' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'release' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'sourceLambdaLayerArn' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'sourceLayerHash' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'version' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
],
// ...
],
],
'name' => '<string>', // REQUIRED
'reason' => '<string>',
'tags' => ['<string>', ...],
]);
Parameter Details
Members
- action
-
- Required: Yes
- Type: string
Defines the action that is to be applied to the findings that match the filter.
- description
-
- Type: string
A description of the filter.
- filterCriteria
-
- Required: Yes
- Type: FilterCriteria structure
Defines the criteria to be used in the filter for querying findings.
- name
-
- Required: Yes
- Type: string
The name of the filter. Minimum length of 3. Maximum length of 64. Valid characters include alphanumeric characters, dot (.), underscore (_), and dash (-). Spaces are not allowed.
- reason
-
- Type: string
The reason for creating the filter.
- tags
-
- Type: Associative array of custom strings keys (MapKey) to strings
A list of tags for the filter.
Result Syntax
[
'arn' => '<string>',
]
Result Details
Members
- arn
-
- Required: Yes
- Type: string
The Amazon Resource Number (ARN) of the successfully created filter.
Errors
- ServiceQuotaExceededException:
You have exceeded your service quota. To perform the requested action, remove some of the relevant resources, or use Service Quotas to request a service quota increase.
- BadRequestException:
One or more tags submitted as part of the request is not valid.
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
CreateFindingsReport
$result = $client->createFindingsReport([/* ... */]); $promise = $client->createFindingsReportAsync([/* ... */]);
Creates a finding report. By default only ACTIVE findings are returned in the report. To see SUPRESSED or CLOSED findings you must specify a value for the findingStatus filter criteria.
Parameter Syntax
$result = $client->createFindingsReport([
'filterCriteria' => [
'awsAccountId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'codeRepositoryProjectName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'codeRepositoryProviderType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'codeVulnerabilityDetectorName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'codeVulnerabilityDetectorTags' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'codeVulnerabilityFilePath' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'componentId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'componentType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ec2InstanceImageId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ec2InstanceSubnetId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ec2InstanceVpcId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrImageArchitecture' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrImageHash' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrImageInUseCount' => [
[
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
// ...
],
'ecrImageLastInUseAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'ecrImagePushedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'ecrImageRegistry' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrImageRepositoryName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrImageTags' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'epssScore' => [
[
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
// ...
],
'exploitAvailable' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'findingArn' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'findingStatus' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'findingType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'firstObservedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'fixAvailable' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'inspectorScore' => [
[
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
// ...
],
'lambdaFunctionExecutionRoleArn' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lambdaFunctionLastModifiedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'lambdaFunctionLayers' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lambdaFunctionName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lambdaFunctionRuntime' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lastObservedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'networkProtocol' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'portRange' => [
[
'beginInclusive' => <integer>,
'endInclusive' => <integer>,
],
// ...
],
'relatedVulnerabilities' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'resourceId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'resourceTags' => [
[
'comparison' => 'EQUALS', // REQUIRED
'key' => '<string>', // REQUIRED
'value' => '<string>',
],
// ...
],
'resourceType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'severity' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'title' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'updatedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'vendorSeverity' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'vulnerabilityId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'vulnerabilitySource' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'vulnerablePackages' => [
[
'architecture' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'epoch' => [
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
'filePath' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'name' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'release' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'sourceLambdaLayerArn' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'sourceLayerHash' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'version' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
],
// ...
],
],
'reportFormat' => 'CSV|JSON', // REQUIRED
's3Destination' => [ // REQUIRED
'bucketName' => '<string>', // REQUIRED
'keyPrefix' => '<string>',
'kmsKeyArn' => '<string>', // REQUIRED
],
]);
Parameter Details
Members
- filterCriteria
-
- Type: FilterCriteria structure
The filter criteria to apply to the results of the finding report.
- reportFormat
-
- Required: Yes
- Type: string
The format to generate the report in.
- s3Destination
-
- Required: Yes
- Type: Destination structure
The Amazon S3 export destination for the report.
Result Syntax
[
'reportId' => '<string>',
]
Result Details
Members
- reportId
-
- Type: string
The ID of the report.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
CreateSbomExport
$result = $client->createSbomExport([/* ... */]); $promise = $client->createSbomExportAsync([/* ... */]);
Creates a software bill of materials (SBOM) report.
Parameter Syntax
$result = $client->createSbomExport([
'reportFormat' => 'CYCLONEDX_1_4|SPDX_2_3', // REQUIRED
'resourceFilterCriteria' => [
'accountId' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ec2InstanceTags' => [
[
'comparison' => 'EQUALS', // REQUIRED
'key' => '<string>', // REQUIRED
'value' => '<string>',
],
// ...
],
'ecrImageTags' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrRepositoryName' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lambdaFunctionName' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lambdaFunctionTags' => [
[
'comparison' => 'EQUALS', // REQUIRED
'key' => '<string>', // REQUIRED
'value' => '<string>',
],
// ...
],
'resourceId' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'resourceType' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
],
's3Destination' => [ // REQUIRED
'bucketName' => '<string>', // REQUIRED
'keyPrefix' => '<string>',
'kmsKeyArn' => '<string>', // REQUIRED
],
]);
Parameter Details
Members
- reportFormat
-
- Required: Yes
- Type: string
The output format for the software bill of materials (SBOM) report.
- resourceFilterCriteria
-
- Type: ResourceFilterCriteria structure
The resource filter criteria for the software bill of materials (SBOM) report.
- s3Destination
-
- Required: Yes
- Type: Destination structure
Contains details of the Amazon S3 bucket and KMS key used to export findings.
Result Syntax
[
'reportId' => '<string>',
]
Result Details
Members
- reportId
-
- Type: string
The report ID for the software bill of materials (SBOM) report.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
DeleteCisScanConfiguration
$result = $client->deleteCisScanConfiguration([/* ... */]); $promise = $client->deleteCisScanConfigurationAsync([/* ... */]);
Deletes a CIS scan configuration.
Parameter Syntax
$result = $client->deleteCisScanConfiguration([
'scanConfigurationArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- scanConfigurationArn
-
- Required: Yes
- Type: string
The ARN of the CIS scan configuration.
Result Syntax
[
'scanConfigurationArn' => '<string>',
]
Result Details
Members
- scanConfigurationArn
-
- Required: Yes
- Type: string
The ARN of the CIS scan configuration.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
Examples
Example 1: Sample DeleteCisScanConfiguration Call
$result = $client->deleteCisScanConfiguration([
'scanConfigurationArn' => 'arn:aws:inspector2:us-east-1:123412341234:owner/123412341234/cis-configuration/624b746d-e080-44ae-8c1d-48e653365a38',
]);
Result syntax:
[
'scanConfigurationArn' => 'arn:aws:inspector2:us-east-1:123412341234:owner/123412341234/cis-configuration/624b746d-e080-44ae-8c1d-48e653365a38',
]
DeleteCodeSecurityIntegration
$result = $client->deleteCodeSecurityIntegration([/* ... */]); $promise = $client->deleteCodeSecurityIntegrationAsync([/* ... */]);
Deletes a code security integration.
Parameter Syntax
$result = $client->deleteCodeSecurityIntegration([
'integrationArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- integrationArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the code security integration to delete.
Result Syntax
[
'integrationArn' => '<string>',
]
Result Details
Members
- integrationArn
-
- Type: string
The Amazon Resource Name (ARN) of the deleted code security integration.
Errors
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
DeleteCodeSecurityScanConfiguration
$result = $client->deleteCodeSecurityScanConfiguration([/* ... */]); $promise = $client->deleteCodeSecurityScanConfigurationAsync([/* ... */]);
Deletes a code security scan configuration.
Parameter Syntax
$result = $client->deleteCodeSecurityScanConfiguration([
'scanConfigurationArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- scanConfigurationArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the scan configuration to delete.
Result Syntax
[
'scanConfigurationArn' => '<string>',
]
Result Details
Members
- scanConfigurationArn
-
- Type: string
The Amazon Resource Name (ARN) of the deleted scan configuration.
Errors
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
DeleteFilter
$result = $client->deleteFilter([/* ... */]); $promise = $client->deleteFilterAsync([/* ... */]);
Deletes a filter resource.
Parameter Syntax
$result = $client->deleteFilter([
'arn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- arn
-
- Required: Yes
- Type: string
The Amazon Resource Number (ARN) of the filter to be deleted.
Result Syntax
[
'arn' => '<string>',
]
Result Details
Members
- arn
-
- Required: Yes
- Type: string
The Amazon Resource Number (ARN) of the filter that has been deleted.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
DescribeOrganizationConfiguration
$result = $client->describeOrganizationConfiguration([/* ... */]); $promise = $client->describeOrganizationConfigurationAsync([/* ... */]);
Describe Amazon Inspector configuration settings for an Amazon Web Services organization.
Parameter Syntax
$result = $client->describeOrganizationConfiguration([ ]);
Parameter Details
Members
Result Syntax
[
'autoEnable' => [
'codeRepository' => true || false,
'ec2' => true || false,
'ecr' => true || false,
'lambda' => true || false,
'lambdaCode' => true || false,
],
'maxAccountLimitReached' => true || false,
]
Result Details
Members
- autoEnable
-
- Type: AutoEnable structure
The scan types are automatically enabled for new members of your organization.
- maxAccountLimitReached
-
- Type: boolean
Represents whether your organization has reached the maximum Amazon Web Services account limit for Amazon Inspector.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
Disable
$result = $client->disable([/* ... */]); $promise = $client->disableAsync([/* ... */]);
Disables Amazon Inspector scans for one or more Amazon Web Services accounts. Disabling all scan types in an account disables the Amazon Inspector service.
Parameter Syntax
$result = $client->disable([
'accountIds' => ['<string>', ...],
'resourceTypes' => ['<string>', ...],
]);
Parameter Details
Members
- accountIds
-
- Type: Array of strings
An array of account IDs you want to disable Amazon Inspector scans for.
- resourceTypes
-
- Type: Array of strings
The resource scan types you want to disable.
Result Syntax
[
'accounts' => [
[
'accountId' => '<string>',
'resourceStatus' => [
'codeRepository' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
'ec2' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
'ecr' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
'lambda' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
'lambdaCode' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
],
'status' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
],
// ...
],
'failedAccounts' => [
[
'accountId' => '<string>',
'errorCode' => 'ALREADY_ENABLED|ENABLE_IN_PROGRESS|DISABLE_IN_PROGRESS|SUSPEND_IN_PROGRESS|RESOURCE_NOT_FOUND|ACCESS_DENIED|INTERNAL_ERROR|SSM_UNAVAILABLE|SSM_THROTTLED|EVENTBRIDGE_UNAVAILABLE|EVENTBRIDGE_THROTTLED|RESOURCE_SCAN_NOT_DISABLED|DISASSOCIATE_ALL_MEMBERS|ACCOUNT_IS_ISOLATED|EC2_SSM_RESOURCE_DATA_SYNC_LIMIT_EXCEEDED|EC2_SSM_ASSOCIATION_VERSION_LIMIT_EXCEEDED',
'errorMessage' => '<string>',
'resourceStatus' => [
'codeRepository' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
'ec2' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
'ecr' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
'lambda' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
'lambdaCode' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
],
'status' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
],
// ...
],
]
Result Details
Members
- accounts
-
- Required: Yes
- Type: Array of Account structures
Information on the accounts that have had Amazon Inspector scans successfully disabled. Details are provided for each account.
- failedAccounts
-
- Type: Array of FailedAccount structures
Information on any accounts for which Amazon Inspector scans could not be disabled. Details are provided for each account.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
DisableDelegatedAdminAccount
$result = $client->disableDelegatedAdminAccount([/* ... */]); $promise = $client->disableDelegatedAdminAccountAsync([/* ... */]);
Disables the Amazon Inspector delegated administrator for your organization.
Parameter Syntax
$result = $client->disableDelegatedAdminAccount([
'delegatedAdminAccountId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- delegatedAdminAccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the current Amazon Inspector delegated administrator.
Result Syntax
[
'delegatedAdminAccountId' => '<string>',
]
Result Details
Members
- delegatedAdminAccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the successfully disabled delegated administrator.
Errors
- ConflictException:
A conflict occurred. This exception occurs when the same resource is being modified by concurrent requests.
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
DisassociateMember
$result = $client->disassociateMember([/* ... */]); $promise = $client->disassociateMemberAsync([/* ... */]);
Disassociates a member account from an Amazon Inspector delegated administrator.
Parameter Syntax
$result = $client->disassociateMember([
'accountId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- accountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the member account to disassociate.
Result Syntax
[
'accountId' => '<string>',
]
Result Details
Members
- accountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the successfully disassociated member.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
Enable
$result = $client->enable([/* ... */]); $promise = $client->enableAsync([/* ... */]);
Enables Amazon Inspector scans for one or more Amazon Web Services accounts.
Parameter Syntax
$result = $client->enable([
'accountIds' => ['<string>', ...],
'clientToken' => '<string>',
'resourceTypes' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- accountIds
-
- Type: Array of strings
A list of account IDs you want to enable Amazon Inspector scans for.
- clientToken
-
- Type: string
The idempotency token for the request.
- resourceTypes
-
- Required: Yes
- Type: Array of strings
The resource scan types you want to enable.
Result Syntax
[
'accounts' => [
[
'accountId' => '<string>',
'resourceStatus' => [
'codeRepository' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
'ec2' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
'ecr' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
'lambda' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
'lambdaCode' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
],
'status' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
],
// ...
],
'failedAccounts' => [
[
'accountId' => '<string>',
'errorCode' => 'ALREADY_ENABLED|ENABLE_IN_PROGRESS|DISABLE_IN_PROGRESS|SUSPEND_IN_PROGRESS|RESOURCE_NOT_FOUND|ACCESS_DENIED|INTERNAL_ERROR|SSM_UNAVAILABLE|SSM_THROTTLED|EVENTBRIDGE_UNAVAILABLE|EVENTBRIDGE_THROTTLED|RESOURCE_SCAN_NOT_DISABLED|DISASSOCIATE_ALL_MEMBERS|ACCOUNT_IS_ISOLATED|EC2_SSM_RESOURCE_DATA_SYNC_LIMIT_EXCEEDED|EC2_SSM_ASSOCIATION_VERSION_LIMIT_EXCEEDED',
'errorMessage' => '<string>',
'resourceStatus' => [
'codeRepository' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
'ec2' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
'ecr' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
'lambda' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
'lambdaCode' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
],
'status' => 'ENABLING|ENABLED|DISABLING|DISABLED|SUSPENDING|SUSPENDED',
],
// ...
],
]
Result Details
Members
- accounts
-
- Required: Yes
- Type: Array of Account structures
Information on the accounts that have had Amazon Inspector scans successfully enabled. Details are provided for each account.
- failedAccounts
-
- Type: Array of FailedAccount structures
Information on any accounts for which Amazon Inspector scans could not be enabled. Details are provided for each account.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
EnableDelegatedAdminAccount
$result = $client->enableDelegatedAdminAccount([/* ... */]); $promise = $client->enableDelegatedAdminAccountAsync([/* ... */]);
Enables the Amazon Inspector delegated administrator for your Organizations organization.
Parameter Syntax
$result = $client->enableDelegatedAdminAccount([
'clientToken' => '<string>',
'delegatedAdminAccountId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- clientToken
-
- Type: string
The idempotency token for the request.
- delegatedAdminAccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the Amazon Inspector delegated administrator.
Result Syntax
[
'delegatedAdminAccountId' => '<string>',
]
Result Details
Members
- delegatedAdminAccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the successfully Amazon Inspector delegated administrator.
Errors
- ConflictException:
A conflict occurred. This exception occurs when the same resource is being modified by concurrent requests.
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
GetCisScanReport
$result = $client->getCisScanReport([/* ... */]); $promise = $client->getCisScanReportAsync([/* ... */]);
Retrieves a CIS scan report.
Parameter Syntax
$result = $client->getCisScanReport([
'reportFormat' => 'PDF|CSV',
'scanArn' => '<string>', // REQUIRED
'targetAccounts' => ['<string>', ...],
]);
Parameter Details
Members
- reportFormat
-
- Type: string
The format of the report. Valid values are
PDFandCSV. If no value is specified, the report format defaults toPDF. - scanArn
-
- Required: Yes
- Type: string
The scan ARN.
- targetAccounts
-
- Type: Array of strings
The target accounts.
Result Syntax
[
'status' => 'SUCCEEDED|FAILED|IN_PROGRESS',
'url' => '<string>',
]
Result Details
Members
- status
-
- Type: string
The status.
- url
-
- Type: string
The URL where a PDF or CSV of the CIS scan report can be downloaded.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
Examples
Example 1: Sample GetCisScanReport Call
$result = $client->getCisScanReport([
'reportFormat' => 'PDF',
'scanArn' => 'arn:aws:inspector2:us-east-1:123412341234:owner/123412341234/cis-scan/624b746d-e080-44ae-8c1d-48e653365a38',
]);
Result syntax:
[
'status' => 'SUCCEEDED',
'url' => 'www.s3.amazon.com/abcdef',
]
GetCisScanResultDetails
$result = $client->getCisScanResultDetails([/* ... */]); $promise = $client->getCisScanResultDetailsAsync([/* ... */]);
Retrieves CIS scan result details.
Parameter Syntax
$result = $client->getCisScanResultDetails([
'accountId' => '<string>', // REQUIRED
'filterCriteria' => [
'checkIdFilters' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'findingArnFilters' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'findingStatusFilters' => [
[
'comparison' => 'EQUALS', // REQUIRED
'value' => 'PASSED|FAILED|SKIPPED', // REQUIRED
],
// ...
],
'securityLevelFilters' => [
[
'comparison' => 'EQUALS', // REQUIRED
'value' => 'LEVEL_1|LEVEL_2', // REQUIRED
],
// ...
],
'titleFilters' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
],
'maxResults' => <integer>,
'nextToken' => '<string>',
'scanArn' => '<string>', // REQUIRED
'sortBy' => 'CHECK_ID|STATUS',
'sortOrder' => 'ASC|DESC',
'targetResourceId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- accountId
-
- Required: Yes
- Type: string
The account ID.
- filterCriteria
-
- Type: CisScanResultDetailsFilterCriteria structure
The filter criteria.
- maxResults
-
- Type: int
The maximum number of CIS scan result details to be returned in a single page of results.
- nextToken
-
- Type: string
The pagination token from a previous request that's used to retrieve the next page of results.
- scanArn
-
- Required: Yes
- Type: string
The scan ARN.
- sortBy
-
- Type: string
The sort by order.
- sortOrder
-
- Type: string
The sort order.
- targetResourceId
-
- Required: Yes
- Type: string
The target resource ID.
Result Syntax
[
'nextToken' => '<string>',
'scanResultDetails' => [
[
'accountId' => '<string>',
'checkDescription' => '<string>',
'checkId' => '<string>',
'findingArn' => '<string>',
'level' => 'LEVEL_1|LEVEL_2',
'platform' => '<string>',
'remediation' => '<string>',
'scanArn' => '<string>',
'status' => 'PASSED|FAILED|SKIPPED',
'statusReason' => '<string>',
'targetResourceId' => '<string>',
'title' => '<string>',
],
// ...
],
]
Result Details
Members
- nextToken
-
- Type: string
The pagination token from a previous request that's used to retrieve the next page of results.
- scanResultDetails
-
- Type: Array of CisScanResultDetails structures
The scan result details.
Errors
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
Examples
Example 1: Sample GetCisScanResultDetails Call
$result = $client->getCisScanResultDetails([
'accountId' => '123412341234',
'scanArn' => 'arn:aws:inspector2:us-east-1:123412341234:owner/123412341234/cis-scan/624b746d-e080-44ae-8c1d-48e653365a38',
'targetResourceId' => 'i-12341234',
]);
Result syntax:
[
'scanResultDetails' => [
[
'accountId' => '123412341234',
'checkDescription' => 'description',
'checkId' => '1.1.1.1',
'level' => 'LEVEL_1',
'platform' => 'AMAZON_LINUX_2',
'remediation' => 'fix',
'scanArn' => 'arn:aws:inspector2:us-east-1:123412341234:owner/123412341234/cis-scan/624b746d-e080-44ae-8c1d-48e653365a38',
'status' => 'PASSED',
'targetResourceId' => 'i-12341234',
'title' => 'title1',
],
],
]
GetClustersForImage
$result = $client->getClustersForImage([/* ... */]); $promise = $client->getClustersForImageAsync([/* ... */]);
Returns a list of clusters and metadata associated with an image.
Parameter Syntax
$result = $client->getClustersForImage([
'filter' => [ // REQUIRED
'resourceId' => '<string>', // REQUIRED
],
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- filter
-
- Required: Yes
- Type: ClusterForImageFilterCriteria structure
The resource Id for the Amazon ECR image.
- maxResults
-
- Type: int
The maximum number of results to be returned in a single page of results.
- nextToken
-
- Type: string
The pagination token from a previous request used to retrieve the next page of results.
Result Syntax
[
'cluster' => [
[
'clusterArn' => '<string>',
'clusterDetails' => [
[
'clusterMetadata' => [
'awsEcsMetadataDetails' => [
'detailsGroup' => '<string>',
'taskDefinitionArn' => '<string>',
],
'awsEksMetadataDetails' => [
'namespace' => '<string>',
'workloadInfoList' => [
[
'name' => '<string>',
'type' => '<string>',
],
// ...
],
],
],
'lastInUse' => <DateTime>,
'runningUnitCount' => <integer>,
'stoppedUnitCount' => <integer>,
],
// ...
],
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- cluster
-
- Required: Yes
- Type: Array of ClusterInformation structures
A unit of work inside of a cluster, which can include metadata about the cluster.
- nextToken
-
- Type: string
The pagination token from a previous request used to retrieve the next page of results.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
GetCodeSecurityIntegration
$result = $client->getCodeSecurityIntegration([/* ... */]); $promise = $client->getCodeSecurityIntegrationAsync([/* ... */]);
Retrieves information about a code security integration.
Parameter Syntax
$result = $client->getCodeSecurityIntegration([
'integrationArn' => '<string>', // REQUIRED
'tags' => ['<string>', ...],
]);
Parameter Details
Members
- integrationArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the code security integration to retrieve.
- tags
-
- Type: Associative array of custom strings keys (MapKey) to strings
The tags associated with the code security integration.
Result Syntax
[
'authorizationUrl' => '<string>',
'createdOn' => <DateTime>,
'integrationArn' => '<string>',
'lastUpdateOn' => <DateTime>,
'name' => '<string>',
'status' => 'PENDING|IN_PROGRESS|ACTIVE|INACTIVE|DISABLING',
'statusReason' => '<string>',
'tags' => ['<string>', ...],
'type' => 'GITLAB_SELF_MANAGED|GITHUB',
]
Result Details
Members
- authorizationUrl
-
- Type: string
The URL used to authorize the integration with the repository provider. This is only returned if reauthorization is required to fix a connection issue. Otherwise, it is null.
- createdOn
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the code security integration was created.
- integrationArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the code security integration.
- lastUpdateOn
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the code security integration was last updated.
- name
-
- Required: Yes
- Type: string
The name of the code security integration.
- status
-
- Required: Yes
- Type: string
The current status of the code security integration.
- statusReason
-
- Required: Yes
- Type: string
The reason for the current status of the code security integration.
- tags
-
- Type: Associative array of custom strings keys (MapKey) to strings
The tags associated with the code security integration.
- type
-
- Required: Yes
- Type: string
The type of repository provider for the integration.
Errors
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
GetCodeSecurityScan
$result = $client->getCodeSecurityScan([/* ... */]); $promise = $client->getCodeSecurityScanAsync([/* ... */]);
Retrieves information about a specific code security scan.
Parameter Syntax
$result = $client->getCodeSecurityScan([
'resource' => [ // REQUIRED
'projectId' => '<string>',
],
'scanId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- resource
-
- Required: Yes
- Type: CodeSecurityResource structure
The resource identifier for the code repository that was scanned.
- scanId
-
- Required: Yes
- Type: string
The unique identifier of the scan to retrieve.
Result Syntax
[
'accountId' => '<string>',
'createdAt' => <DateTime>,
'lastCommitId' => '<string>',
'resource' => [
'projectId' => '<string>',
],
'scanId' => '<string>',
'status' => 'IN_PROGRESS|SUCCESSFUL|FAILED|SKIPPED',
'statusReason' => '<string>',
'updatedAt' => <DateTime>,
]
Result Details
Members
- accountId
-
- Type: string
The Amazon Web Services account ID associated with the scan.
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the scan was created.
- lastCommitId
-
- Type: string
The identifier of the last commit that was scanned. This is only returned if the scan was successful or skipped.
- resource
-
- Type: CodeSecurityResource structure
The resource identifier for the code repository that was scanned.
- scanId
-
- Type: string
The unique identifier of the scan.
- status
-
- Type: string
The current status of the scan.
- statusReason
-
- Type: string
The reason for the current status of the scan.
- updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the scan was last updated.
Errors
- ConflictException:
A conflict occurred. This exception occurs when the same resource is being modified by concurrent requests.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
GetCodeSecurityScanConfiguration
$result = $client->getCodeSecurityScanConfiguration([/* ... */]); $promise = $client->getCodeSecurityScanConfigurationAsync([/* ... */]);
Retrieves information about a code security scan configuration.
Parameter Syntax
$result = $client->getCodeSecurityScanConfiguration([
'scanConfigurationArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- scanConfigurationArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the scan configuration to retrieve.
Result Syntax
[
'configuration' => [
'continuousIntegrationScanConfiguration' => [
'supportedEvents' => ['<string>', ...],
],
'periodicScanConfiguration' => [
'frequency' => 'WEEKLY|MONTHLY|NEVER',
'frequencyExpression' => '<string>',
],
'ruleSetCategories' => ['<string>', ...],
],
'createdAt' => <DateTime>,
'lastUpdatedAt' => <DateTime>,
'level' => 'ORGANIZATION|ACCOUNT',
'name' => '<string>',
'scanConfigurationArn' => '<string>',
'scopeSettings' => [
'projectSelectionScope' => 'ALL',
],
'tags' => ['<string>', ...],
]
Result Details
Members
- configuration
-
- Type: CodeSecurityScanConfiguration structure
The configuration settings for the code security scan.
- createdAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the scan configuration was created.
- lastUpdatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the scan configuration was last updated.
- level
-
- Type: string
The security level for the scan configuration.
- name
-
- Type: string
The name of the scan configuration.
- scanConfigurationArn
-
- Type: string
The Amazon Resource Name (ARN) of the scan configuration.
- scopeSettings
-
- Type: ScopeSettings structure
The scope settings that define which repositories will be scanned. If the
ScopeSettingparameter isALLthe scan configuration applies to all existing and future projects imported into Amazon Inspector. - tags
-
- Type: Associative array of custom strings keys (MapKey) to strings
The tags associated with the scan configuration.
Errors
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
GetConfiguration
$result = $client->getConfiguration([/* ... */]); $promise = $client->getConfigurationAsync([/* ... */]);
Retrieves setting configurations for Inspector scans.
Parameter Syntax
$result = $client->getConfiguration([ ]);
Parameter Details
Members
Result Syntax
[
'ec2Configuration' => [
'scanModeState' => [
'scanMode' => 'EC2_SSM_AGENT_BASED|EC2_HYBRID',
'scanModeStatus' => 'SUCCESS|PENDING',
],
],
'ecrConfiguration' => [
'rescanDurationState' => [
'pullDateRescanDuration' => 'DAYS_14|DAYS_30|DAYS_60|DAYS_90|DAYS_180',
'pullDateRescanMode' => 'LAST_PULL_DATE|LAST_IN_USE_AT',
'rescanDuration' => 'LIFETIME|DAYS_30|DAYS_180|DAYS_14|DAYS_60|DAYS_90',
'status' => 'SUCCESS|PENDING|FAILED',
'updatedAt' => <DateTime>,
],
],
]
Result Details
Members
- ec2Configuration
-
- Type: Ec2ConfigurationState structure
Specifies how the Amazon EC2 automated scan mode is currently configured for your environment.
- ecrConfiguration
-
- Type: EcrConfigurationState structure
Specifies how the ECR automated re-scan duration is currently configured for your environment.
Errors
- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
GetDelegatedAdminAccount
$result = $client->getDelegatedAdminAccount([/* ... */]); $promise = $client->getDelegatedAdminAccountAsync([/* ... */]);
Retrieves information about the Amazon Inspector delegated administrator for your organization.
Parameter Syntax
$result = $client->getDelegatedAdminAccount([ ]);
Parameter Details
Members
Result Syntax
[
'delegatedAdmin' => [
'accountId' => '<string>',
'relationshipStatus' => 'CREATED|INVITED|DISABLED|ENABLED|REMOVED|RESIGNED|DELETED|EMAIL_VERIFICATION_IN_PROGRESS|EMAIL_VERIFICATION_FAILED|REGION_DISABLED|ACCOUNT_SUSPENDED|CANNOT_CREATE_DETECTOR_IN_ORG_MASTER',
],
]
Result Details
Members
- delegatedAdmin
-
- Type: DelegatedAdmin structure
The Amazon Web Services account ID of the Amazon Inspector delegated administrator.
Errors
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
GetEc2DeepInspectionConfiguration
$result = $client->getEc2DeepInspectionConfiguration([/* ... */]); $promise = $client->getEc2DeepInspectionConfigurationAsync([/* ... */]);
Retrieves the activation status of Amazon Inspector deep inspection and custom paths associated with your account.
Parameter Syntax
$result = $client->getEc2DeepInspectionConfiguration([ ]);
Parameter Details
Members
Result Syntax
[
'errorMessage' => '<string>',
'orgPackagePaths' => ['<string>', ...],
'packagePaths' => ['<string>', ...],
'status' => 'ACTIVATED|DEACTIVATED|PENDING|FAILED',
]
Result Details
Members
- errorMessage
-
- Type: string
An error message explaining why Amazon Inspector deep inspection configurations could not be retrieved for your account.
- orgPackagePaths
-
- Type: Array of strings
The Amazon Inspector deep inspection custom paths for your organization.
- packagePaths
-
- Type: Array of strings
The Amazon Inspector deep inspection custom paths for your account.
- status
-
- Type: string
The activation status of Amazon Inspector deep inspection in your account.
Errors
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
GetEncryptionKey
$result = $client->getEncryptionKey([/* ... */]); $promise = $client->getEncryptionKeyAsync([/* ... */]);
Gets an encryption key.
Parameter Syntax
$result = $client->getEncryptionKey([
'resourceType' => 'AWS_EC2_INSTANCE|AWS_ECR_CONTAINER_IMAGE|AWS_ECR_REPOSITORY|AWS_LAMBDA_FUNCTION|CODE_REPOSITORY', // REQUIRED
'scanType' => 'NETWORK|PACKAGE|CODE', // REQUIRED
]);
Parameter Details
Members
- resourceType
-
- Required: Yes
- Type: string
The resource type the key encrypts.
- scanType
-
- Required: Yes
- Type: string
The scan type the key encrypts.
Result Syntax
[
'kmsKeyId' => '<string>',
]
Result Details
Members
- kmsKeyId
-
- Required: Yes
- Type: string
A kms key ID.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
GetFindingsReportStatus
$result = $client->getFindingsReportStatus([/* ... */]); $promise = $client->getFindingsReportStatusAsync([/* ... */]);
Gets the status of a findings report.
Parameter Syntax
$result = $client->getFindingsReportStatus([
'reportId' => '<string>',
]);
Parameter Details
Members
- reportId
-
- Type: string
The ID of the report to retrieve the status of.
Result Syntax
[
'destination' => [
'bucketName' => '<string>',
'keyPrefix' => '<string>',
'kmsKeyArn' => '<string>',
],
'errorCode' => 'INTERNAL_ERROR|INVALID_PERMISSIONS|NO_FINDINGS_FOUND|BUCKET_NOT_FOUND|INCOMPATIBLE_BUCKET_REGION|MALFORMED_KMS_KEY',
'errorMessage' => '<string>',
'filterCriteria' => [
'awsAccountId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'codeRepositoryProjectName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'codeRepositoryProviderType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'codeVulnerabilityDetectorName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'codeVulnerabilityDetectorTags' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'codeVulnerabilityFilePath' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'componentId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'componentType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'ec2InstanceImageId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'ec2InstanceSubnetId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'ec2InstanceVpcId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'ecrImageArchitecture' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'ecrImageHash' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'ecrImageInUseCount' => [
[
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
// ...
],
'ecrImageLastInUseAt' => [
[
'endInclusive' => <DateTime>,
'startInclusive' => <DateTime>,
],
// ...
],
'ecrImagePushedAt' => [
[
'endInclusive' => <DateTime>,
'startInclusive' => <DateTime>,
],
// ...
],
'ecrImageRegistry' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'ecrImageRepositoryName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'ecrImageTags' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'epssScore' => [
[
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
// ...
],
'exploitAvailable' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'findingArn' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'findingStatus' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'findingType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'firstObservedAt' => [
[
'endInclusive' => <DateTime>,
'startInclusive' => <DateTime>,
],
// ...
],
'fixAvailable' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'inspectorScore' => [
[
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
// ...
],
'lambdaFunctionExecutionRoleArn' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'lambdaFunctionLastModifiedAt' => [
[
'endInclusive' => <DateTime>,
'startInclusive' => <DateTime>,
],
// ...
],
'lambdaFunctionLayers' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'lambdaFunctionName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'lambdaFunctionRuntime' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'lastObservedAt' => [
[
'endInclusive' => <DateTime>,
'startInclusive' => <DateTime>,
],
// ...
],
'networkProtocol' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'portRange' => [
[
'beginInclusive' => <integer>,
'endInclusive' => <integer>,
],
// ...
],
'relatedVulnerabilities' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'resourceId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'resourceTags' => [
[
'comparison' => 'EQUALS',
'key' => '<string>',
'value' => '<string>',
],
// ...
],
'resourceType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'severity' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'title' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'updatedAt' => [
[
'endInclusive' => <DateTime>,
'startInclusive' => <DateTime>,
],
// ...
],
'vendorSeverity' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'vulnerabilityId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'vulnerabilitySource' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'vulnerablePackages' => [
[
'architecture' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
'epoch' => [
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
'filePath' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
'name' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
'release' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
'sourceLambdaLayerArn' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
'sourceLayerHash' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
'version' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
],
// ...
],
],
'reportId' => '<string>',
'status' => 'SUCCEEDED|IN_PROGRESS|CANCELLED|FAILED',
]
Result Details
Members
- destination
-
- Type: Destination structure
The destination of the report.
- errorCode
-
- Type: string
The error code of the report.
- errorMessage
-
- Type: string
The error message of the report.
- filterCriteria
-
- Type: FilterCriteria structure
The filter criteria associated with the report.
- reportId
-
- Type: string
The ID of the report.
- status
-
- Type: string
The status of the report.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
GetMember
$result = $client->getMember([/* ... */]); $promise = $client->getMemberAsync([/* ... */]);
Gets member information for your organization.
Parameter Syntax
$result = $client->getMember([
'accountId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- accountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the member account to retrieve information on.
Result Syntax
[
'member' => [
'accountId' => '<string>',
'delegatedAdminAccountId' => '<string>',
'relationshipStatus' => 'CREATED|INVITED|DISABLED|ENABLED|REMOVED|RESIGNED|DELETED|EMAIL_VERIFICATION_IN_PROGRESS|EMAIL_VERIFICATION_FAILED|REGION_DISABLED|ACCOUNT_SUSPENDED|CANNOT_CREATE_DETECTOR_IN_ORG_MASTER',
'updatedAt' => <DateTime>,
],
]
Result Details
Members
- member
-
- Type: Member structure
Details of the retrieved member account.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
GetSbomExport
$result = $client->getSbomExport([/* ... */]); $promise = $client->getSbomExportAsync([/* ... */]);
Gets details of a software bill of materials (SBOM) report.
Parameter Syntax
$result = $client->getSbomExport([
'reportId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- reportId
-
- Required: Yes
- Type: string
The report ID of the SBOM export to get details for.
Result Syntax
[
'errorCode' => 'INTERNAL_ERROR|INVALID_PERMISSIONS|NO_FINDINGS_FOUND|BUCKET_NOT_FOUND|INCOMPATIBLE_BUCKET_REGION|MALFORMED_KMS_KEY',
'errorMessage' => '<string>',
'filterCriteria' => [
'accountId' => [
[
'comparison' => 'EQUALS|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'ec2InstanceTags' => [
[
'comparison' => 'EQUALS',
'key' => '<string>',
'value' => '<string>',
],
// ...
],
'ecrImageTags' => [
[
'comparison' => 'EQUALS|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'ecrRepositoryName' => [
[
'comparison' => 'EQUALS|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'lambdaFunctionName' => [
[
'comparison' => 'EQUALS|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'lambdaFunctionTags' => [
[
'comparison' => 'EQUALS',
'key' => '<string>',
'value' => '<string>',
],
// ...
],
'resourceId' => [
[
'comparison' => 'EQUALS|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'resourceType' => [
[
'comparison' => 'EQUALS|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
],
'format' => 'CYCLONEDX_1_4|SPDX_2_3',
'reportId' => '<string>',
's3Destination' => [
'bucketName' => '<string>',
'keyPrefix' => '<string>',
'kmsKeyArn' => '<string>',
],
'status' => 'SUCCEEDED|IN_PROGRESS|CANCELLED|FAILED',
]
Result Details
Members
- errorCode
-
- Type: string
An error code.
- errorMessage
-
- Type: string
An error message.
- filterCriteria
-
- Type: ResourceFilterCriteria structure
Contains details about the resource filter criteria used for the software bill of materials (SBOM) report.
- format
-
- Type: string
The format of the software bill of materials (SBOM) report.
- reportId
-
- Type: string
The report ID of the software bill of materials (SBOM) report.
- s3Destination
-
- Type: Destination structure
Contains details of the Amazon S3 bucket and KMS key used to export findings
- status
-
- Type: string
The status of the software bill of materials (SBOM) report.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
ListAccountPermissions
$result = $client->listAccountPermissions([/* ... */]); $promise = $client->listAccountPermissionsAsync([/* ... */]);
Lists the permissions an account has to configure Amazon Inspector.
Parameter Syntax
$result = $client->listAccountPermissions([
'maxResults' => <integer>,
'nextToken' => '<string>',
'service' => 'EC2|ECR|LAMBDA',
]);
Parameter Details
Members
- maxResults
-
- Type: int
The maximum number of results the response can return. If your request would return more than the maximum the response will return a
nextTokenvalue, use this value when you call the action again to get the remaining results. - nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. If your response returns more than the
maxResultsmaximum value it will also return anextTokenvalue. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page. - service
-
- Type: string
The service scan type to check permissions for.
Result Syntax
[
'nextToken' => '<string>',
'permissions' => [
[
'operation' => 'ENABLE_SCANNING|DISABLE_SCANNING|ENABLE_REPOSITORY|DISABLE_REPOSITORY',
'service' => 'EC2|ECR|LAMBDA',
],
// ...
],
]
Result Details
Members
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the
NextTokenvalue returned from the previous request to continue listing results after the first page. - permissions
-
- Required: Yes
- Type: Array of Permission structures
Contains details on the permissions an account has to configure Amazon Inspector.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
ListCisScanConfigurations
$result = $client->listCisScanConfigurations([/* ... */]); $promise = $client->listCisScanConfigurationsAsync([/* ... */]);
Lists CIS scan configurations.
Parameter Syntax
$result = $client->listCisScanConfigurations([
'filterCriteria' => [
'scanConfigurationArnFilters' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'scanNameFilters' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'targetResourceTagFilters' => [
[
'comparison' => 'EQUALS', // REQUIRED
'key' => '<string>', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
],
'maxResults' => <integer>,
'nextToken' => '<string>',
'sortBy' => 'SCAN_NAME|SCAN_CONFIGURATION_ARN',
'sortOrder' => 'ASC|DESC',
]);
Parameter Details
Members
- filterCriteria
-
- Type: ListCisScanConfigurationsFilterCriteria structure
The CIS scan configuration filter criteria.
- maxResults
-
- Type: int
The maximum number of CIS scan configurations to be returned in a single page of results.
- nextToken
-
- Type: string
The pagination token from a previous request that's used to retrieve the next page of results.
- sortBy
-
- Type: string
The CIS scan configuration sort by order.
- sortOrder
-
- Type: string
The CIS scan configuration sort order order.
Result Syntax
[
'nextToken' => '<string>',
'scanConfigurations' => [
[
'ownerId' => '<string>',
'scanConfigurationArn' => '<string>',
'scanName' => '<string>',
'schedule' => [
'daily' => [
'startTime' => [
'timeOfDay' => '<string>',
'timezone' => '<string>',
],
],
'monthly' => [
'day' => 'SUN|MON|TUE|WED|THU|FRI|SAT',
'startTime' => [
'timeOfDay' => '<string>',
'timezone' => '<string>',
],
],
'oneTime' => [
],
'weekly' => [
'days' => ['<string>', ...],
'startTime' => [
'timeOfDay' => '<string>',
'timezone' => '<string>',
],
],
],
'securityLevel' => 'LEVEL_1|LEVEL_2',
'tags' => ['<string>', ...],
'targets' => [
'accountIds' => ['<string>', ...],
'targetResourceTags' => [
'<TargetResourceTagsKey>' => ['<string>', ...],
// ...
],
],
],
// ...
],
]
Result Details
Members
- nextToken
-
- Type: string
The pagination token from a previous request that's used to retrieve the next page of results.
- scanConfigurations
-
- Type: Array of CisScanConfiguration structures
The CIS scan configuration scan configurations.
Errors
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
Examples
Example 1: Sample ListCisScanConfigurations Call
$result = $client->listCisScanConfigurations([ ]);
Result syntax:
[
'scanConfigurations' => [
[
'ownerId' => '123412341234',
'scanConfigurationArn' => 'arn:aws:inspector2:us-east-1:123412341234:owner/123412341234/cis-configuration/624b746d-e080-44ae-8c1d-48e653365a38',
'scanName' => 'sample',
'schedule' => [
'daily' => [
'startTime' => [
'timeOfDay' => '12:34',
'timezone' => 'UTC',
],
],
],
'securityLevel' => 'LEVEL_1',
'targets' => [
'accountIds' => [
'123412341234',
],
'targetResourceTags' => [
'key' => [
'value',
],
],
],
],
],
]
ListCisScanResultsAggregatedByChecks
$result = $client->listCisScanResultsAggregatedByChecks([/* ... */]); $promise = $client->listCisScanResultsAggregatedByChecksAsync([/* ... */]);
Lists scan results aggregated by checks.
Parameter Syntax
$result = $client->listCisScanResultsAggregatedByChecks([
'filterCriteria' => [
'accountIdFilters' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'checkIdFilters' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'failedResourcesFilters' => [
[
'lowerInclusive' => <integer>,
'upperInclusive' => <integer>,
],
// ...
],
'platformFilters' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'securityLevelFilters' => [
[
'comparison' => 'EQUALS', // REQUIRED
'value' => 'LEVEL_1|LEVEL_2', // REQUIRED
],
// ...
],
'titleFilters' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
],
'maxResults' => <integer>,
'nextToken' => '<string>',
'scanArn' => '<string>', // REQUIRED
'sortBy' => 'CHECK_ID|TITLE|PLATFORM|FAILED_COUNTS|SECURITY_LEVEL',
'sortOrder' => 'ASC|DESC',
]);
Parameter Details
Members
- filterCriteria
-
- Type: CisScanResultsAggregatedByChecksFilterCriteria structure
The filter criteria.
- maxResults
-
- Type: int
The maximum number of scan results aggregated by checks to be returned in a single page of results.
- nextToken
-
- Type: string
The pagination token from a previous request that's used to retrieve the next page of results.
- scanArn
-
- Required: Yes
- Type: string
The scan ARN.
- sortBy
-
- Type: string
The sort by order.
- sortOrder
-
- Type: string
The sort order.
Result Syntax
[
'checkAggregations' => [
[
'accountId' => '<string>',
'checkDescription' => '<string>',
'checkId' => '<string>',
'level' => 'LEVEL_1|LEVEL_2',
'platform' => '<string>',
'scanArn' => '<string>',
'statusCounts' => [
'failed' => <integer>,
'passed' => <integer>,
'skipped' => <integer>,
],
'title' => '<string>',
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- checkAggregations
-
- Type: Array of CisCheckAggregation structures
The check aggregations.
- nextToken
-
- Type: string
The pagination token from a previous request that's used to retrieve the next page of results.
Errors
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
Examples
Example 1: Sample ListCisScanResultsAggregatedByChecks Call
$result = $client->listCisScanResultsAggregatedByChecks([
'scanArn' => 'arn:aws:inspector2:us-east-1:123412341234:owner/123412341234/cis-scan/624b746d-e080-44ae-8c1d-48e653365a38',
]);
Result syntax:
[
'checkAggregations' => [
[
'accountId' => '123412341234',
'checkDescription' => 'description',
'checkId' => '1.1.1.1',
'level' => 'LEVEL_1',
'platform' => 'AMAZON_LINUX_2',
'scanArn' => 'arn:aws:inspector2:us-east-1:123412341234:owner/123412341234/cis-scan/624b746d-e080-44ae-8c1d-48e653365a38',
'statusCounts' => [
'failed' => 0,
'passed' => 2,
'skipped' => 1,
],
'title' => 'title1',
],
],
]
ListCisScanResultsAggregatedByTargetResource
$result = $client->listCisScanResultsAggregatedByTargetResource([/* ... */]); $promise = $client->listCisScanResultsAggregatedByTargetResourceAsync([/* ... */]);
Lists scan results aggregated by a target resource.
Parameter Syntax
$result = $client->listCisScanResultsAggregatedByTargetResource([
'filterCriteria' => [
'accountIdFilters' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'checkIdFilters' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'failedChecksFilters' => [
[
'lowerInclusive' => <integer>,
'upperInclusive' => <integer>,
],
// ...
],
'platformFilters' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'statusFilters' => [
[
'comparison' => 'EQUALS', // REQUIRED
'value' => 'PASSED|FAILED|SKIPPED', // REQUIRED
],
// ...
],
'targetResourceIdFilters' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'targetResourceTagFilters' => [
[
'comparison' => 'EQUALS', // REQUIRED
'key' => '<string>', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'targetStatusFilters' => [
[
'comparison' => 'EQUALS', // REQUIRED
'value' => 'TIMED_OUT|CANCELLED|COMPLETED', // REQUIRED
],
// ...
],
'targetStatusReasonFilters' => [
[
'comparison' => 'EQUALS', // REQUIRED
'value' => 'SCAN_IN_PROGRESS|UNSUPPORTED_OS|SSM_UNMANAGED', // REQUIRED
],
// ...
],
],
'maxResults' => <integer>,
'nextToken' => '<string>',
'scanArn' => '<string>', // REQUIRED
'sortBy' => 'RESOURCE_ID|FAILED_COUNTS|ACCOUNT_ID|PLATFORM|TARGET_STATUS|TARGET_STATUS_REASON',
'sortOrder' => 'ASC|DESC',
]);
Parameter Details
Members
- filterCriteria
-
- Type: CisScanResultsAggregatedByTargetResourceFilterCriteria structure
The filter criteria.
- maxResults
-
- Type: int
The maximum number of scan results aggregated by a target resource to be returned in a single page of results.
- nextToken
-
- Type: string
The pagination token from a previous request that's used to retrieve the next page of results.
- scanArn
-
- Required: Yes
- Type: string
The scan ARN.
- sortBy
-
- Type: string
The sort by order.
- sortOrder
-
- Type: string
The sort order.
Result Syntax
[
'nextToken' => '<string>',
'targetResourceAggregations' => [
[
'accountId' => '<string>',
'platform' => '<string>',
'scanArn' => '<string>',
'statusCounts' => [
'failed' => <integer>,
'passed' => <integer>,
'skipped' => <integer>,
],
'targetResourceId' => '<string>',
'targetResourceTags' => [
'<TargetResourceTagsKey>' => ['<string>', ...],
// ...
],
'targetStatus' => 'TIMED_OUT|CANCELLED|COMPLETED',
'targetStatusReason' => 'SCAN_IN_PROGRESS|UNSUPPORTED_OS|SSM_UNMANAGED',
],
// ...
],
]
Result Details
Members
- nextToken
-
- Type: string
The pagination token from a previous request that's used to retrieve the next page of results.
- targetResourceAggregations
-
- Type: Array of CisTargetResourceAggregation structures
The resource aggregations.
Errors
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
Examples
Example 1: Sample ListCisScanResultsAggregatedByTargetResource Call
$result = $client->listCisScanResultsAggregatedByTargetResource([
'scanArn' => 'arn:aws:inspector2:us-east-1:123412341234:owner/123412341234/cis-scan/624b746d-e080-44ae-8c1d-48e653365a38',
]);
Result syntax:
[
'targetResourceAggregations' => [
[
'accountId' => '123412341234',
'platform' => 'AMAZON_LINUX_2',
'scanArn' => 'arn:aws:inspector2:us-east-1:123412341234:owner/123412341234/cis-scan/624b746d-e080-44ae-8c1d-48e653365a38',
'statusCounts' => [
'failed' => 0,
'passed' => 2,
'skipped' => 1,
],
'targetResourceId' => 'i-12341234',
'targetResourceTags' => [
'key' => [
'value',
],
],
'targetStatus' => 'COMPLETED',
],
],
]
ListCisScans
$result = $client->listCisScans([/* ... */]); $promise = $client->listCisScansAsync([/* ... */]);
Returns a CIS scan list.
Parameter Syntax
$result = $client->listCisScans([
'detailLevel' => 'ORGANIZATION|MEMBER',
'filterCriteria' => [
'failedChecksFilters' => [
[
'lowerInclusive' => <integer>,
'upperInclusive' => <integer>,
],
// ...
],
'scanArnFilters' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'scanAtFilters' => [
[
'earliestScanStartTime' => <integer || string || DateTime>,
'latestScanStartTime' => <integer || string || DateTime>,
],
// ...
],
'scanConfigurationArnFilters' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'scanNameFilters' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'scanStatusFilters' => [
[
'comparison' => 'EQUALS', // REQUIRED
'value' => 'FAILED|COMPLETED|CANCELLED|IN_PROGRESS', // REQUIRED
],
// ...
],
'scheduledByFilters' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'targetAccountIdFilters' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'targetResourceIdFilters' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'targetResourceTagFilters' => [
[
'comparison' => 'EQUALS', // REQUIRED
'key' => '<string>', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
],
'maxResults' => <integer>,
'nextToken' => '<string>',
'sortBy' => 'STATUS|SCHEDULED_BY|SCAN_START_DATE|FAILED_CHECKS',
'sortOrder' => 'ASC|DESC',
]);
Parameter Details
Members
- detailLevel
-
- Type: string
The detail applied to the CIS scan.
- filterCriteria
-
- Type: ListCisScansFilterCriteria structure
The CIS scan filter criteria.
- maxResults
-
- Type: int
The maximum number of results to be returned.
- nextToken
-
- Type: string
The pagination token from a previous request that's used to retrieve the next page of results.
- sortBy
-
- Type: string
The CIS scans sort by order.
- sortOrder
-
- Type: string
The CIS scans sort order.
Result Syntax
[
'nextToken' => '<string>',
'scans' => [
[
'failedChecks' => <integer>,
'scanArn' => '<string>',
'scanConfigurationArn' => '<string>',
'scanDate' => <DateTime>,
'scanName' => '<string>',
'scheduledBy' => '<string>',
'securityLevel' => 'LEVEL_1|LEVEL_2',
'status' => 'FAILED|COMPLETED|CANCELLED|IN_PROGRESS',
'targets' => [
'accountIds' => ['<string>', ...],
'targetResourceTags' => [
'<TargetResourceTagsKey>' => ['<string>', ...],
// ...
],
],
'totalChecks' => <integer>,
],
// ...
],
]
Result Details
Members
- nextToken
-
- Type: string
The pagination token from a previous request that's used to retrieve the next page of results.
- scans
-
- Type: Array of CisScan structures
The CIS scans.
Errors
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
Examples
Example 1: Sample ListCisScans Call
$result = $client->listCisScans([ ]);
Result syntax:
[
'scans' => [
[
'failedChecks' => 2,
'scanArn' => 'arn:aws:inspector2:us-east-1:123412341234:owner/123412341234/cis-scan/624b746d-e080-44ae-8c1d-48e653365a38',
'scanConfigurationArn' => 'arn:aws:inspector2:us-east-1:123412341234:owner/123412341234/cis-configuration/624b746d-e080-44ae-8c1d-48e653365a38',
'scanDate' => ,
'scanName' => 'sample',
'scheduledBy' => 'Delegated Admin',
'securityLevel' => 'LEVEL_1',
'status' => 'COMPLETED',
'targets' => [
'accountIds' => [
'123412341234',
],
'targetResourceTags' => [
'key' => [
'value',
],
],
],
'totalChecks' => 150,
],
],
]
ListCodeSecurityIntegrations
$result = $client->listCodeSecurityIntegrations([/* ... */]); $promise = $client->listCodeSecurityIntegrationsAsync([/* ... */]);
Lists all code security integrations in your account.
Parameter Syntax
$result = $client->listCodeSecurityIntegrations([
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- maxResults
-
- Type: int
The maximum number of results to return in a single call.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.
Result Syntax
[
'integrations' => [
[
'createdOn' => <DateTime>,
'integrationArn' => '<string>',
'lastUpdateOn' => <DateTime>,
'name' => '<string>',
'status' => 'PENDING|IN_PROGRESS|ACTIVE|INACTIVE|DISABLING',
'statusReason' => '<string>',
'tags' => ['<string>', ...],
'type' => 'GITLAB_SELF_MANAGED|GITHUB',
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- integrations
-
- Type: Array of CodeSecurityIntegrationSummary structures
A list of code security integration summaries.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.
Errors
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
ListCodeSecurityScanConfigurationAssociations
$result = $client->listCodeSecurityScanConfigurationAssociations([/* ... */]); $promise = $client->listCodeSecurityScanConfigurationAssociationsAsync([/* ... */]);
Lists the associations between code repositories and Amazon Inspector code security scan configurations.
Parameter Syntax
$result = $client->listCodeSecurityScanConfigurationAssociations([
'maxResults' => <integer>,
'nextToken' => '<string>',
'scanConfigurationArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- maxResults
-
- Type: int
The maximum number of results to return in the response. If your request would return more than the maximum the response will return a
nextTokenvalue, use this value when you call the action again to get the remaining results. - nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the
NextTokenvalue returned from the previous request to continue listing results after the first page. - scanConfigurationArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the scan configuration to list associations for.
Result Syntax
[
'associations' => [
[
'resource' => [
'projectId' => '<string>',
],
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- associations
-
- Type: Array of CodeSecurityScanConfigurationAssociationSummary structures
A list of associations between code repositories and scan configurations.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the
NextTokenvalue returned from the previous request to continue listing results after the first page.
Errors
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
ListCodeSecurityScanConfigurations
$result = $client->listCodeSecurityScanConfigurations([/* ... */]); $promise = $client->listCodeSecurityScanConfigurationsAsync([/* ... */]);
Lists all code security scan configurations in your account.
Parameter Syntax
$result = $client->listCodeSecurityScanConfigurations([
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- maxResults
-
- Type: int
The maximum number of results to return in a single call.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.
Result Syntax
[
'configurations' => [
[
'continuousIntegrationScanSupportedEvents' => ['<string>', ...],
'frequencyExpression' => '<string>',
'name' => '<string>',
'ownerAccountId' => '<string>',
'periodicScanFrequency' => 'WEEKLY|MONTHLY|NEVER',
'ruleSetCategories' => ['<string>', ...],
'scanConfigurationArn' => '<string>',
'scopeSettings' => [
'projectSelectionScope' => 'ALL',
],
'tags' => ['<string>', ...],
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- configurations
-
- Type: Array of CodeSecurityScanConfigurationSummary structures
A list of code security scan configuration summaries.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.
Errors
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
ListCoverage
$result = $client->listCoverage([/* ... */]); $promise = $client->listCoverageAsync([/* ... */]);
Lists coverage details for your environment.
Parameter Syntax
$result = $client->listCoverage([
'filterCriteria' => [
'accountId' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'codeRepositoryProjectName' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'codeRepositoryProviderType' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'codeRepositoryProviderTypeVisibility' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ec2InstanceTags' => [
[
'comparison' => 'EQUALS', // REQUIRED
'key' => '<string>', // REQUIRED
'value' => '<string>',
],
// ...
],
'ecrImageInUseCount' => [
[
'lowerInclusive' => <integer>,
'upperInclusive' => <integer>,
],
// ...
],
'ecrImageLastInUseAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'ecrImageTags' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrRepositoryName' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'imagePulledAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'lambdaFunctionName' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lambdaFunctionRuntime' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lambdaFunctionTags' => [
[
'comparison' => 'EQUALS', // REQUIRED
'key' => '<string>', // REQUIRED
'value' => '<string>',
],
// ...
],
'lastScannedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'lastScannedCommitId' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'resourceId' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'resourceType' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'scanMode' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'scanStatusCode' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'scanStatusReason' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'scanType' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
],
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- filterCriteria
-
- Type: CoverageFilterCriteria structure
An object that contains details on the filters to apply to the coverage data for your environment.
- maxResults
-
- Type: int
The maximum number of results the response can return. If your request would return more than the maximum the response will return a
nextTokenvalue, use this value when you call the action again to get the remaining results. - nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. If your response returns more than the
maxResultsmaximum value it will also return anextTokenvalue. For subsequent calls, use thenextTokenvalue returned from the previous request to continue listing results after the first page.
Result Syntax
[
'coveredResources' => [
[
'accountId' => '<string>',
'lastScannedAt' => <DateTime>,
'resourceId' => '<string>',
'resourceMetadata' => [
'codeRepository' => [
'integrationArn' => '<string>',
'lastScannedCommitId' => '<string>',
'onDemandScan' => [
'lastScanAt' => <DateTime>,
'lastScannedCommitId' => '<string>',
'scanStatus' => [
'reason' => 'PENDING_INITIAL_SCAN|ACCESS_DENIED|INTERNAL_ERROR|UNMANAGED_EC2_INSTANCE|UNSUPPORTED_OS|SCAN_ELIGIBILITY_EXPIRED|RESOURCE_TERMINATED|SUCCESSFUL|NO_RESOURCES_FOUND|IMAGE_SIZE_EXCEEDED|SCAN_FREQUENCY_MANUAL|SCAN_FREQUENCY_SCAN_ON_PUSH|EC2_INSTANCE_STOPPED|PENDING_DISABLE|NO_INVENTORY|STALE_INVENTORY|EXCLUDED_BY_TAG|UNSUPPORTED_RUNTIME|UNSUPPORTED_MEDIA_TYPE|UNSUPPORTED_CONFIG_FILE|DEEP_INSPECTION_PACKAGE_COLLECTION_LIMIT_EXCEEDED|DEEP_INSPECTION_DAILY_SSM_INVENTORY_LIMIT_EXCEEDED|DEEP_INSPECTION_COLLECTION_TIME_LIMIT_EXCEEDED|DEEP_INSPECTION_NO_INVENTORY|AGENTLESS_INSTANCE_STORAGE_LIMIT_EXCEEDED|AGENTLESS_INSTANCE_COLLECTION_TIME_LIMIT_EXCEEDED|PENDING_REVIVAL_SCAN|INTEGRATION_CONNECTION_LOST|ACCESS_DENIED_TO_ENCRYPTION_KEY|UNSUPPORTED_LANGUAGE|NO_SCAN_CONFIGURATION_ASSOCIATED|SCAN_IN_PROGRESS',
'statusCode' => 'ACTIVE|INACTIVE',
],
],
'projectName' => '<string>',
'providerType' => '<string>',
'providerTypeVisibility' => '<string>',
'scanConfiguration' => [
'continuousIntegrationScanConfigurations' => [
[
'ruleSetCategories' => ['<string>', ...],
'supportedEvent' => 'PULL_REQUEST|PUSH',
],
// ...
],
'periodicScanConfigurations' => [
[
'frequencyExpression' => '<string>',
'ruleSetCategories' => ['<string>', ...],
],
// ...
],
],
],
'ec2' => [
'amiId' => '<string>',
'platform' => 'WINDOWS|LINUX|UNKNOWN|MACOS',
'tags' => ['<string>', ...],
],
'ecrImage' => [
'imagePulledAt' => <DateTime>,
'inUseCount' => <integer>,
'lastInUseAt' => <DateTime>,
'tags' => ['<string>', ...],
],
'ecrRepository' => [
'name' => '<string>',
'scanFrequency' => 'MANUAL|SCAN_ON_PUSH|CONTINUOUS_SCAN',
],
'lambdaFunction' => [
'functionName' => '<string>',
'functionTags' => ['<string>', ...],
'layers' => ['<string>', ...],
'runtime' => 'NODEJS|NODEJS_12_X|NODEJS_14_X|NODEJS_16_X|JAVA_8|JAVA_8_AL2|JAVA_11|PYTHON_3_7|PYTHON_3_8|PYTHON_3_9|UNSUPPORTED|NODEJS_18_X|GO_1_X|JAVA_17|PYTHON_3_10|PYTHON_3_11|DOTNETCORE_3_1|DOTNET_6|DOTNET_7|RUBY_2_7|RUBY_3_2',
],
],
'resourceType' => 'AWS_EC2_INSTANCE|AWS_ECR_CONTAINER_IMAGE|AWS_ECR_REPOSITORY|AWS_LAMBDA_FUNCTION|CODE_REPOSITORY',
'scanMode' => 'EC2_SSM_AGENT_BASED|EC2_AGENTLESS',
'scanStatus' => [
'reason' => 'PENDING_INITIAL_SCAN|ACCESS_DENIED|INTERNAL_ERROR|UNMANAGED_EC2_INSTANCE|UNSUPPORTED_OS|SCAN_ELIGIBILITY_EXPIRED|RESOURCE_TERMINATED|SUCCESSFUL|NO_RESOURCES_FOUND|IMAGE_SIZE_EXCEEDED|SCAN_FREQUENCY_MANUAL|SCAN_FREQUENCY_SCAN_ON_PUSH|EC2_INSTANCE_STOPPED|PENDING_DISABLE|NO_INVENTORY|STALE_INVENTORY|EXCLUDED_BY_TAG|UNSUPPORTED_RUNTIME|UNSUPPORTED_MEDIA_TYPE|UNSUPPORTED_CONFIG_FILE|DEEP_INSPECTION_PACKAGE_COLLECTION_LIMIT_EXCEEDED|DEEP_INSPECTION_DAILY_SSM_INVENTORY_LIMIT_EXCEEDED|DEEP_INSPECTION_COLLECTION_TIME_LIMIT_EXCEEDED|DEEP_INSPECTION_NO_INVENTORY|AGENTLESS_INSTANCE_STORAGE_LIMIT_EXCEEDED|AGENTLESS_INSTANCE_COLLECTION_TIME_LIMIT_EXCEEDED|PENDING_REVIVAL_SCAN|INTEGRATION_CONNECTION_LOST|ACCESS_DENIED_TO_ENCRYPTION_KEY|UNSUPPORTED_LANGUAGE|NO_SCAN_CONFIGURATION_ASSOCIATED|SCAN_IN_PROGRESS',
'statusCode' => 'ACTIVE|INACTIVE',
],
'scanType' => 'NETWORK|PACKAGE|CODE',
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- coveredResources
-
- Type: Array of CoveredResource structures
An object that contains details on the covered resources in your environment.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the
NextTokenvalue returned from the previous request to continue listing results after the first page.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
ListCoverageStatistics
$result = $client->listCoverageStatistics([/* ... */]); $promise = $client->listCoverageStatisticsAsync([/* ... */]);
Lists Amazon Inspector coverage statistics for your environment.
Parameter Syntax
$result = $client->listCoverageStatistics([
'filterCriteria' => [
'accountId' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'codeRepositoryProjectName' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'codeRepositoryProviderType' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'codeRepositoryProviderTypeVisibility' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ec2InstanceTags' => [
[
'comparison' => 'EQUALS', // REQUIRED
'key' => '<string>', // REQUIRED
'value' => '<string>',
],
// ...
],
'ecrImageInUseCount' => [
[
'lowerInclusive' => <integer>,
'upperInclusive' => <integer>,
],
// ...
],
'ecrImageLastInUseAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'ecrImageTags' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrRepositoryName' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'imagePulledAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'lambdaFunctionName' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lambdaFunctionRuntime' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lambdaFunctionTags' => [
[
'comparison' => 'EQUALS', // REQUIRED
'key' => '<string>', // REQUIRED
'value' => '<string>',
],
// ...
],
'lastScannedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'lastScannedCommitId' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'resourceId' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'resourceType' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'scanMode' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'scanStatusCode' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'scanStatusReason' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'scanType' => [
[
'comparison' => 'EQUALS|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
],
'groupBy' => 'SCAN_STATUS_CODE|SCAN_STATUS_REASON|ACCOUNT_ID|RESOURCE_TYPE|ECR_REPOSITORY_NAME',
'nextToken' => '<string>',
]);
Parameter Details
Members
- filterCriteria
-
- Type: CoverageFilterCriteria structure
An object that contains details on the filters to apply to the coverage data for your environment.
- groupBy
-
- Type: string
The value to group the results by.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the
NextTokenvalue returned from the previous request to continue listing results after the first page.
Result Syntax
[
'countsByGroup' => [
[
'count' => <integer>,
'groupKey' => 'SCAN_STATUS_CODE|SCAN_STATUS_REASON|ACCOUNT_ID|RESOURCE_TYPE|ECR_REPOSITORY_NAME',
],
// ...
],
'nextToken' => '<string>',
'totalCounts' => <integer>,
]
Result Details
Members
- countsByGroup
-
- Type: Array of Counts structures
An array with the number for each group.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the
NextTokenvalue returned from the previous request to continue listing results after the first page. - totalCounts
-
- Required: Yes
- Type: long (int|float)
The total number for all groups.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
ListDelegatedAdminAccounts
$result = $client->listDelegatedAdminAccounts([/* ... */]); $promise = $client->listDelegatedAdminAccountsAsync([/* ... */]);
Lists information about the Amazon Inspector delegated administrator of your organization.
Parameter Syntax
$result = $client->listDelegatedAdminAccounts([
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- maxResults
-
- Type: int
The maximum number of results the response can return. If your request would return more than the maximum the response will return a
nextTokenvalue, use this value when you call the action again to get the remaining results. - nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. If your response returns more than the
maxResultsmaximum value it will also return anextTokenvalue. For subsequent calls, use thenextTokenvalue returned from the previous request to continue listing results after the first page.
Result Syntax
[
'delegatedAdminAccounts' => [
[
'accountId' => '<string>',
'status' => 'ENABLED|DISABLE_IN_PROGRESS',
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- delegatedAdminAccounts
-
- Type: Array of DelegatedAdminAccount structures
Details of the Amazon Inspector delegated administrator of your organization.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the
NextTokenvalue returned from the previous request to continue listing results after the first page.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
ListFilters
$result = $client->listFilters([/* ... */]); $promise = $client->listFiltersAsync([/* ... */]);
Lists the filters associated with your account.
Parameter Syntax
$result = $client->listFilters([
'action' => 'NONE|SUPPRESS',
'arns' => ['<string>', ...],
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- action
-
- Type: string
The action the filter applies to matched findings.
- arns
-
- Type: Array of strings
The Amazon resource number (ARN) of the filter.
- maxResults
-
- Type: int
The maximum number of results the response can return. If your request would return more than the maximum the response will return a
nextTokenvalue, use this value when you call the action again to get the remaining results. - nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. If your response returns more than the
maxResultsmaximum value it will also return anextTokenvalue. For subsequent calls, use thenextTokenvalue returned from the previous request to continue listing results after the first page.
Result Syntax
[
'filters' => [
[
'action' => 'NONE|SUPPRESS',
'arn' => '<string>',
'createdAt' => <DateTime>,
'criteria' => [
'awsAccountId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'codeRepositoryProjectName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'codeRepositoryProviderType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'codeVulnerabilityDetectorName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'codeVulnerabilityDetectorTags' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'codeVulnerabilityFilePath' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'componentId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'componentType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'ec2InstanceImageId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'ec2InstanceSubnetId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'ec2InstanceVpcId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'ecrImageArchitecture' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'ecrImageHash' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'ecrImageInUseCount' => [
[
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
// ...
],
'ecrImageLastInUseAt' => [
[
'endInclusive' => <DateTime>,
'startInclusive' => <DateTime>,
],
// ...
],
'ecrImagePushedAt' => [
[
'endInclusive' => <DateTime>,
'startInclusive' => <DateTime>,
],
// ...
],
'ecrImageRegistry' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'ecrImageRepositoryName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'ecrImageTags' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'epssScore' => [
[
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
// ...
],
'exploitAvailable' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'findingArn' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'findingStatus' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'findingType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'firstObservedAt' => [
[
'endInclusive' => <DateTime>,
'startInclusive' => <DateTime>,
],
// ...
],
'fixAvailable' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'inspectorScore' => [
[
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
// ...
],
'lambdaFunctionExecutionRoleArn' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'lambdaFunctionLastModifiedAt' => [
[
'endInclusive' => <DateTime>,
'startInclusive' => <DateTime>,
],
// ...
],
'lambdaFunctionLayers' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'lambdaFunctionName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'lambdaFunctionRuntime' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'lastObservedAt' => [
[
'endInclusive' => <DateTime>,
'startInclusive' => <DateTime>,
],
// ...
],
'networkProtocol' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'portRange' => [
[
'beginInclusive' => <integer>,
'endInclusive' => <integer>,
],
// ...
],
'relatedVulnerabilities' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'resourceId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'resourceTags' => [
[
'comparison' => 'EQUALS',
'key' => '<string>',
'value' => '<string>',
],
// ...
],
'resourceType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'severity' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'title' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'updatedAt' => [
[
'endInclusive' => <DateTime>,
'startInclusive' => <DateTime>,
],
// ...
],
'vendorSeverity' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'vulnerabilityId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'vulnerabilitySource' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
// ...
],
'vulnerablePackages' => [
[
'architecture' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
'epoch' => [
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
'filePath' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
'name' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
'release' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
'sourceLambdaLayerArn' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
'sourceLayerHash' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
'version' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS',
'value' => '<string>',
],
],
// ...
],
],
'description' => '<string>',
'name' => '<string>',
'ownerId' => '<string>',
'reason' => '<string>',
'tags' => ['<string>', ...],
'updatedAt' => <DateTime>,
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- filters
-
- Required: Yes
- Type: Array of Filter structures
Contains details on the filters associated with your account.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the
NextTokenvalue returned from the previous request to continue listing results after the first page.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
ListFindingAggregations
$result = $client->listFindingAggregations([/* ... */]); $promise = $client->listFindingAggregationsAsync([/* ... */]);
Lists aggregated finding data for your environment based on specific criteria.
Parameter Syntax
$result = $client->listFindingAggregations([
'accountIds' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'aggregationRequest' => [
'accountAggregation' => [
'findingType' => 'NETWORK_REACHABILITY|PACKAGE_VULNERABILITY|CODE_VULNERABILITY',
'resourceType' => 'AWS_EC2_INSTANCE|AWS_ECR_CONTAINER_IMAGE|AWS_LAMBDA_FUNCTION|CODE_REPOSITORY',
'sortBy' => 'CRITICAL|HIGH|ALL',
'sortOrder' => 'ASC|DESC',
],
'amiAggregation' => [
'amis' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'sortBy' => 'CRITICAL|HIGH|ALL|AFFECTED_INSTANCES',
'sortOrder' => 'ASC|DESC',
],
'awsEcrContainerAggregation' => [
'architectures' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'imageShas' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'imageTags' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'inUseCount' => [
[
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
// ...
],
'lastInUseAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'repositories' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'resourceIds' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'sortBy' => 'CRITICAL|HIGH|ALL',
'sortOrder' => 'ASC|DESC',
],
'codeRepositoryAggregation' => [
'projectNames' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'providerTypes' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'resourceIds' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'sortBy' => 'CRITICAL|HIGH|ALL',
'sortOrder' => 'ASC|DESC',
],
'ec2InstanceAggregation' => [
'amis' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'instanceIds' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'instanceTags' => [
[
'comparison' => 'EQUALS', // REQUIRED
'key' => '<string>', // REQUIRED
'value' => '<string>',
],
// ...
],
'operatingSystems' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'sortBy' => 'NETWORK_FINDINGS|CRITICAL|HIGH|ALL',
'sortOrder' => 'ASC|DESC',
],
'findingTypeAggregation' => [
'findingType' => 'NETWORK_REACHABILITY|PACKAGE_VULNERABILITY|CODE_VULNERABILITY',
'resourceType' => 'AWS_EC2_INSTANCE|AWS_ECR_CONTAINER_IMAGE|AWS_LAMBDA_FUNCTION|CODE_REPOSITORY',
'sortBy' => 'CRITICAL|HIGH|ALL',
'sortOrder' => 'ASC|DESC',
],
'imageLayerAggregation' => [
'layerHashes' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'repositories' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'resourceIds' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'sortBy' => 'CRITICAL|HIGH|ALL',
'sortOrder' => 'ASC|DESC',
],
'lambdaFunctionAggregation' => [
'functionNames' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'functionTags' => [
[
'comparison' => 'EQUALS', // REQUIRED
'key' => '<string>', // REQUIRED
'value' => '<string>',
],
// ...
],
'resourceIds' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'runtimes' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'sortBy' => 'CRITICAL|HIGH|ALL',
'sortOrder' => 'ASC|DESC',
],
'lambdaLayerAggregation' => [
'functionNames' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'layerArns' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'resourceIds' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'sortBy' => 'CRITICAL|HIGH|ALL',
'sortOrder' => 'ASC|DESC',
],
'packageAggregation' => [
'packageNames' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'sortBy' => 'CRITICAL|HIGH|ALL',
'sortOrder' => 'ASC|DESC',
],
'repositoryAggregation' => [
'repositories' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'sortBy' => 'CRITICAL|HIGH|ALL|AFFECTED_IMAGES',
'sortOrder' => 'ASC|DESC',
],
'titleAggregation' => [
'findingType' => 'NETWORK_REACHABILITY|PACKAGE_VULNERABILITY|CODE_VULNERABILITY',
'resourceType' => 'AWS_EC2_INSTANCE|AWS_ECR_CONTAINER_IMAGE|AWS_LAMBDA_FUNCTION|CODE_REPOSITORY',
'sortBy' => 'CRITICAL|HIGH|ALL',
'sortOrder' => 'ASC|DESC',
'titles' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'vulnerabilityIds' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
],
],
'aggregationType' => 'FINDING_TYPE|PACKAGE|TITLE|REPOSITORY|AMI|AWS_EC2_INSTANCE|AWS_ECR_CONTAINER|IMAGE_LAYER|ACCOUNT|AWS_LAMBDA_FUNCTION|LAMBDA_LAYER|CODE_REPOSITORY', // REQUIRED
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- accountIds
-
- Type: Array of StringFilter structures
The Amazon Web Services account IDs to retrieve finding aggregation data for.
- aggregationRequest
-
- Type: AggregationRequest structure
Details of the aggregation request that is used to filter your aggregation results.
- aggregationType
-
- Required: Yes
- Type: string
The type of the aggregation request.
- maxResults
-
- Type: int
The maximum number of results the response can return. If your request would return more than the maximum the response will return a
nextTokenvalue, use this value when you call the action again to get the remaining results. - nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. If your response returns more than the
maxResultsmaximum value it will also return anextTokenvalue. For subsequent calls, use thenextTokenvalue returned from the previous request to continue listing results after the first page.
Result Syntax
[
'aggregationType' => 'FINDING_TYPE|PACKAGE|TITLE|REPOSITORY|AMI|AWS_EC2_INSTANCE|AWS_ECR_CONTAINER|IMAGE_LAYER|ACCOUNT|AWS_LAMBDA_FUNCTION|LAMBDA_LAYER|CODE_REPOSITORY',
'nextToken' => '<string>',
'responses' => [
[
'accountAggregation' => [
'accountId' => '<string>',
'exploitAvailableCount' => <integer>,
'fixAvailableCount' => <integer>,
'severityCounts' => [
'all' => <integer>,
'critical' => <integer>,
'high' => <integer>,
'medium' => <integer>,
],
],
'amiAggregation' => [
'accountId' => '<string>',
'affectedInstances' => <integer>,
'ami' => '<string>',
'severityCounts' => [
'all' => <integer>,
'critical' => <integer>,
'high' => <integer>,
'medium' => <integer>,
],
],
'awsEcrContainerAggregation' => [
'accountId' => '<string>',
'architecture' => '<string>',
'imageSha' => '<string>',
'imageTags' => ['<string>', ...],
'inUseCount' => <integer>,
'lastInUseAt' => <DateTime>,
'repository' => '<string>',
'resourceId' => '<string>',
'severityCounts' => [
'all' => <integer>,
'critical' => <integer>,
'high' => <integer>,
'medium' => <integer>,
],
],
'codeRepositoryAggregation' => [
'accountId' => '<string>',
'exploitAvailableActiveFindingsCount' => <integer>,
'fixAvailableActiveFindingsCount' => <integer>,
'projectNames' => '<string>',
'providerType' => '<string>',
'resourceId' => '<string>',
'severityCounts' => [
'all' => <integer>,
'critical' => <integer>,
'high' => <integer>,
'medium' => <integer>,
],
],
'ec2InstanceAggregation' => [
'accountId' => '<string>',
'ami' => '<string>',
'instanceId' => '<string>',
'instanceTags' => ['<string>', ...],
'networkFindings' => <integer>,
'operatingSystem' => '<string>',
'severityCounts' => [
'all' => <integer>,
'critical' => <integer>,
'high' => <integer>,
'medium' => <integer>,
],
],
'findingTypeAggregation' => [
'accountId' => '<string>',
'exploitAvailableCount' => <integer>,
'fixAvailableCount' => <integer>,
'severityCounts' => [
'all' => <integer>,
'critical' => <integer>,
'high' => <integer>,
'medium' => <integer>,
],
],
'imageLayerAggregation' => [
'accountId' => '<string>',
'layerHash' => '<string>',
'repository' => '<string>',
'resourceId' => '<string>',
'severityCounts' => [
'all' => <integer>,
'critical' => <integer>,
'high' => <integer>,
'medium' => <integer>,
],
],
'lambdaFunctionAggregation' => [
'accountId' => '<string>',
'functionName' => '<string>',
'lambdaTags' => ['<string>', ...],
'lastModifiedAt' => <DateTime>,
'resourceId' => '<string>',
'runtime' => '<string>',
'severityCounts' => [
'all' => <integer>,
'critical' => <integer>,
'high' => <integer>,
'medium' => <integer>,
],
],
'lambdaLayerAggregation' => [
'accountId' => '<string>',
'functionName' => '<string>',
'layerArn' => '<string>',
'resourceId' => '<string>',
'severityCounts' => [
'all' => <integer>,
'critical' => <integer>,
'high' => <integer>,
'medium' => <integer>,
],
],
'packageAggregation' => [
'accountId' => '<string>',
'packageName' => '<string>',
'severityCounts' => [
'all' => <integer>,
'critical' => <integer>,
'high' => <integer>,
'medium' => <integer>,
],
],
'repositoryAggregation' => [
'accountId' => '<string>',
'affectedImages' => <integer>,
'repository' => '<string>',
'severityCounts' => [
'all' => <integer>,
'critical' => <integer>,
'high' => <integer>,
'medium' => <integer>,
],
],
'titleAggregation' => [
'accountId' => '<string>',
'severityCounts' => [
'all' => <integer>,
'critical' => <integer>,
'high' => <integer>,
'medium' => <integer>,
],
'title' => '<string>',
'vulnerabilityId' => '<string>',
],
],
// ...
],
]
Result Details
Members
- aggregationType
-
- Required: Yes
- Type: string
The type of aggregation to perform.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the
NextTokenvalue returned from the previous request to continue listing results after the first page. - responses
-
- Type: Array of AggregationResponse structures
Objects that contain the results of an aggregation operation.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
ListFindings
$result = $client->listFindings([/* ... */]); $promise = $client->listFindingsAsync([/* ... */]);
Lists findings for your environment.
Parameter Syntax
$result = $client->listFindings([
'filterCriteria' => [
'awsAccountId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'codeRepositoryProjectName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'codeRepositoryProviderType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'codeVulnerabilityDetectorName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'codeVulnerabilityDetectorTags' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'codeVulnerabilityFilePath' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'componentId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'componentType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ec2InstanceImageId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ec2InstanceSubnetId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ec2InstanceVpcId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrImageArchitecture' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrImageHash' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrImageInUseCount' => [
[
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
// ...
],
'ecrImageLastInUseAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'ecrImagePushedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'ecrImageRegistry' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrImageRepositoryName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrImageTags' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'epssScore' => [
[
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
// ...
],
'exploitAvailable' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'findingArn' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'findingStatus' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'findingType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'firstObservedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'fixAvailable' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'inspectorScore' => [
[
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
// ...
],
'lambdaFunctionExecutionRoleArn' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lambdaFunctionLastModifiedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'lambdaFunctionLayers' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lambdaFunctionName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lambdaFunctionRuntime' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lastObservedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'networkProtocol' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'portRange' => [
[
'beginInclusive' => <integer>,
'endInclusive' => <integer>,
],
// ...
],
'relatedVulnerabilities' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'resourceId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'resourceTags' => [
[
'comparison' => 'EQUALS', // REQUIRED
'key' => '<string>', // REQUIRED
'value' => '<string>',
],
// ...
],
'resourceType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'severity' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'title' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'updatedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'vendorSeverity' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'vulnerabilityId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'vulnerabilitySource' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'vulnerablePackages' => [
[
'architecture' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'epoch' => [
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
'filePath' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'name' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'release' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'sourceLambdaLayerArn' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'sourceLayerHash' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'version' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
],
// ...
],
],
'maxResults' => <integer>,
'nextToken' => '<string>',
'sortCriteria' => [
'field' => 'AWS_ACCOUNT_ID|FINDING_TYPE|SEVERITY|FIRST_OBSERVED_AT|LAST_OBSERVED_AT|FINDING_STATUS|RESOURCE_TYPE|ECR_IMAGE_PUSHED_AT|ECR_IMAGE_REPOSITORY_NAME|ECR_IMAGE_REGISTRY|NETWORK_PROTOCOL|COMPONENT_TYPE|VULNERABILITY_ID|VULNERABILITY_SOURCE|INSPECTOR_SCORE|VENDOR_SEVERITY|EPSS_SCORE', // REQUIRED
'sortOrder' => 'ASC|DESC', // REQUIRED
],
]);
Parameter Details
Members
- filterCriteria
-
- Type: FilterCriteria structure
Details on the filters to apply to your finding results.
- maxResults
-
- Type: int
The maximum number of results the response can return. If your request would return more than the maximum the response will return a
nextTokenvalue, use this value when you call the action again to get the remaining results. - nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. If your response returns more than the
maxResultsmaximum value it will also return anextTokenvalue. For subsequent calls, use thenextTokenvalue returned from the previous request to continue listing results after the first page. - sortCriteria
-
- Type: SortCriteria structure
Details on the sort criteria to apply to your finding results.
Result Syntax
[
'findings' => [
[
'awsAccountId' => '<string>',
'codeVulnerabilityDetails' => [
'cwes' => ['<string>', ...],
'detectorId' => '<string>',
'detectorName' => '<string>',
'detectorTags' => ['<string>', ...],
'filePath' => [
'endLine' => <integer>,
'fileName' => '<string>',
'filePath' => '<string>',
'startLine' => <integer>,
],
'referenceUrls' => ['<string>', ...],
'ruleId' => '<string>',
'sourceLambdaLayerArn' => '<string>',
],
'description' => '<string>',
'epss' => [
'score' => <float>,
],
'exploitAvailable' => 'YES|NO',
'exploitabilityDetails' => [
'lastKnownExploitAt' => <DateTime>,
],
'findingArn' => '<string>',
'firstObservedAt' => <DateTime>,
'fixAvailable' => 'YES|NO|PARTIAL',
'inspectorScore' => <float>,
'inspectorScoreDetails' => [
'adjustedCvss' => [
'adjustments' => [
[
'metric' => '<string>',
'reason' => '<string>',
],
// ...
],
'cvssSource' => '<string>',
'score' => <float>,
'scoreSource' => '<string>',
'scoringVector' => '<string>',
'version' => '<string>',
],
],
'lastObservedAt' => <DateTime>,
'networkReachabilityDetails' => [
'networkPath' => [
'steps' => [
[
'componentArn' => '<string>',
'componentId' => '<string>',
'componentType' => '<string>',
],
// ...
],
],
'openPortRange' => [
'begin' => <integer>,
'end' => <integer>,
],
'protocol' => 'TCP|UDP',
],
'packageVulnerabilityDetails' => [
'cvss' => [
[
'baseScore' => <float>,
'scoringVector' => '<string>',
'source' => '<string>',
'version' => '<string>',
],
// ...
],
'referenceUrls' => ['<string>', ...],
'relatedVulnerabilities' => ['<string>', ...],
'source' => '<string>',
'sourceUrl' => '<string>',
'vendorCreatedAt' => <DateTime>,
'vendorSeverity' => '<string>',
'vendorUpdatedAt' => <DateTime>,
'vulnerabilityId' => '<string>',
'vulnerablePackages' => [
[
'arch' => '<string>',
'epoch' => <integer>,
'filePath' => '<string>',
'fixedInVersion' => '<string>',
'name' => '<string>',
'packageManager' => 'BUNDLER|CARGO|COMPOSER|NPM|NUGET|PIPENV|POETRY|YARN|GOBINARY|GOMOD|JAR|OS|PIP|PYTHONPKG|NODEPKG|POM|GEMSPEC|DOTNET_CORE',
'release' => '<string>',
'remediation' => '<string>',
'sourceLambdaLayerArn' => '<string>',
'sourceLayerHash' => '<string>',
'version' => '<string>',
],
// ...
],
],
'remediation' => [
'recommendation' => [
'Url' => '<string>',
'text' => '<string>',
],
],
'resources' => [
[
'details' => [
'awsEc2Instance' => [
'iamInstanceProfileArn' => '<string>',
'imageId' => '<string>',
'ipV4Addresses' => ['<string>', ...],
'ipV6Addresses' => ['<string>', ...],
'keyName' => '<string>',
'launchedAt' => <DateTime>,
'platform' => '<string>',
'subnetId' => '<string>',
'type' => '<string>',
'vpcId' => '<string>',
],
'awsEcrContainerImage' => [
'architecture' => '<string>',
'author' => '<string>',
'imageHash' => '<string>',
'imageTags' => ['<string>', ...],
'inUseCount' => <integer>,
'lastInUseAt' => <DateTime>,
'platform' => '<string>',
'pushedAt' => <DateTime>,
'registry' => '<string>',
'repositoryName' => '<string>',
],
'awsLambdaFunction' => [
'architectures' => ['<string>', ...],
'codeSha256' => '<string>',
'executionRoleArn' => '<string>',
'functionName' => '<string>',
'lastModifiedAt' => <DateTime>,
'layers' => ['<string>', ...],
'packageType' => 'IMAGE|ZIP',
'runtime' => 'NODEJS|NODEJS_12_X|NODEJS_14_X|NODEJS_16_X|JAVA_8|JAVA_8_AL2|JAVA_11|PYTHON_3_7|PYTHON_3_8|PYTHON_3_9|UNSUPPORTED|NODEJS_18_X|GO_1_X|JAVA_17|PYTHON_3_10|PYTHON_3_11|DOTNETCORE_3_1|DOTNET_6|DOTNET_7|RUBY_2_7|RUBY_3_2',
'version' => '<string>',
'vpcConfig' => [
'securityGroupIds' => ['<string>', ...],
'subnetIds' => ['<string>', ...],
'vpcId' => '<string>',
],
],
'codeRepository' => [
'integrationArn' => '<string>',
'projectName' => '<string>',
'providerType' => 'GITHUB|GITLAB_SELF_MANAGED',
],
],
'id' => '<string>',
'partition' => '<string>',
'region' => '<string>',
'tags' => ['<string>', ...],
'type' => 'AWS_EC2_INSTANCE|AWS_ECR_CONTAINER_IMAGE|AWS_ECR_REPOSITORY|AWS_LAMBDA_FUNCTION|CODE_REPOSITORY',
],
// ...
],
'severity' => 'INFORMATIONAL|LOW|MEDIUM|HIGH|CRITICAL|UNTRIAGED',
'status' => 'ACTIVE|SUPPRESSED|CLOSED',
'title' => '<string>',
'type' => 'NETWORK_REACHABILITY|PACKAGE_VULNERABILITY|CODE_VULNERABILITY',
'updatedAt' => <DateTime>,
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- findings
-
- Type: Array of Finding structures
Contains details on the findings in your environment.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the
NextTokenvalue returned from the previous request to continue listing results after the first page.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
ListMembers
$result = $client->listMembers([/* ... */]); $promise = $client->listMembersAsync([/* ... */]);
List members associated with the Amazon Inspector delegated administrator for your organization.
Parameter Syntax
$result = $client->listMembers([
'maxResults' => <integer>,
'nextToken' => '<string>',
'onlyAssociated' => true || false,
]);
Parameter Details
Members
- maxResults
-
- Type: int
The maximum number of results the response can return. If your request would return more than the maximum the response will return a
nextTokenvalue, use this value when you call the action again to get the remaining results. - nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. If your response returns more than the
maxResultsmaximum value it will also return anextTokenvalue. For subsequent calls, use thenextTokenvalue returned from the previous request to continue listing results after the first page. - onlyAssociated
-
- Type: boolean
Specifies whether to list only currently associated members if
Trueor to list all members within the organization ifFalse.
Result Syntax
[
'members' => [
[
'accountId' => '<string>',
'delegatedAdminAccountId' => '<string>',
'relationshipStatus' => 'CREATED|INVITED|DISABLED|ENABLED|REMOVED|RESIGNED|DELETED|EMAIL_VERIFICATION_IN_PROGRESS|EMAIL_VERIFICATION_FAILED|REGION_DISABLED|ACCOUNT_SUSPENDED|CANNOT_CREATE_DETECTOR_IN_ORG_MASTER',
'updatedAt' => <DateTime>,
],
// ...
],
'nextToken' => '<string>',
]
Result Details
Members
- members
-
- Type: Array of Member structures
An object that contains details for each member account.
- nextToken
-
- Type: string
The pagination parameter to be used on the next list operation to retrieve more items.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
ListTagsForResource
$result = $client->listTagsForResource([/* ... */]); $promise = $client->listTagsForResourceAsync([/* ... */]);
Lists all tags attached to a given resource.
Parameter Syntax
$result = $client->listTagsForResource([
'resourceArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- resourceArn
-
- Required: Yes
- Type: string
The Amazon resource number (ARN) of the resource to list tags of.
Result Syntax
[
'tags' => ['<string>', ...],
]
Result Details
Members
- tags
-
- Type: Associative array of custom strings keys (MapKey) to strings
The tags associated with the resource.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
ListUsageTotals
$result = $client->listUsageTotals([/* ... */]); $promise = $client->listUsageTotalsAsync([/* ... */]);
Lists the Amazon Inspector usage totals over the last 30 days.
Parameter Syntax
$result = $client->listUsageTotals([
'accountIds' => ['<string>', ...],
'maxResults' => <integer>,
'nextToken' => '<string>',
]);
Parameter Details
Members
- accountIds
-
- Type: Array of strings
The Amazon Web Services account IDs to retrieve usage totals for.
- maxResults
-
- Type: int
The maximum number of results the response can return. If your request would return more than the maximum the response will return a
nextTokenvalue, use this value when you call the action again to get the remaining results. - nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. If your response returns more than the
maxResultsmaximum value it will also return anextTokenvalue. For subsequent calls, use thenextTokenvalue returned from the previous request to continue listing results after the first page.
Result Syntax
[
'nextToken' => '<string>',
'totals' => [
[
'accountId' => '<string>',
'usage' => [
[
'currency' => 'USD',
'estimatedMonthlyCost' => <float>,
'total' => <float>,
'type' => 'EC2_INSTANCE_HOURS|ECR_INITIAL_SCAN|ECR_RESCAN|LAMBDA_FUNCTION_HOURS|LAMBDA_FUNCTION_CODE_HOURS|CODE_REPOSITORY_SAST|CODE_REPOSITORY_IAC|CODE_REPOSITORY_SCA|EC2_AGENTLESS_INSTANCE_HOURS',
],
// ...
],
],
// ...
],
]
Result Details
Members
- nextToken
-
- Type: string
The pagination parameter to be used on the next list operation to retrieve more items.
- totals
-
- Type: Array of UsageTotal structures
An object with details on the total usage for the requested account.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
ResetEncryptionKey
$result = $client->resetEncryptionKey([/* ... */]); $promise = $client->resetEncryptionKeyAsync([/* ... */]);
Resets an encryption key. After the key is reset your resources will be encrypted by an Amazon Web Services owned key.
Parameter Syntax
$result = $client->resetEncryptionKey([
'resourceType' => 'AWS_EC2_INSTANCE|AWS_ECR_CONTAINER_IMAGE|AWS_ECR_REPOSITORY|AWS_LAMBDA_FUNCTION|CODE_REPOSITORY', // REQUIRED
'scanType' => 'NETWORK|PACKAGE|CODE', // REQUIRED
]);
Parameter Details
Members
- resourceType
-
- Required: Yes
- Type: string
The resource type the key encrypts.
- scanType
-
- Required: Yes
- Type: string
The scan type the key encrypts.
Result Syntax
[]
Result Details
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
SearchVulnerabilities
$result = $client->searchVulnerabilities([/* ... */]); $promise = $client->searchVulnerabilitiesAsync([/* ... */]);
Lists Amazon Inspector coverage details for a specific vulnerability.
Parameter Syntax
$result = $client->searchVulnerabilities([
'filterCriteria' => [ // REQUIRED
'vulnerabilityIds' => ['<string>', ...], // REQUIRED
],
'nextToken' => '<string>',
]);
Parameter Details
Members
- filterCriteria
-
- Required: Yes
- Type: SearchVulnerabilitiesFilterCriteria structure
The criteria used to filter the results of a vulnerability search.
- nextToken
-
- Type: string
A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the
NextTokenvalue returned from the previous request to continue listing results after the first page.
Result Syntax
[
'nextToken' => '<string>',
'vulnerabilities' => [
[
'atigData' => [
'firstSeen' => <DateTime>,
'lastSeen' => <DateTime>,
'targets' => ['<string>', ...],
'ttps' => ['<string>', ...],
],
'cisaData' => [
'action' => '<string>',
'dateAdded' => <DateTime>,
'dateDue' => <DateTime>,
],
'cvss2' => [
'baseScore' => <float>,
'scoringVector' => '<string>',
],
'cvss3' => [
'baseScore' => <float>,
'scoringVector' => '<string>',
],
'cvss4' => [
'baseScore' => <float>,
'scoringVector' => '<string>',
],
'cwes' => ['<string>', ...],
'description' => '<string>',
'detectionPlatforms' => ['<string>', ...],
'epss' => [
'score' => <float>,
],
'exploitObserved' => [
'firstSeen' => <DateTime>,
'lastSeen' => <DateTime>,
],
'id' => '<string>',
'referenceUrls' => ['<string>', ...],
'relatedVulnerabilities' => ['<string>', ...],
'source' => 'NVD',
'sourceUrl' => '<string>',
'vendorCreatedAt' => <DateTime>,
'vendorSeverity' => '<string>',
'vendorUpdatedAt' => <DateTime>,
],
// ...
],
]
Result Details
Members
- nextToken
-
- Type: string
The pagination parameter to be used on the next list operation to retrieve more items.
- vulnerabilities
-
- Required: Yes
- Type: Array of Vulnerability structures
Details about the listed vulnerability.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
SendCisSessionHealth
$result = $client->sendCisSessionHealth([/* ... */]); $promise = $client->sendCisSessionHealthAsync([/* ... */]);
Sends a CIS session health. This API is used by the Amazon Inspector SSM plugin to communicate with the Amazon Inspector service. The Amazon Inspector SSM plugin calls this API to start a CIS scan session for the scan ID supplied by the service.
Parameter Syntax
$result = $client->sendCisSessionHealth([
'scanJobId' => '<string>', // REQUIRED
'sessionToken' => '<string>', // REQUIRED
]);
Parameter Details
Members
- scanJobId
-
- Required: Yes
- Type: string
A unique identifier for the scan job.
- sessionToken
-
- Required: Yes
- Type: string
The unique token that identifies the CIS session.
Result Syntax
[]
Result Details
Errors
- ConflictException:
A conflict occurred. This exception occurs when the same resource is being modified by concurrent requests.
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
Examples
Example 1: Sample SendCisSessionHealth Call
$result = $client->sendCisSessionHealth([
'scanJobId' => '624b746d-e080-44ae-8c1d-48e653365a38',
'sessionToken' => '624b746d-e080-44ae-8c1d-48e653365a31',
]);
Result syntax:
[ ]
SendCisSessionTelemetry
$result = $client->sendCisSessionTelemetry([/* ... */]); $promise = $client->sendCisSessionTelemetryAsync([/* ... */]);
Sends a CIS session telemetry. This API is used by the Amazon Inspector SSM plugin to communicate with the Amazon Inspector service. The Amazon Inspector SSM plugin calls this API to start a CIS scan session for the scan ID supplied by the service.
Parameter Syntax
$result = $client->sendCisSessionTelemetry([
'messages' => [ // REQUIRED
[
'cisRuleDetails' => <string || resource || Psr\Http\Message\StreamInterface>, // REQUIRED
'ruleId' => '<string>', // REQUIRED
'status' => 'FAILED|PASSED|NOT_EVALUATED|INFORMATIONAL|UNKNOWN|NOT_APPLICABLE|ERROR', // REQUIRED
],
// ...
],
'scanJobId' => '<string>', // REQUIRED
'sessionToken' => '<string>', // REQUIRED
]);
Parameter Details
Members
- messages
-
- Required: Yes
- Type: Array of CisSessionMessage structures
The CIS session telemetry messages.
- scanJobId
-
- Required: Yes
- Type: string
A unique identifier for the scan job.
- sessionToken
-
- Required: Yes
- Type: string
The unique token that identifies the CIS session.
Result Syntax
[]
Result Details
Errors
- ConflictException:
A conflict occurred. This exception occurs when the same resource is being modified by concurrent requests.
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
Examples
Example 1: Sample SendCisSessionTelemetry Call
$result = $client->sendCisSessionTelemetry([
'messages' => [
[
'cisRuleDetails' => <BLOB>,
'ruleId' => '1.12.1',
'status' => 'FAILED',
],
[
'cisRuleDetails' => <BLOB>,
'ruleId' => '1.2.1',
'status' => 'PASSED',
],
],
'scanJobId' => '624b746d-e080-44ae-8c1d-48e653365a38',
'sessionToken' => '624b746d-e080-44ae-8c1d-48e653365a31',
]);
Result syntax:
[ ]
StartCisSession
$result = $client->startCisSession([/* ... */]); $promise = $client->startCisSessionAsync([/* ... */]);
Starts a CIS session. This API is used by the Amazon Inspector SSM plugin to communicate with the Amazon Inspector service. The Amazon Inspector SSM plugin calls this API to start a CIS scan session for the scan ID supplied by the service.
Parameter Syntax
$result = $client->startCisSession([
'message' => [ // REQUIRED
'sessionToken' => '<string>', // REQUIRED
],
'scanJobId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- message
-
- Required: Yes
- Type: StartCisSessionMessage structure
The start CIS session message.
- scanJobId
-
- Required: Yes
- Type: string
A unique identifier for the scan job.
Result Syntax
[]
Result Details
Errors
- ConflictException:
A conflict occurred. This exception occurs when the same resource is being modified by concurrent requests.
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
Examples
Example 1: Sample SendCisSessionHealth Call
$result = $client->startCisSession([
'message' => [
'sessionToken' => '624b746d-e080-44ae-8c1d-48e653365a31',
],
'scanJobId' => '624b746d-e080-44ae-8c1d-48e653365a38',
]);
Result syntax:
[ ]
StartCodeSecurityScan
$result = $client->startCodeSecurityScan([/* ... */]); $promise = $client->startCodeSecurityScanAsync([/* ... */]);
Initiates a code security scan on a specified repository.
Parameter Syntax
$result = $client->startCodeSecurityScan([
'clientToken' => '<string>',
'resource' => [ // REQUIRED
'projectId' => '<string>',
],
]);
Parameter Details
Members
- clientToken
-
- Type: string
A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
- resource
-
- Required: Yes
- Type: CodeSecurityResource structure
The resource identifier for the code repository to scan.
Result Syntax
[
'scanId' => '<string>',
'status' => 'IN_PROGRESS|SUCCESSFUL|FAILED|SKIPPED',
]
Result Details
Members
- scanId
-
- Type: string
The unique identifier of the initiated scan.
- status
-
- Type: string
The current status of the initiated scan.
Errors
- ConflictException:
A conflict occurred. This exception occurs when the same resource is being modified by concurrent requests.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
StopCisSession
$result = $client->stopCisSession([/* ... */]); $promise = $client->stopCisSessionAsync([/* ... */]);
Stops a CIS session. This API is used by the Amazon Inspector SSM plugin to communicate with the Amazon Inspector service. The Amazon Inspector SSM plugin calls this API to stop a CIS scan session for the scan ID supplied by the service.
Parameter Syntax
$result = $client->stopCisSession([
'message' => [ // REQUIRED
'benchmarkProfile' => '<string>',
'benchmarkVersion' => '<string>',
'computePlatform' => [
'product' => '<string>',
'vendor' => '<string>',
'version' => '<string>',
],
'progress' => [ // REQUIRED
'errorChecks' => <integer>,
'failedChecks' => <integer>,
'informationalChecks' => <integer>,
'notApplicableChecks' => <integer>,
'notEvaluatedChecks' => <integer>,
'successfulChecks' => <integer>,
'totalChecks' => <integer>,
'unknownChecks' => <integer>,
],
'reason' => '<string>',
'status' => 'SUCCESS|FAILED|INTERRUPTED|UNSUPPORTED_OS', // REQUIRED
],
'scanJobId' => '<string>', // REQUIRED
'sessionToken' => '<string>', // REQUIRED
]);
Parameter Details
Members
- message
-
- Required: Yes
- Type: StopCisSessionMessage structure
The stop CIS session message.
- scanJobId
-
- Required: Yes
- Type: string
A unique identifier for the scan job.
- sessionToken
-
- Required: Yes
- Type: string
The unique token that identifies the CIS session.
Result Syntax
[]
Result Details
Errors
- ConflictException:
A conflict occurred. This exception occurs when the same resource is being modified by concurrent requests.
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
Examples
Example 1: Sample StopCisSession Call
$result = $client->stopCisSession([
'message' => [
'benchmarkProfile' => 'xccdf_org.cisecurity.benchmarks_profile_Level_1',
'benchmarkVersion' => '2.0.0',
'computePlatform' => [
'version' => '20.04',
'product' => 'ubuntu',
'vendor' => 'canonical',
],
'progress' => [
'errorChecks' => 1,
'failedChecks' => 0,
'informationalChecks' => 1,
'notApplicableChecks' => 0,
'notEvaluatedChecks' => 2,
'successfulChecks' => 5,
'totalChecks' => 10,
'unknownChecks' => 0,
],
'reason' => 'Failure Reason',
'status' => 'FAILED',
],
'scanJobId' => '624b746d-e080-44ae-8c1d-48e653365a38',
'sessionToken' => '624b746d-e080-44ae-8c1d-48e653365a31',
]);
Result syntax:
[ ]
TagResource
$result = $client->tagResource([/* ... */]); $promise = $client->tagResourceAsync([/* ... */]);
Adds tags to a resource.
Parameter Syntax
$result = $client->tagResource([
'resourceArn' => '<string>', // REQUIRED
'tags' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- resourceArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the resource to apply a tag to.
- tags
-
- Required: Yes
- Type: Associative array of custom strings keys (MapKey) to strings
The tags to be added to a resource.
Result Syntax
[]
Result Details
Errors
- BadRequestException:
One or more tags submitted as part of the request is not valid.
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
UntagResource
$result = $client->untagResource([/* ... */]); $promise = $client->untagResourceAsync([/* ... */]);
Removes tags from a resource.
Parameter Syntax
$result = $client->untagResource([
'resourceArn' => '<string>', // REQUIRED
'tagKeys' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- resourceArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) for the resource to remove tags from.
- tagKeys
-
- Required: Yes
- Type: Array of strings
The tag keys to remove from the resource.
Result Syntax
[]
Result Details
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
UpdateCisScanConfiguration
$result = $client->updateCisScanConfiguration([/* ... */]); $promise = $client->updateCisScanConfigurationAsync([/* ... */]);
Updates a CIS scan configuration.
Parameter Syntax
$result = $client->updateCisScanConfiguration([
'scanConfigurationArn' => '<string>', // REQUIRED
'scanName' => '<string>',
'schedule' => [
'daily' => [
'startTime' => [ // REQUIRED
'timeOfDay' => '<string>', // REQUIRED
'timezone' => '<string>', // REQUIRED
],
],
'monthly' => [
'day' => 'SUN|MON|TUE|WED|THU|FRI|SAT', // REQUIRED
'startTime' => [ // REQUIRED
'timeOfDay' => '<string>', // REQUIRED
'timezone' => '<string>', // REQUIRED
],
],
'oneTime' => [
],
'weekly' => [
'days' => ['<string>', ...], // REQUIRED
'startTime' => [ // REQUIRED
'timeOfDay' => '<string>', // REQUIRED
'timezone' => '<string>', // REQUIRED
],
],
],
'securityLevel' => 'LEVEL_1|LEVEL_2',
'targets' => [
'accountIds' => ['<string>', ...],
'targetResourceTags' => [
'<TargetResourceTagsKey>' => ['<string>', ...],
// ...
],
],
]);
Parameter Details
Members
- scanConfigurationArn
-
- Required: Yes
- Type: string
The CIS scan configuration ARN.
- scanName
-
- Type: string
The scan name for the CIS scan configuration.
- schedule
-
- Type: Schedule structure
The schedule for the CIS scan configuration.
- securityLevel
-
- Type: string
The security level for the CIS scan configuration. Security level refers to the Benchmark levels that CIS assigns to a profile.
- targets
-
- Type: UpdateCisTargets structure
The targets for the CIS scan configuration.
Result Syntax
[
'scanConfigurationArn' => '<string>',
]
Result Details
Members
- scanConfigurationArn
-
- Required: Yes
- Type: string
The CIS scan configuration ARN.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
Examples
Example 1: Sample UpdateCisScanConfiguration Call
$result = $client->updateCisScanConfiguration([
'scanConfigurationArn' => 'arn:aws:inspector2:us-east-1:123412341234:owner/123412341234/cis-configuration/624b746d-e080-44ae-8c1d-48e653365a38',
'scanName' => 'sample_new',
'schedule' => [
'daily' => [
'startTime' => [
'timeOfDay' => '12:56',
'timezone' => 'UTC',
],
],
],
'securityLevel' => 'LEVEL_2',
'targets' => [
'accountIds' => [
'SELF',
],
'targetResourceTags' => [
'key2' => [
'value2',
],
],
],
]);
Result syntax:
[
'scanConfigurationArn' => 'arn:aws:inspector2:us-east-1:123412341234:owner/123412341234/cis-configuration/624b746d-e080-44ae-8c1d-48e653365a38',
]
UpdateCodeSecurityIntegration
$result = $client->updateCodeSecurityIntegration([/* ... */]); $promise = $client->updateCodeSecurityIntegrationAsync([/* ... */]);
Updates an existing code security integration.
After calling the CreateCodeSecurityIntegration operation, you complete authentication and authorization with your provider. Next you call the UpdateCodeSecurityIntegration operation to provide the details to complete the integration setup
Parameter Syntax
$result = $client->updateCodeSecurityIntegration([
'details' => [ // REQUIRED
'github' => [
'code' => '<string>', // REQUIRED
'installationId' => '<string>', // REQUIRED
],
'gitlabSelfManaged' => [
'authCode' => '<string>', // REQUIRED
],
],
'integrationArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- details
-
- Required: Yes
- Type: UpdateIntegrationDetails structure
The updated integration details specific to the repository provider type.
- integrationArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the code security integration to update.
Result Syntax
[
'integrationArn' => '<string>',
'status' => 'PENDING|IN_PROGRESS|ACTIVE|INACTIVE|DISABLING',
]
Result Details
Members
- integrationArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the updated code security integration.
- status
-
- Required: Yes
- Type: string
The current status of the updated code security integration.
Errors
- ConflictException:
A conflict occurred. This exception occurs when the same resource is being modified by concurrent requests.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
UpdateCodeSecurityScanConfiguration
$result = $client->updateCodeSecurityScanConfiguration([/* ... */]); $promise = $client->updateCodeSecurityScanConfigurationAsync([/* ... */]);
Updates an existing code security scan configuration.
Parameter Syntax
$result = $client->updateCodeSecurityScanConfiguration([
'configuration' => [ // REQUIRED
'continuousIntegrationScanConfiguration' => [
'supportedEvents' => ['<string>', ...], // REQUIRED
],
'periodicScanConfiguration' => [
'frequency' => 'WEEKLY|MONTHLY|NEVER',
'frequencyExpression' => '<string>',
],
'ruleSetCategories' => ['<string>', ...], // REQUIRED
],
'scanConfigurationArn' => '<string>', // REQUIRED
]);
Parameter Details
Members
- configuration
-
- Required: Yes
- Type: CodeSecurityScanConfiguration structure
The updated configuration settings for the code security scan.
- scanConfigurationArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the scan configuration to update.
Result Syntax
[
'scanConfigurationArn' => '<string>',
]
Result Details
Members
- scanConfigurationArn
-
- Type: string
The Amazon Resource Name (ARN) of the updated scan configuration.
Errors
- ConflictException:
A conflict occurred. This exception occurs when the same resource is being modified by concurrent requests.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
UpdateConfiguration
$result = $client->updateConfiguration([/* ... */]); $promise = $client->updateConfigurationAsync([/* ... */]);
Updates setting configurations for your Amazon Inspector account. When you use this API as an Amazon Inspector delegated administrator this updates the setting for all accounts you manage. Member accounts in an organization cannot update this setting.
Parameter Syntax
$result = $client->updateConfiguration([
'ec2Configuration' => [
'scanMode' => 'EC2_SSM_AGENT_BASED|EC2_HYBRID', // REQUIRED
],
'ecrConfiguration' => [
'pullDateRescanDuration' => 'DAYS_14|DAYS_30|DAYS_60|DAYS_90|DAYS_180',
'pullDateRescanMode' => 'LAST_PULL_DATE|LAST_IN_USE_AT',
'rescanDuration' => 'LIFETIME|DAYS_30|DAYS_180|DAYS_14|DAYS_60|DAYS_90', // REQUIRED
],
]);
Parameter Details
Members
- ec2Configuration
-
- Type: Ec2Configuration structure
Specifies how the Amazon EC2 automated scan will be updated for your environment.
- ecrConfiguration
-
- Type: EcrConfiguration structure
Specifies how the ECR automated re-scan will be updated for your environment.
Result Syntax
[]
Result Details
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
UpdateEc2DeepInspectionConfiguration
$result = $client->updateEc2DeepInspectionConfiguration([/* ... */]); $promise = $client->updateEc2DeepInspectionConfigurationAsync([/* ... */]);
Activates, deactivates Amazon Inspector deep inspection, or updates custom paths for your account.
Parameter Syntax
$result = $client->updateEc2DeepInspectionConfiguration([
'activateDeepInspection' => true || false,
'packagePaths' => ['<string>', ...],
]);
Parameter Details
Members
- activateDeepInspection
-
- Type: boolean
Specify
TRUEto activate Amazon Inspector deep inspection in your account, orFALSEto deactivate. Member accounts in an organization cannot deactivate deep inspection, instead the delegated administrator for the organization can deactivate a member account using BatchUpdateMemberEc2DeepInspectionStatus. - packagePaths
-
- Type: Array of strings
The Amazon Inspector deep inspection custom paths you are adding for your account.
Result Syntax
[
'errorMessage' => '<string>',
'orgPackagePaths' => ['<string>', ...],
'packagePaths' => ['<string>', ...],
'status' => 'ACTIVATED|DEACTIVATED|PENDING|FAILED',
]
Result Details
Members
- errorMessage
-
- Type: string
An error message explaining why new Amazon Inspector deep inspection custom paths could not be added.
- orgPackagePaths
-
- Type: Array of strings
The current Amazon Inspector deep inspection custom paths for the organization.
- packagePaths
-
- Type: Array of strings
The current Amazon Inspector deep inspection custom paths for your account.
- status
-
- Type: string
The status of Amazon Inspector deep inspection in your account.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
UpdateEncryptionKey
$result = $client->updateEncryptionKey([/* ... */]); $promise = $client->updateEncryptionKeyAsync([/* ... */]);
Updates an encryption key. A ResourceNotFoundException means that an Amazon Web Services owned key is being used for encryption.
Parameter Syntax
$result = $client->updateEncryptionKey([
'kmsKeyId' => '<string>', // REQUIRED
'resourceType' => 'AWS_EC2_INSTANCE|AWS_ECR_CONTAINER_IMAGE|AWS_ECR_REPOSITORY|AWS_LAMBDA_FUNCTION|CODE_REPOSITORY', // REQUIRED
'scanType' => 'NETWORK|PACKAGE|CODE', // REQUIRED
]);
Parameter Details
Members
- kmsKeyId
-
- Required: Yes
- Type: string
A KMS key ID for the encryption key.
- resourceType
-
- Required: Yes
- Type: string
The resource type for the encryption key.
- scanType
-
- Required: Yes
- Type: string
The scan type for the encryption key.
Result Syntax
[]
Result Details
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
UpdateFilter
$result = $client->updateFilter([/* ... */]); $promise = $client->updateFilterAsync([/* ... */]);
Specifies the action that is to be applied to the findings that match the filter.
Parameter Syntax
$result = $client->updateFilter([
'action' => 'NONE|SUPPRESS',
'description' => '<string>',
'filterArn' => '<string>', // REQUIRED
'filterCriteria' => [
'awsAccountId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'codeRepositoryProjectName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'codeRepositoryProviderType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'codeVulnerabilityDetectorName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'codeVulnerabilityDetectorTags' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'codeVulnerabilityFilePath' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'componentId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'componentType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ec2InstanceImageId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ec2InstanceSubnetId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ec2InstanceVpcId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrImageArchitecture' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrImageHash' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrImageInUseCount' => [
[
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
// ...
],
'ecrImageLastInUseAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'ecrImagePushedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'ecrImageRegistry' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrImageRepositoryName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'ecrImageTags' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'epssScore' => [
[
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
// ...
],
'exploitAvailable' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'findingArn' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'findingStatus' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'findingType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'firstObservedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'fixAvailable' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'inspectorScore' => [
[
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
// ...
],
'lambdaFunctionExecutionRoleArn' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lambdaFunctionLastModifiedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'lambdaFunctionLayers' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lambdaFunctionName' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lambdaFunctionRuntime' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'lastObservedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'networkProtocol' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'portRange' => [
[
'beginInclusive' => <integer>,
'endInclusive' => <integer>,
],
// ...
],
'relatedVulnerabilities' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'resourceId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'resourceTags' => [
[
'comparison' => 'EQUALS', // REQUIRED
'key' => '<string>', // REQUIRED
'value' => '<string>',
],
// ...
],
'resourceType' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'severity' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'title' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'updatedAt' => [
[
'endInclusive' => <integer || string || DateTime>,
'startInclusive' => <integer || string || DateTime>,
],
// ...
],
'vendorSeverity' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'vulnerabilityId' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'vulnerabilitySource' => [
[
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
// ...
],
'vulnerablePackages' => [
[
'architecture' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'epoch' => [
'lowerInclusive' => <float>,
'upperInclusive' => <float>,
],
'filePath' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'name' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'release' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'sourceLambdaLayerArn' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'sourceLayerHash' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
'version' => [
'comparison' => 'EQUALS|PREFIX|NOT_EQUALS', // REQUIRED
'value' => '<string>', // REQUIRED
],
],
// ...
],
],
'name' => '<string>',
'reason' => '<string>',
]);
Parameter Details
Members
- action
-
- Type: string
Specifies the action that is to be applied to the findings that match the filter.
- description
-
- Type: string
A description of the filter.
- filterArn
-
- Required: Yes
- Type: string
The Amazon Resource Number (ARN) of the filter to update.
- filterCriteria
-
- Type: FilterCriteria structure
Defines the criteria to be update in the filter.
- name
-
- Type: string
The name of the filter.
- reason
-
- Type: string
The reason the filter was updated.
Result Syntax
[
'arn' => '<string>',
]
Result Details
Members
- arn
-
- Required: Yes
- Type: string
The Amazon Resource Number (ARN) of the successfully updated filter.
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ResourceNotFoundException:
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
UpdateOrgEc2DeepInspectionConfiguration
$result = $client->updateOrgEc2DeepInspectionConfiguration([/* ... */]); $promise = $client->updateOrgEc2DeepInspectionConfigurationAsync([/* ... */]);
Updates the Amazon Inspector deep inspection custom paths for your organization. You must be an Amazon Inspector delegated administrator to use this API.
Parameter Syntax
$result = $client->updateOrgEc2DeepInspectionConfiguration([
'orgPackagePaths' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
- orgPackagePaths
-
- Required: Yes
- Type: Array of strings
The Amazon Inspector deep inspection custom paths you are adding for your organization.
Result Syntax
[]
Result Details
Errors
- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
UpdateOrganizationConfiguration
$result = $client->updateOrganizationConfiguration([/* ... */]); $promise = $client->updateOrganizationConfigurationAsync([/* ... */]);
Updates the configurations for your Amazon Inspector organization.
Parameter Syntax
$result = $client->updateOrganizationConfiguration([
'autoEnable' => [ // REQUIRED
'codeRepository' => true || false,
'ec2' => true || false, // REQUIRED
'ecr' => true || false, // REQUIRED
'lambda' => true || false,
'lambdaCode' => true || false,
],
]);
Parameter Details
Members
- autoEnable
-
- Required: Yes
- Type: AutoEnable structure
Defines which scan types are enabled automatically for new members of your Amazon Inspector organization.
Result Syntax
[
'autoEnable' => [
'codeRepository' => true || false,
'ec2' => true || false,
'ecr' => true || false,
'lambda' => true || false,
'lambdaCode' => true || false,
],
]
Result Details
Members
- autoEnable
-
- Required: Yes
- Type: AutoEnable structure
The updated status of scan types automatically enabled for new members of your Amazon Inspector organization.
Errors
- AccessDeniedException:
You do not have sufficient access to perform this action.
For
Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.- ValidationException:
The request has failed validation due to missing required fields or having invalid inputs.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- InternalServerException:
The request has failed due to an internal failure of the Amazon Inspector service.
Shapes
AccessDeniedException
Description
You do not have sufficient access to perform this action.
For Enable, you receive this error if you attempt to use a feature in an unsupported Amazon Web Services Region.
Members
- message
-
- Required: Yes
- Type: string
Account
Description
An Amazon Web Services account within your environment that Amazon Inspector has been enabled for.
Members
- accountId
-
- Required: Yes
- Type: string
The ID of the Amazon Web Services account.
- resourceStatus
-
- Required: Yes
- Type: ResourceStatus structure
Details of the status of Amazon Inspector scans by resource type.
- status
-
- Required: Yes
- Type: string
The status of Amazon Inspector for the account.
AccountAggregation
Description
An object that contains details about an aggregation response based on Amazon Web Services accounts.
Members
- findingType
-
- Type: string
The type of finding.
- resourceType
-
- Type: string
The type of resource.
- sortBy
-
- Type: string
The value to sort by.
- sortOrder
-
- Type: string
The sort order (ascending or descending).
AccountAggregationResponse
Description
An aggregation of findings by Amazon Web Services account ID.
Members
- accountId
-
- Type: string
The Amazon Web Services account ID.
- exploitAvailableCount
-
- Type: long (int|float)
The number of findings that have an exploit available.
- fixAvailableCount
-
- Type: long (int|float)
Details about the number of fixes.
- severityCounts
-
- Type: SeverityCounts structure
The number of findings by severity.
AccountState
Description
An object with details the status of an Amazon Web Services account within your Amazon Inspector environment.
Members
- accountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID.
- resourceState
-
- Required: Yes
- Type: ResourceState structure
An object detailing which resources Amazon Inspector is enabled to scan for the account.
- state
-
- Required: Yes
- Type: State structure
An object detailing the status of Amazon Inspector for the account.
AggregationRequest
Description
Contains details about an aggregation request.
Members
- accountAggregation
-
- Type: AccountAggregation structure
An object that contains details about an aggregation request based on Amazon Web Services account IDs.
- amiAggregation
-
- Type: AmiAggregation structure
An object that contains details about an aggregation request based on Amazon Machine Images (AMIs).
- awsEcrContainerAggregation
-
- Type: AwsEcrContainerAggregation structure
An object that contains details about an aggregation request based on Amazon ECR container images.
- codeRepositoryAggregation
-
- Type: CodeRepositoryAggregation structure
An object that contains details about an aggregation request based on code repositories.
- ec2InstanceAggregation
-
- Type: Ec2InstanceAggregation structure
An object that contains details about an aggregation request based on Amazon EC2 instances.
- findingTypeAggregation
-
- Type: FindingTypeAggregation structure
An object that contains details about an aggregation request based on finding types.
- imageLayerAggregation
-
- Type: ImageLayerAggregation structure
An object that contains details about an aggregation request based on container image layers.
- lambdaFunctionAggregation
-
- Type: LambdaFunctionAggregation structure
Returns an object with findings aggregated by Amazon Web Services Lambda function.
- lambdaLayerAggregation
-
- Type: LambdaLayerAggregation structure
Returns an object with findings aggregated by Amazon Web Services Lambda layer.
- packageAggregation
-
- Type: PackageAggregation structure
An object that contains details about an aggregation request based on operating system package type.
- repositoryAggregation
-
- Type: RepositoryAggregation structure
An object that contains details about an aggregation request based on Amazon ECR repositories.
- titleAggregation
-
- Type: TitleAggregation structure
An object that contains details about an aggregation request based on finding title.
AggregationResponse
Description
A structure that contains details about the results of an aggregation type.
Members
- accountAggregation
-
- Type: AccountAggregationResponse structure
An object that contains details about an aggregation response based on Amazon Web Services account IDs.
- amiAggregation
-
- Type: AmiAggregationResponse structure
An object that contains details about an aggregation response based on Amazon Machine Images (AMIs).
- awsEcrContainerAggregation
-
- Type: AwsEcrContainerAggregationResponse structure
An object that contains details about an aggregation response based on Amazon ECR container images.
- codeRepositoryAggregation
-
- Type: CodeRepositoryAggregationResponse structure
An object that contains details about an aggregation response based on code repositories.
- ec2InstanceAggregation
-
- Type: Ec2InstanceAggregationResponse structure
An object that contains details about an aggregation response based on Amazon EC2 instances.
- findingTypeAggregation
-
- Type: FindingTypeAggregationResponse structure
An object that contains details about an aggregation response based on finding types.
- imageLayerAggregation
-
- Type: ImageLayerAggregationResponse structure
An object that contains details about an aggregation response based on container image layers.
- lambdaFunctionAggregation
-
- Type: LambdaFunctionAggregationResponse structure
An aggregation of findings by Amazon Web Services Lambda function.
- lambdaLayerAggregation
-
- Type: LambdaLayerAggregationResponse structure
An aggregation of findings by Amazon Web Services Lambda layer.
- packageAggregation
-
- Type: PackageAggregationResponse structure
An object that contains details about an aggregation response based on operating system package type.
- repositoryAggregation
-
- Type: RepositoryAggregationResponse structure
An object that contains details about an aggregation response based on Amazon ECR repositories.
- titleAggregation
-
- Type: TitleAggregationResponse structure
An object that contains details about an aggregation response based on finding title.
AmiAggregation
Description
The details that define an aggregation based on Amazon machine images (AMIs).
Members
- amis
-
- Type: Array of StringFilter structures
The IDs of AMIs to aggregate findings for.
- sortBy
-
- Type: string
The value to sort results by.
- sortOrder
-
- Type: string
The order to sort results by.
AmiAggregationResponse
Description
A response that contains the results of a finding aggregation by AMI.
Members
- accountId
-
- Type: string
The Amazon Web Services account ID for the AMI.
- affectedInstances
-
- Type: long (int|float)
The IDs of Amazon EC2 instances using this AMI.
- ami
-
- Required: Yes
- Type: string
The ID of the AMI that findings were aggregated for.
- severityCounts
-
- Type: SeverityCounts structure
An object that contains the count of matched findings per severity.
AssociateConfigurationRequest
Description
Contains details about a request to associate a code repository with a scan configuration.
Members
- resource
-
- Required: Yes
- Type: CodeSecurityResource structure
Identifies a specific resource in a code repository that will be scanned.
- scanConfigurationArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the scan configuration.
AtigData
Description
The Amazon Web Services Threat Intel Group (ATIG) details for a specific vulnerability.
Members
- firstSeen
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time this vulnerability was first observed.
- lastSeen
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time this vulnerability was last observed.
- targets
-
- Type: Array of strings
The commercial sectors this vulnerability targets.
- ttps
-
- Type: Array of strings
The MITRE ATT&CK tactics, techniques, and procedures (TTPs) associated with vulnerability.
AutoEnable
Description
Represents which scan types are automatically enabled for new members of your Amazon Inspector organization.
Members
- codeRepository
-
- Type: boolean
Represents whether code repository scans are automatically enabled for new members of your Amazon Inspector organization.
- ec2
-
- Required: Yes
- Type: boolean
Represents whether Amazon EC2 scans are automatically enabled for new members of your Amazon Inspector organization.
- ecr
-
- Required: Yes
- Type: boolean
Represents whether Amazon ECR scans are automatically enabled for new members of your Amazon Inspector organization.
- lambda
-
- Type: boolean
Represents whether Amazon Web Services Lambda standard scans are automatically enabled for new members of your Amazon Inspector organization.
- lambdaCode
-
- Type: boolean
Represents whether Lambda code scans are automatically enabled for new members of your Amazon Inspector organization.
AwsEc2InstanceDetails
Description
Details of the Amazon EC2 instance involved in a finding.
Members
- iamInstanceProfileArn
-
- Type: string
The IAM instance profile ARN of the Amazon EC2 instance.
- imageId
-
- Type: string
The image ID of the Amazon EC2 instance.
- ipV4Addresses
-
- Type: Array of strings
The IPv4 addresses of the Amazon EC2 instance.
- ipV6Addresses
-
- Type: Array of strings
The IPv6 addresses of the Amazon EC2 instance.
- keyName
-
- Type: string
The name of the key pair used to launch the Amazon EC2 instance.
- launchedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the Amazon EC2 instance was launched at.
- platform
-
- Type: string
The platform of the Amazon EC2 instance.
- subnetId
-
- Type: string
The subnet ID of the Amazon EC2 instance.
- type
-
- Type: string
The type of the Amazon EC2 instance.
- vpcId
-
- Type: string
The VPC ID of the Amazon EC2 instance.
AwsEcrContainerAggregation
Description
An aggregation of information about Amazon ECR containers.
Members
- architectures
-
- Type: Array of StringFilter structures
The architecture of the containers.
- imageShas
-
- Type: Array of StringFilter structures
The image SHA values.
- imageTags
-
- Type: Array of StringFilter structures
The image tags.
- inUseCount
-
- Type: Array of NumberFilter structures
The number of Amazon ECS tasks or Amazon EKS pods where the Amazon ECR container image is in use.
- lastInUseAt
-
- Type: Array of DateFilter structures
The last time an Amazon ECR image was used in an Amazon ECS task or Amazon EKS pod.
- repositories
-
- Type: Array of StringFilter structures
The container repositories.
- resourceIds
-
- Type: Array of StringFilter structures
The container resource IDs.
- sortBy
-
- Type: string
The value to sort by.
- sortOrder
-
- Type: string
The sort order (ascending or descending).
AwsEcrContainerAggregationResponse
Description
An aggregation of information about Amazon ECR containers.
Members
- accountId
-
- Type: string
The Amazon Web Services account ID of the account that owns the container.
- architecture
-
- Type: string
The architecture of the container.
- imageSha
-
- Type: string
The SHA value of the container image.
- imageTags
-
- Type: Array of strings
The container image stags.
- inUseCount
-
- Type: long (int|float)
The number of Amazon ECS tasks or Amazon EKS pods where the Amazon ECR container image is in use.
- lastInUseAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The last time an Amazon ECR image was used in an Amazon ECS task or Amazon EKS pod.
- repository
-
- Type: string
The container repository.
- resourceId
-
- Required: Yes
- Type: string
The resource ID of the container.
- severityCounts
-
- Type: SeverityCounts structure
The number of finding by severity.
AwsEcrContainerImageDetails
Description
The image details of the Amazon ECR container image.
Members
- architecture
-
- Type: string
The architecture of the Amazon ECR container image.
- author
-
- Type: string
The image author of the Amazon ECR container image.
- imageHash
-
- Required: Yes
- Type: string
The image hash of the Amazon ECR container image.
- imageTags
-
- Type: Array of strings
The image tags attached to the Amazon ECR container image.
- inUseCount
-
- Type: long (int|float)
The number of Amazon ECS tasks or Amazon EKS pods where the Amazon ECR container image is in use.
- lastInUseAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The last time an Amazon ECR image was used in an Amazon ECS task or Amazon EKS pod.
- platform
-
- Type: string
The platform of the Amazon ECR container image.
- pushedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the Amazon ECR container image was pushed.
- registry
-
- Required: Yes
- Type: string
The registry for the Amazon ECR container image.
- repositoryName
-
- Required: Yes
- Type: string
The name of the repository the Amazon ECR container image resides in.
AwsEcsMetadataDetails
Description
Metadata about tasks where an image was in use.
Members
- detailsGroup
-
- Required: Yes
- Type: string
The details group information for a task in a cluster.
- taskDefinitionArn
-
- Required: Yes
- Type: string
The task definition ARN.
AwsEksMetadataDetails
Description
The metadata for an Amazon EKS pod where an Amazon ECR image is in use.
Members
- namespace
-
- Type: string
The namespace for an Amazon EKS cluster.
- workloadInfoList
-
- Type: Array of AwsEksWorkloadInfo structures
The list of workloads.
AwsEksWorkloadInfo
Description
Information about the workload.
Members
- name
-
- Required: Yes
- Type: string
The name of the workload.
- type
-
- Required: Yes
- Type: string
The workload type.
AwsLambdaFunctionDetails
Description
A summary of information about the Amazon Web Services Lambda function.
Members
- architectures
-
- Type: Array of strings
The instruction set architecture that the Amazon Web Services Lambda function supports. Architecture is a string array with one of the valid values. The default architecture value is
x86_64. - codeSha256
-
- Required: Yes
- Type: string
The SHA256 hash of the Amazon Web Services Lambda function's deployment package.
- executionRoleArn
-
- Required: Yes
- Type: string
The Amazon Web Services Lambda function's execution role.
- functionName
-
- Required: Yes
- Type: string
The name of the Amazon Web Services Lambda function.
- lastModifiedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that a user last updated the configuration, in ISO 8601 format
- layers
-
- Type: Array of strings
The Amazon Web Services Lambda function's layers. A Lambda function can have up to five layers.
- packageType
-
- Type: string
The type of deployment package. Set to
Imagefor container image and setZipfor .zip file archive. - runtime
-
- Required: Yes
- Type: string
The runtime environment for the Amazon Web Services Lambda function.
- version
-
- Required: Yes
- Type: string
The version of the Amazon Web Services Lambda function.
- vpcConfig
-
- Type: LambdaVpcConfig structure
The Amazon Web Services Lambda function's networking configuration.
BadRequestException
Description
One or more tags submitted as part of the request is not valid.
Members
- message
-
- Required: Yes
- Type: string
CisCheckAggregation
Description
A CIS check.
Members
- accountId
-
- Type: string
The account ID for the CIS check.
- checkDescription
-
- Type: string
The description for the CIS check.
- checkId
-
- Type: string
The check ID for the CIS check.
- level
-
- Type: string
The CIS check level.
- platform
-
- Type: string
The CIS check platform.
- scanArn
-
- Required: Yes
- Type: string
The scan ARN for the CIS check scan ARN.
- statusCounts
-
- Type: StatusCounts structure
The CIS check status counts.
- title
-
- Type: string
The CIS check title.
CisDateFilter
Description
The CIS date filter.
Members
- earliestScanStartTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The CIS date filter's earliest scan start time.
- latestScanStartTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The CIS date filter's latest scan start time.
CisFindingStatusFilter
Description
The CIS finding status filter.
Members
- comparison
-
- Required: Yes
- Type: string
The comparison value of the CIS finding status filter.
- value
-
- Required: Yes
- Type: string
The value of the CIS finding status filter.
CisNumberFilter
Description
The CIS number filter.
Members
- lowerInclusive
-
- Type: int
The CIS number filter's lower inclusive.
- upperInclusive
-
- Type: int
The CIS number filter's upper inclusive.
CisResultStatusFilter
Description
The CIS result status filter.
Members
- comparison
-
- Required: Yes
- Type: string
The comparison value of the CIS result status filter.
- value
-
- Required: Yes
- Type: string
The value of the CIS result status filter.
CisScan
Description
The CIS scan.
Members
- failedChecks
-
- Type: int
The CIS scan's failed checks.
- scanArn
-
- Required: Yes
- Type: string
The CIS scan's ARN.
- scanConfigurationArn
-
- Required: Yes
- Type: string
The CIS scan's configuration ARN.
- scanDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The CIS scan's date.
- scanName
-
- Type: string
The the name of the scan configuration that's associated with this scan.
- scheduledBy
-
- Type: string
The account or organization that schedules the CIS scan.
- securityLevel
-
- Type: string
The security level for the CIS scan. Security level refers to the Benchmark levels that CIS assigns to a profile.
- status
-
- Type: string
The CIS scan's status.
- targets
-
- Type: CisTargets structure
The CIS scan's targets.
- totalChecks
-
- Type: int
The CIS scan's total checks.
CisScanConfiguration
Description
The CIS scan configuration.
Members
- ownerId
-
- Type: string
The CIS scan configuration's owner ID.
- scanConfigurationArn
-
- Required: Yes
- Type: string
The CIS scan configuration's scan configuration ARN.
- scanName
-
- Type: string
The name of the CIS scan configuration.
- schedule
-
- Type: Schedule structure
The CIS scan configuration's schedule.
- securityLevel
-
- Type: string
The CIS scan configuration's security level.
- tags
-
- Type: Associative array of custom strings keys (MapKey) to strings
The CIS scan configuration's tags.
- targets
-
- Type: CisTargets structure
The CIS scan configuration's targets.
CisScanResultDetails
Description
The CIS scan result details.
Members
- accountId
-
- Type: string
The CIS scan result details' account ID.
- checkDescription
-
- Type: string
The account ID that's associated with the CIS scan result details.
- checkId
-
- Type: string
The CIS scan result details' check ID.
- findingArn
-
- Type: string
The CIS scan result details' finding ARN.
- level
-
- Type: string
The CIS scan result details' level.
- platform
-
- Type: string
The CIS scan result details' platform.
- remediation
-
- Type: string
The CIS scan result details' remediation.
- scanArn
-
- Required: Yes
- Type: string
The CIS scan result details' scan ARN.
- status
-
- Type: string
The CIS scan result details' status.
- statusReason
-
- Type: string
The CIS scan result details' status reason.
- targetResourceId
-
- Type: string
The CIS scan result details' target resource ID.
- title
-
- Type: string
The CIS scan result details' title.
CisScanResultDetailsFilterCriteria
Description
The CIS scan result details filter criteria.
Members
- checkIdFilters
-
- Type: Array of CisStringFilter structures
The criteria's check ID filters.
- findingArnFilters
-
- Type: Array of CisStringFilter structures
The criteria's finding ARN filters.
- findingStatusFilters
-
- Type: Array of CisFindingStatusFilter structures
The criteria's finding status filters.
- securityLevelFilters
-
- Type: Array of CisSecurityLevelFilter structures
The criteria's security level filters. . Security level refers to the Benchmark levels that CIS assigns to a profile.
- titleFilters
-
- Type: Array of CisStringFilter structures
The criteria's title filters.
CisScanResultsAggregatedByChecksFilterCriteria
Description
The scan results aggregated by checks filter criteria.
Members
- accountIdFilters
-
- Type: Array of CisStringFilter structures
The criteria's account ID filters.
- checkIdFilters
-
- Type: Array of CisStringFilter structures
The criteria's check ID filters.
- failedResourcesFilters
-
- Type: Array of CisNumberFilter structures
The criteria's failed resources filters.
- platformFilters
-
- Type: Array of CisStringFilter structures
The criteria's platform filters.
- securityLevelFilters
-
- Type: Array of CisSecurityLevelFilter structures
The criteria's security level filters.
- titleFilters
-
- Type: Array of CisStringFilter structures
The criteria's title filters.
CisScanResultsAggregatedByTargetResourceFilterCriteria
Description
The scan results aggregated by target resource filter criteria.
Members
- accountIdFilters
-
- Type: Array of CisStringFilter structures
The criteria's account ID filters.
- checkIdFilters
-
- Type: Array of CisStringFilter structures
The criteria's check ID filters.
- failedChecksFilters
-
- Type: Array of CisNumberFilter structures
The criteria's failed checks filters.
- platformFilters
-
- Type: Array of CisStringFilter structures
The criteria's platform filters.
- statusFilters
-
- Type: Array of CisResultStatusFilter structures
The criteria's status filter.
- targetResourceIdFilters
-
- Type: Array of CisStringFilter structures
The criteria's target resource ID filters.
- targetResourceTagFilters
-
- Type: Array of TagFilter structures
The criteria's target resource tag filters.
- targetStatusFilters
-
- Type: Array of CisTargetStatusFilter structures
The criteria's target status filters.
- targetStatusReasonFilters
-
- Type: Array of CisTargetStatusReasonFilter structures
The criteria's target status reason filters.
CisScanStatusFilter
Description
The CIS scan status filter.
Members
- comparison
-
- Required: Yes
- Type: string
The filter comparison value.
- value
-
- Required: Yes
- Type: string
The filter value.
CisSecurityLevelFilter
Description
The CIS security level filter. Security level refers to the Benchmark levels that CIS assigns to a profile.
Members
- comparison
-
- Required: Yes
- Type: string
The CIS security filter comparison value.
- value
-
- Required: Yes
- Type: string
The CIS security filter value.
CisSessionMessage
Description
The CIS session message.
Members
- cisRuleDetails
-
- Required: Yes
- Type: blob (string|resource|Psr\Http\Message\StreamInterface)
The CIS rule details for the CIS session message.
- ruleId
-
- Required: Yes
- Type: string
The rule ID for the CIS session message.
- status
-
- Required: Yes
- Type: string
The status of the CIS session message.
CisStringFilter
Description
The CIS string filter.
Members
- comparison
-
- Required: Yes
- Type: string
The comparison value of the CIS string filter.
- value
-
- Required: Yes
- Type: string
The value of the CIS string filter.
CisTargetResourceAggregation
Description
The CIS target resource aggregation.
Members
- accountId
-
- Type: string
The account ID for the CIS target resource.
- platform
-
- Type: string
The platform for the CIS target resource.
- scanArn
-
- Required: Yes
- Type: string
The scan ARN for the CIS target resource.
- statusCounts
-
- Type: StatusCounts structure
The target resource status counts.
- targetResourceId
-
- Type: string
The ID of the target resource.
- targetResourceTags
-
- Type: Associative array of custom strings keys (TargetResourceTagsKey) to stringss
The tag for the target resource.
- targetStatus
-
- Type: string
The status of the target resource.
- targetStatusReason
-
- Type: string
The reason for the target resource.
CisTargetStatusFilter
Description
The CIS target status filter.
Members
- comparison
-
- Required: Yes
- Type: string
The comparison value of the CIS target status filter.
- value
-
- Required: Yes
- Type: string
The value of the CIS target status filter.
CisTargetStatusReasonFilter
Description
The CIS target status reason filter.
Members
- comparison
-
- Required: Yes
- Type: string
The comparison value of the CIS target status reason filter.
- value
-
- Required: Yes
- Type: string
The value of the CIS target status reason filter.
CisTargets
Description
The CIS targets.
Members
- accountIds
-
- Type: Array of strings
The CIS target account ids.
- targetResourceTags
-
- Type: Associative array of custom strings keys (TargetResourceTagsKey) to stringss
The CIS target resource tags.
CisaData
Description
The Cybersecurity and Infrastructure Security Agency (CISA) details for a specific vulnerability.
Members
- action
-
- Type: string
The remediation action recommended by CISA for this vulnerability.
- dateAdded
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time CISA added this vulnerability to their catalogue.
- dateDue
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time CISA expects a fix to have been provided vulnerability.
ClusterDetails
Description
Details about the task or pod in the cluster.
Members
- clusterMetadata
-
- Required: Yes
- Type: ClusterMetadata structure
The metadata for a cluster.
- lastInUse
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The last timestamp when Amazon Inspector recorded the image in use in the task or pod in the cluster.
- runningUnitCount
-
- Type: long (int|float)
The number of tasks or pods where an image was running on the cluster.
- stoppedUnitCount
-
- Type: long (int|float)
The number of tasks or pods where an image was stopped on the cluster in the last 24 hours.
ClusterForImageFilterCriteria
Description
The filter criteria to be used.
Members
- resourceId
-
- Required: Yes
- Type: string
The resource Id to be used in the filter criteria.
ClusterInformation
Description
Information about the cluster.
Members
- clusterArn
-
- Required: Yes
- Type: string
The cluster ARN.
- clusterDetails
-
- Type: Array of ClusterDetails structures
Details about the cluster.
ClusterMetadata
Description
The metadata for a cluster.
Members
- awsEcsMetadataDetails
-
- Type: AwsEcsMetadataDetails structure
The details for an Amazon ECS cluster in the cluster metadata.
- awsEksMetadataDetails
-
- Type: AwsEksMetadataDetails structure
The details for an Amazon EKS cluster in the cluster metadata.
CodeFilePath
Description
Contains information on where a code vulnerability is located in your Lambda function.
Members
- endLine
-
- Required: Yes
- Type: int
The line number of the last line of code that a vulnerability was found in.
- fileName
-
- Required: Yes
- Type: string
The name of the file the code vulnerability was found in.
- filePath
-
- Required: Yes
- Type: string
The file path to the code that a vulnerability was found in.
- startLine
-
- Required: Yes
- Type: int
The line number of the first line of code that a vulnerability was found in.
CodeLine
Description
Contains information on the lines of code associated with a code snippet.
Members
- content
-
- Required: Yes
- Type: string
The content of a line of code
- lineNumber
-
- Required: Yes
- Type: int
The line number that a section of code is located at.
CodeRepositoryAggregation
Description
The details that define an aggregation based on code repositories.
Members
- projectNames
-
- Type: Array of StringFilter structures
The project names to include in the aggregation results.
- providerTypes
-
- Type: Array of StringFilter structures
The repository provider types to include in the aggregation results.
- resourceIds
-
- Type: Array of StringFilter structures
The resource IDs to include in the aggregation results.
- sortBy
-
- Type: string
The value to sort results by in the code repository aggregation.
- sortOrder
-
- Type: string
The order to sort results by (ascending or descending) in the code repository aggregation.
CodeRepositoryAggregationResponse
Description
A response that contains the results of a finding aggregation by code repository.
Members
- accountId
-
- Type: string
The Amazon Web Services account ID associated with the code repository.
- exploitAvailableActiveFindingsCount
-
- Type: long (int|float)
The number of active findings that have an exploit available for the code repository.
- fixAvailableActiveFindingsCount
-
- Type: long (int|float)
The number of active findings that have a fix available for the code repository.
- projectNames
-
- Required: Yes
- Type: string
The names of the projects associated with the code repository.
- providerType
-
- Type: string
The type of repository provider for the code repository.
- resourceId
-
- Type: string
The resource ID of the code repository.
- severityCounts
-
- Type: SeverityCounts structure
An object that contains the counts of aggregated finding per severity.
CodeRepositoryDetails
Description
Contains details about a code repository associated with a finding.
Members
- integrationArn
-
- Type: string
The Amazon Resource Name (ARN) of the code security integration associated with the repository.
- projectName
-
- Type: string
The name of the project in the code repository.
- providerType
-
- Type: string
The type of repository provider (such as GitHub, GitLab, etc.).
CodeRepositoryMetadata
Description
Contains metadata information about a code repository that is being scanned by Amazon Inspector.
Members
- integrationArn
-
- Type: string
The Amazon Resource Name (ARN) of the code security integration associated with the repository.
- lastScannedCommitId
-
- Type: string
The ID of the last commit that was scanned in the repository.
- onDemandScan
-
- Type: CodeRepositoryOnDemandScan structure
Information about on-demand scans performed on the repository.
- projectName
-
- Required: Yes
- Type: string
The name of the project in the code repository.
- providerType
-
- Required: Yes
- Type: string
The type of repository provider (such as GitHub, GitLab, etc.).
- providerTypeVisibility
-
- Required: Yes
- Type: string
The visibility setting of the repository (public or private).
- scanConfiguration
-
- Type: ProjectCodeSecurityScanConfiguration structure
The scan configuration settings applied to the code repository.
CodeRepositoryOnDemandScan
Description
Contains information about on-demand scans performed on a code repository.
Members
- lastScanAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the last on-demand scan was performed.
- lastScannedCommitId
-
- Type: string
The ID of the last commit that was scanned during an on-demand scan.
- scanStatus
-
- Type: ScanStatus structure
The status of the scan.
CodeSecurityIntegrationSummary
Description
A summary of information about a code security integration.
Members
- createdOn
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the code security integration was created.
- integrationArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the code security integration.
- lastUpdateOn
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp when the code security integration was last updated.
- name
-
- Required: Yes
- Type: string
The name of the code security integration.
- status
-
- Required: Yes
- Type: string
The current status of the code security integration.
- statusReason
-
- Required: Yes
- Type: string
The reason for the current status of the code security integration.
- tags
-
- Type: Associative array of custom strings keys (MapKey) to strings
The tags associated with the code security integration.
- type
-
- Required: Yes
- Type: string
The type of repository provider for the integration.
CodeSecurityResource
Description
Identifies a specific resource in a code repository that will be scanned.
Members
- projectId
-
- Type: string
The unique identifier of the project in the code repository.
CodeSecurityScanConfiguration
Description
Contains the configuration settings for code security scans.
Members
- continuousIntegrationScanConfiguration
-
- Type: ContinuousIntegrationScanConfiguration structure
Configuration settings for continuous integration scans that run automatically when code changes are made.
- periodicScanConfiguration
-
- Type: PeriodicScanConfiguration structure
Configuration settings for periodic scans that run on a scheduled basis.
- ruleSetCategories
-
- Required: Yes
- Type: Array of strings
The categories of security rules to be applied during the scan.
CodeSecurityScanConfigurationAssociationSummary
Description
A summary of an association between a code repository and a scan configuration.
Members
- resource
-
- Type: CodeSecurityResource structure
Identifies a specific resource in a code repository that will be scanned.
CodeSecurityScanConfigurationSummary
Description
A summary of information about a code security scan configuration.
Members
- continuousIntegrationScanSupportedEvents
-
- Type: Array of strings
The repository events that trigger continuous integration scans.
- frequencyExpression
-
- Type: string
The schedule expression for periodic scans, in cron format.
- name
-
- Required: Yes
- Type: string
The name of the scan configuration.
- ownerAccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID that owns the scan configuration.
- periodicScanFrequency
-
- Type: string
The frequency at which periodic scans are performed.
- ruleSetCategories
-
- Required: Yes
- Type: Array of strings
The categories of security rules applied during the scan.
- scanConfigurationArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the scan configuration.
- scopeSettings
-
- Type: ScopeSettings structure
The scope settings that define which repositories will be scanned. If the
ScopeSettingparameter isALLthe scan configuration applies to all existing and future projects imported into Amazon Inspector. - tags
-
- Type: Associative array of custom strings keys (MapKey) to strings
The tags associated with the scan configuration.
CodeSnippetError
Description
Contains information about any errors encountered while trying to retrieve a code snippet.
Members
- errorCode
-
- Required: Yes
- Type: string
The error code for the error that prevented a code snippet from being retrieved.
- errorMessage
-
- Required: Yes
- Type: string
The error message received when Amazon Inspector failed to retrieve a code snippet.
- findingArn
-
- Required: Yes
- Type: string
The ARN of the finding that a code snippet couldn't be retrieved for.
CodeSnippetResult
Description
Contains information on a code snippet retrieved by Amazon Inspector from a code vulnerability finding.
Members
- codeSnippet
-
- Type: Array of CodeLine structures
Contains information on the retrieved code snippet.
- endLine
-
- Type: int
The line number of the last line of a code snippet.
- findingArn
-
- Type: string
The ARN of a finding that the code snippet is associated with.
- startLine
-
- Type: int
The line number of the first line of a code snippet.
- suggestedFixes
-
- Type: Array of SuggestedFix structures
Details of a suggested code fix.
CodeVulnerabilityDetails
Description
Contains information on the code vulnerability identified in your Lambda function.
Members
- cwes
-
- Required: Yes
- Type: Array of strings
The Common Weakness Enumeration (CWE) item associated with the detected vulnerability.
- detectorId
-
- Required: Yes
- Type: string
The ID for the Amazon CodeGuru detector associated with the finding. For more information on detectors see Amazon CodeGuru Detector Library.
- detectorName
-
- Required: Yes
- Type: string
The name of the detector used to identify the code vulnerability. For more information on detectors see CodeGuru Detector Library.
- detectorTags
-
- Type: Array of strings
The detector tag associated with the vulnerability. Detector tags group related vulnerabilities by common themes or tactics. For a list of available tags by programming language, see Java tags, or Python tags.
- filePath
-
- Required: Yes
- Type: CodeFilePath structure
Contains information on where the code vulnerability is located in your code.
- referenceUrls
-
- Type: Array of strings
A URL containing supporting documentation about the code vulnerability detected.
- ruleId
-
- Type: string
The identifier for a rule that was used to detect the code vulnerability.
- sourceLambdaLayerArn
-
- Type: string
The Amazon Resource Name (ARN) of the Lambda layer that the code vulnerability was detected in.
ComputePlatform
Description
A compute platform.
Members
- product
-
- Type: string
The compute platform product.
- vendor
-
- Type: string
The compute platform vendor.
- version
-
- Type: string
The compute platform version.
ConflictException
Description
A conflict occurred. This exception occurs when the same resource is being modified by concurrent requests.
Members
- message
-
- Required: Yes
- Type: string
- resourceId
-
- Required: Yes
- Type: string
The ID of the conflicting resource.
- resourceType
-
- Required: Yes
- Type: string
The type of the conflicting resource.
ContinuousIntegrationScanConfiguration
Description
Configuration settings for continuous integration scans that run automatically when code changes are made.
Members
- supportedEvents
-
- Required: Yes
- Type: Array of strings
The repository events that trigger continuous integration scans, such as pull requests or commits.
Counts
Description
a structure that contains information on the count of resources within a group.
Members
- count
-
- Type: long (int|float)
The number of resources.
- groupKey
-
- Type: string
The key associated with this group
CoverageDateFilter
Description
Contains details of a coverage date filter.
Members
- endInclusive
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
A timestamp representing the end of the time period to filter results by.
- startInclusive
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
A timestamp representing the start of the time period to filter results by.
CoverageFilterCriteria
Description
A structure that identifies filter criteria for GetCoverageStatistics.
Members
- accountId
-
- Type: Array of CoverageStringFilter structures
An array of Amazon Web Services account IDs to return coverage statistics for.
- codeRepositoryProjectName
-
- Type: Array of CoverageStringFilter structures
Filter criteria for code repositories based on project name.
- codeRepositoryProviderType
-
- Type: Array of CoverageStringFilter structures
Filter criteria for code repositories based on provider type (such as GitHub, GitLab, etc.).
- codeRepositoryProviderTypeVisibility
-
- Type: Array of CoverageStringFilter structures
Filter criteria for code repositories based on visibility setting (public or private).
- ec2InstanceTags
-
- Type: Array of CoverageMapFilter structures
The Amazon EC2 instance tags to filter on.
- ecrImageInUseCount
-
- Type: Array of CoverageNumberFilter structures
The number of Amazon ECR images in use.
- ecrImageLastInUseAt
-
- Type: Array of CoverageDateFilter structures
The Amazon ECR image that was last in use.
- ecrImageTags
-
- Type: Array of CoverageStringFilter structures
The Amazon ECR image tags to filter on.
- ecrRepositoryName
-
- Type: Array of CoverageStringFilter structures
The Amazon ECR repository name to filter on.
- imagePulledAt
-
- Type: Array of CoverageDateFilter structures
The date an image was last pulled at.
- lambdaFunctionName
-
- Type: Array of CoverageStringFilter structures
Returns coverage statistics for Amazon Web Services Lambda functions filtered by function names.
- lambdaFunctionRuntime
-
- Type: Array of CoverageStringFilter structures
Returns coverage statistics for Amazon Web Services Lambda functions filtered by runtime.
- lambdaFunctionTags
-
- Type: Array of CoverageMapFilter structures
Returns coverage statistics for Amazon Web Services Lambda functions filtered by tag.
- lastScannedAt
-
- Type: Array of CoverageDateFilter structures
Filters Amazon Web Services resources based on whether Amazon Inspector has checked them for vulnerabilities within the specified time range.
- lastScannedCommitId
-
- Type: Array of CoverageStringFilter structures
Filter criteria for code repositories based on the ID of the last scanned commit.
- resourceId
-
- Type: Array of CoverageStringFilter structures
An array of Amazon Web Services resource IDs to return coverage statistics for.
- resourceType
-
- Type: Array of CoverageStringFilter structures
An array of Amazon Web Services resource types to return coverage statistics for. The values can be
AWS_EC2_INSTANCE,AWS_LAMBDA_FUNCTION,AWS_ECR_CONTAINER_IMAGE,AWS_ECR_REPOSITORYorAWS_ACCOUNT. - scanMode
-
- Type: Array of CoverageStringFilter structures
The filter to search for Amazon EC2 instance coverage by scan mode. Valid values are
EC2_SSM_AGENT_BASEDandEC2_AGENTLESS. - scanStatusCode
-
- Type: Array of CoverageStringFilter structures
The scan status code to filter on. Valid values are:
ValidationException,InternalServerException,ResourceNotFoundException,BadRequestException, andThrottlingException. - scanStatusReason
-
- Type: Array of CoverageStringFilter structures
The scan status reason to filter on.
- scanType
-
- Type: Array of CoverageStringFilter structures
An array of Amazon Inspector scan types to return coverage statistics for.
CoverageMapFilter
Description
Contains details of a coverage map filter.
Members
- comparison
-
- Required: Yes
- Type: string
The operator to compare coverage on.
- key
-
- Required: Yes
- Type: string
The tag key associated with the coverage map filter.
- value
-
- Type: string
The tag value associated with the coverage map filter.
CoverageNumberFilter
Description
The coverage number to be used in the filter.
Members
- lowerInclusive
-
- Type: long (int|float)
The lower inclusive for the coverage number.
- upperInclusive
-
- Type: long (int|float)
The upper inclusive for the coverage number.>
CoverageStringFilter
Description
Contains details of a coverage string filter.
Members
- comparison
-
- Required: Yes
- Type: string
The operator to compare strings on.
- value
-
- Required: Yes
- Type: string
The value to compare strings on.
CoveredResource
Description
An object that contains details about a resource covered by Amazon Inspector.
Members
- accountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the covered resource.
- lastScannedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the resource was last checked for vulnerabilities.
- resourceId
-
- Required: Yes
- Type: string
The ID of the covered resource.
- resourceMetadata
-
- Type: ResourceScanMetadata structure
An object that contains details about the metadata.
- resourceType
-
- Required: Yes
- Type: string
The type of the covered resource.
- scanMode
-
- Type: string
The scan method that is applied to the instance.
- scanStatus
-
- Type: ScanStatus structure
The status of the scan covering the resource.
- scanType
-
- Required: Yes
- Type: string
The Amazon Inspector scan type covering the resource.
CreateCisTargets
Description
Creates CIS targets.
Members
- accountIds
-
- Required: Yes
- Type: Array of strings
The CIS target account ids.
- targetResourceTags
-
- Required: Yes
- Type: Associative array of custom strings keys (TargetResourceTagsKey) to stringss
The CIS target resource tags.
CreateGitLabSelfManagedIntegrationDetail
Description
Contains details required to create an integration with a self-managed GitLab instance.
Members
- accessToken
-
- Required: Yes
- Type: string
The personal access token used to authenticate with the self-managed GitLab instance.
- instanceUrl
-
- Required: Yes
- Type: string
The URL of the self-managed GitLab instance.
CreateIntegrationDetail
Description
Contains details required to create a code security integration with a specific repository provider.
Members
- gitlabSelfManaged
-
- Type: CreateGitLabSelfManagedIntegrationDetail structure
Details specific to creating an integration with a self-managed GitLab instance.
Cvss2
Description
The Common Vulnerability Scoring System (CVSS) version 2 details for the vulnerability.
Members
- baseScore
-
- Type: double
The CVSS v2 base score for the vulnerability.
- scoringVector
-
- Type: string
The scoring vector associated with the CVSS v2 score.
Cvss3
Description
The Common Vulnerability Scoring System (CVSS) version 3 details for the vulnerability.
Members
- baseScore
-
- Type: double
The CVSS v3 base score for the vulnerability.
- scoringVector
-
- Type: string
The scoring vector associated with the CVSS v3 score.
Cvss4
Description
The Common Vulnerability Scoring System (CVSS) version 4 details for the vulnerability.
Members
- baseScore
-
- Type: double
The base CVSS v4 score for the vulnerability finding, which rates the severity of the vulnerability on a scale from 0 to 10.
- scoringVector
-
- Type: string
The CVSS v4 scoring vector, which contains the metrics and measurements that were used to calculate the base score.
CvssScore
Description
The CVSS score for a finding.
Members
- baseScore
-
- Required: Yes
- Type: double
The base CVSS score used for the finding.
- scoringVector
-
- Required: Yes
- Type: string
The vector string of the CVSS score.
- source
-
- Required: Yes
- Type: string
The source of the CVSS score.
- version
-
- Required: Yes
- Type: string
The version of CVSS used for the score.
CvssScoreAdjustment
Description
Details on adjustments Amazon Inspector made to the CVSS score for a finding.
Members
- metric
-
- Required: Yes
- Type: string
The metric used to adjust the CVSS score.
- reason
-
- Required: Yes
- Type: string
The reason the CVSS score has been adjustment.
CvssScoreDetails
Description
Information about the CVSS score.
Members
- adjustments
-
- Type: Array of CvssScoreAdjustment structures
An object that contains details about adjustment Amazon Inspector made to the CVSS score.
- cvssSource
-
- Type: string
The source of the CVSS data.
- score
-
- Required: Yes
- Type: double
The CVSS score.
- scoreSource
-
- Required: Yes
- Type: string
The source for the CVSS score.
- scoringVector
-
- Required: Yes
- Type: string
The vector for the CVSS score.
- version
-
- Required: Yes
- Type: string
The CVSS version used in scoring.
DailySchedule
Description
A daily schedule.
Members
- startTime
-
- Required: Yes
- Type: Time structure
The schedule start time.
DateFilter
Description
Contains details on the time range used to filter findings.
Members
- endInclusive
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
A timestamp representing the end of the time period filtered on.
- startInclusive
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
A timestamp representing the start of the time period filtered on.
DelegatedAdmin
Description
Details of the Amazon Inspector delegated administrator for your organization.
Members
- accountId
-
- Type: string
The Amazon Web Services account ID of the Amazon Inspector delegated administrator for your organization.
- relationshipStatus
-
- Type: string
The status of the Amazon Inspector delegated administrator.
DelegatedAdminAccount
Description
Details of the Amazon Inspector delegated administrator for your organization.
Members
- accountId
-
- Type: string
The Amazon Web Services account ID of the Amazon Inspector delegated administrator for your organization.
- status
-
- Type: string
The status of the Amazon Inspector delegated administrator.
Destination
Description
Contains details of the Amazon S3 bucket and KMS key used to export findings.
Members
- bucketName
-
- Required: Yes
- Type: string
The name of the Amazon S3 bucket to export findings to.
- keyPrefix
-
- Type: string
The prefix that the findings will be written under.
- kmsKeyArn
-
- Required: Yes
- Type: string
The ARN of the KMS key used to encrypt data when exporting findings.
DisassociateConfigurationRequest
Description
Contains details about a request to disassociate a code repository from a scan configuration.
Members
- resource
-
- Required: Yes
- Type: CodeSecurityResource structure
Identifies a specific resource in a code repository that will be scanned.
- scanConfigurationArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the scan configuration to disassociate from a code repository.
Ec2Configuration
Description
Enables agent-based scanning, which scans instances that are not managed by SSM.
Members
- scanMode
-
- Required: Yes
- Type: string
The scan method that is applied to the instance.
Ec2ConfigurationState
Description
Details about the state of the EC2 scan configuration for your environment.
Members
- scanModeState
-
- Type: Ec2ScanModeState structure
An object that contains details about the state of the Amazon EC2 scan mode.
Ec2InstanceAggregation
Description
The details that define an aggregation based on Amazon EC2 instances.
Members
- amis
-
- Type: Array of StringFilter structures
The AMI IDs associated with the Amazon EC2 instances to aggregate findings for.
- instanceIds
-
- Type: Array of StringFilter structures
The Amazon EC2 instance IDs to aggregate findings for.
- instanceTags
-
- Type: Array of MapFilter structures
The Amazon EC2 instance tags to aggregate findings for.
- operatingSystems
-
- Type: Array of StringFilter structures
The operating system types to aggregate findings for. Valid values must be uppercase and underscore separated, examples are
ORACLE_LINUX_7andALPINE_LINUX_3_8. - sortBy
-
- Type: string
The value to sort results by.
- sortOrder
-
- Type: string
The order to sort results by.
Ec2InstanceAggregationResponse
Description
A response that contains the results of a finding aggregation by Amazon EC2 instance.
Members
- accountId
-
- Type: string
The Amazon Web Services account for the Amazon EC2 instance.
- ami
-
- Type: string
The Amazon Machine Image (AMI) of the Amazon EC2 instance.
- instanceId
-
- Required: Yes
- Type: string
The Amazon EC2 instance ID.
- instanceTags
-
- Type: Associative array of custom strings keys (MapKey) to strings
The tags attached to the instance.
- networkFindings
-
- Type: long (int|float)
The number of network findings for the Amazon EC2 instance.
- operatingSystem
-
- Type: string
The operating system of the Amazon EC2 instance.
- severityCounts
-
- Type: SeverityCounts structure
An object that contains the count of matched findings per severity.
Ec2Metadata
Description
Meta data details of an Amazon EC2 instance.
Members
- amiId
-
- Type: string
The ID of the Amazon Machine Image (AMI) used to launch the instance.
- platform
-
- Type: string
The platform of the instance.
- tags
-
- Type: Associative array of custom strings keys (MapKey) to strings
The tags attached to the instance.
Ec2ScanModeState
Description
The state of your Amazon EC2 scan mode configuration.
Members
- scanMode
-
- Type: string
The scan method that is applied to the instance.
- scanModeStatus
-
- Type: string
The status of the Amazon EC2 scan mode setting.
EcrConfiguration
Description
Details about the ECR automated re-scan duration setting for your environment.
Members
- pullDateRescanDuration
-
- Type: string
The rescan duration configured for image pull date.
- pullDateRescanMode
-
- Type: string
The pull date for the re-scan mode.
- rescanDuration
-
- Required: Yes
- Type: string
The rescan duration configured for image push date.
EcrConfigurationState
Description
Details about the state of the ECR scans for your environment.
Members
- rescanDurationState
-
- Type: EcrRescanDurationState structure
An object that contains details about the state of the ECR re-scan settings.
EcrContainerImageMetadata
Description
Information on the Amazon ECR image metadata associated with a finding.
Members
- imagePulledAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date an image was last pulled at.
- inUseCount
-
- Type: long (int|float)
The number of Amazon ECS tasks or Amazon EKS pods where the Amazon ECR container image is in use.
- lastInUseAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The last time an Amazon ECR image was used in an Amazon ECS task or Amazon EKS pod.
- tags
-
- Type: Array of strings
Tags associated with the Amazon ECR image metadata.
EcrRepositoryMetadata
Description
Information on the Amazon ECR repository metadata associated with a finding.
Members
- name
-
- Type: string
The name of the Amazon ECR repository.
- scanFrequency
-
- Type: string
The frequency of scans.
EcrRescanDurationState
Description
Details about the state of your ECR re-scan duration settings. The ECR re-scan duration defines how long an ECR image will be actively scanned by Amazon Inspector. When the number of days since an image was last pushed exceeds the duration configured for image pull date, and the duration configured for image pull date, the monitoring state of that image becomes inactive and all associated findings are scheduled for closure.
Members
- pullDateRescanDuration
-
- Type: string
The rescan duration configured for image pull date.
- pullDateRescanMode
-
- Type: string
The pull date for the re-scan mode.
- rescanDuration
-
- Type: string
The rescan duration configured for image push date.
- status
-
- Type: string
The status of changes to the ECR automated re-scan duration.
- updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
A timestamp representing when the last time the ECR scan duration setting was changed.
Epss
Description
Details about the Exploit Prediction Scoring System (EPSS) score.
Members
- score
-
- Type: double
The Exploit Prediction Scoring System (EPSS) score.
EpssDetails
Description
Details about the Exploit Prediction Scoring System (EPSS) score for a finding.
Members
- score
-
- Type: double
The EPSS score.
Evidence
Description
Details of the evidence for a vulnerability identified in a finding.
Members
- evidenceDetail
-
- Type: string
The evidence details.
- evidenceRule
-
- Type: string
The evidence rule.
- severity
-
- Type: string
The evidence severity.
ExploitObserved
Description
Contains information on when this exploit was observed.
Members
- firstSeen
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date an time when the exploit was first seen.
- lastSeen
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date an time when the exploit was last seen.
ExploitabilityDetails
Description
The details of an exploit available for a finding discovered in your environment.
Members
- lastKnownExploitAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time of the last exploit associated with a finding discovered in your environment.
FailedAccount
Description
An object with details on why an account failed to enable Amazon Inspector.
Members
- accountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID.
- errorCode
-
- Required: Yes
- Type: string
The error code explaining why the account failed to enable Amazon Inspector.
- errorMessage
-
- Required: Yes
- Type: string
The error message received when the account failed to enable Amazon Inspector.
- resourceStatus
-
- Type: ResourceStatus structure
An object detailing which resources Amazon Inspector is enabled to scan for the account.
- status
-
- Type: string
The status of Amazon Inspector for the account.
FailedAssociationResult
Description
Details about a failed attempt to associate or disassociate a code repository with a scan configuration.
Members
- resource
-
- Type: CodeSecurityResource structure
Identifies a specific resource in a code repository that will be scanned.
- scanConfigurationArn
-
- Type: string
The Amazon Resource Name (ARN) of the scan configuration that failed to be associated or disassociated.
- statusCode
-
- Type: string
The status code indicating why the association or disassociation failed.
- statusMessage
-
- Type: string
A message explaining why the association or disassociation failed.
FailedMemberAccountEc2DeepInspectionStatusState
Description
An object that contains details about a member account in your organization that failed to activate Amazon Inspector deep inspection.
Members
- accountId
-
- Required: Yes
- Type: string
The unique identifier for the Amazon Web Services account of the organization member that failed to activate Amazon Inspector deep inspection.
- ec2ScanStatus
-
- Type: string
The status of EC2 scanning in the account that failed to activate Amazon Inspector deep inspection.
- errorMessage
-
- Type: string
The error message explaining why the account failed to activate Amazon Inspector deep inspection.
Filter
Description
Details about a filter.
Members
- action
-
- Required: Yes
- Type: string
The action that is to be applied to the findings that match the filter.
- arn
-
- Required: Yes
- Type: string
The Amazon Resource Number (ARN) associated with this filter.
- createdAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time this filter was created at.
- criteria
-
- Required: Yes
- Type: FilterCriteria structure
Details on the filter criteria associated with this filter.
- description
-
- Type: string
A description of the filter.
- name
-
- Required: Yes
- Type: string
The name of the filter.
- ownerId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID of the account that created the filter.
- reason
-
- Type: string
The reason for the filter.
- tags
-
- Type: Associative array of custom strings keys (MapKey) to strings
The tags attached to the filter.
- updatedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the filter was last updated at.
FilterCriteria
Description
Details on the criteria used to define the filter.
Members
- awsAccountId
-
- Type: Array of StringFilter structures
Details of the Amazon Web Services account IDs used to filter findings.
- codeRepositoryProjectName
-
- Type: Array of StringFilter structures
Filter criteria for findings based on the project name in a code repository.
- codeRepositoryProviderType
-
- Type: Array of StringFilter structures
Filter criteria for findings based on the repository provider type (such as GitHub, GitLab, etc.).
- codeVulnerabilityDetectorName
-
- Type: Array of StringFilter structures
The name of the detector used to identify a code vulnerability in a Lambda function used to filter findings.
- codeVulnerabilityDetectorTags
-
- Type: Array of StringFilter structures
The detector type tag associated with the vulnerability used to filter findings. Detector tags group related vulnerabilities by common themes or tactics. For a list of available tags by programming language, see Java tags, or Python tags.
- codeVulnerabilityFilePath
-
- Type: Array of StringFilter structures
The file path to the file in a Lambda function that contains a code vulnerability used to filter findings.
- componentId
-
- Type: Array of StringFilter structures
Details of the component IDs used to filter findings.
- componentType
-
- Type: Array of StringFilter structures
Details of the component types used to filter findings.
- ec2InstanceImageId
-
- Type: Array of StringFilter structures
Details of the Amazon EC2 instance image IDs used to filter findings.
- ec2InstanceSubnetId
-
- Type: Array of StringFilter structures
Details of the Amazon EC2 instance subnet IDs used to filter findings.
- ec2InstanceVpcId
-
- Type: Array of StringFilter structures
Details of the Amazon EC2 instance VPC IDs used to filter findings.
- ecrImageArchitecture
-
- Type: Array of StringFilter structures
Details of the Amazon ECR image architecture types used to filter findings.
- ecrImageHash
-
- Type: Array of StringFilter structures
Details of the Amazon ECR image hashes used to filter findings.
- ecrImageInUseCount
-
- Type: Array of NumberFilter structures
Filter criteria indicating when details for an Amazon ECR image include when an Amazon ECR image is in use.
- ecrImageLastInUseAt
-
- Type: Array of DateFilter structures
Filter criteria indicating when an Amazon ECR image was last used in an Amazon ECS cluster task or Amazon EKS cluster pod.
- ecrImagePushedAt
-
- Type: Array of DateFilter structures
Details on the Amazon ECR image push date and time used to filter findings.
- ecrImageRegistry
-
- Type: Array of StringFilter structures
Details on the Amazon ECR registry used to filter findings.
- ecrImageRepositoryName
-
- Type: Array of StringFilter structures
Details on the name of the Amazon ECR repository used to filter findings.
- ecrImageTags
-
- Type: Array of StringFilter structures
The tags attached to the Amazon ECR container image.
- epssScore
-
- Type: Array of NumberFilter structures
The EPSS score used to filter findings.
- exploitAvailable
-
- Type: Array of StringFilter structures
Filters the list of Amazon Web Services Lambda findings by the availability of exploits.
- findingArn
-
- Type: Array of StringFilter structures
Details on the finding ARNs used to filter findings.
- findingStatus
-
- Type: Array of StringFilter structures
Details on the finding status types used to filter findings.
- findingType
-
- Type: Array of StringFilter structures
Details on the finding types used to filter findings.
- firstObservedAt
-
- Type: Array of DateFilter structures
Details on the date and time a finding was first seen used to filter findings.
- fixAvailable
-
- Type: Array of StringFilter structures
Details on whether a fix is available through a version update. This value can be
YES,NO, orPARTIAL. APARTIALfix means that some, but not all, of the packages identified in the finding have fixes available through updated versions. - inspectorScore
-
- Type: Array of NumberFilter structures
The Amazon Inspector score to filter on.
- lambdaFunctionExecutionRoleArn
-
- Type: Array of StringFilter structures
Filters the list of Amazon Web Services Lambda functions by execution role.
- lambdaFunctionLastModifiedAt
-
- Type: Array of DateFilter structures
Filters the list of Amazon Web Services Lambda functions by the date and time that a user last updated the configuration, in ISO 8601 format
- lambdaFunctionLayers
-
- Type: Array of StringFilter structures
Filters the list of Amazon Web Services Lambda functions by the function's layers. A Lambda function can have up to five layers.
- lambdaFunctionName
-
- Type: Array of StringFilter structures
Filters the list of Amazon Web Services Lambda functions by the name of the function.
- lambdaFunctionRuntime
-
- Type: Array of StringFilter structures
Filters the list of Amazon Web Services Lambda functions by the runtime environment for the Lambda function.
- lastObservedAt
-
- Type: Array of DateFilter structures
Details on the date and time a finding was last seen used to filter findings.
- networkProtocol
-
- Type: Array of StringFilter structures
Details on network protocol used to filter findings.
- portRange
-
- Type: Array of PortRangeFilter structures
Details on the port ranges used to filter findings.
- relatedVulnerabilities
-
- Type: Array of StringFilter structures
Details on the related vulnerabilities used to filter findings.
- resourceId
-
- Type: Array of StringFilter structures
Details on the resource IDs used to filter findings.
- resourceTags
-
- Type: Array of MapFilter structures
Details on the resource tags used to filter findings.
- resourceType
-
- Type: Array of StringFilter structures
Details on the resource types used to filter findings.
- severity
-
- Type: Array of StringFilter structures
Details on the severity used to filter findings.
- title
-
- Type: Array of StringFilter structures
Details on the finding title used to filter findings.
- updatedAt
-
- Type: Array of DateFilter structures
Details on the date and time a finding was last updated at used to filter findings.
- vendorSeverity
-
- Type: Array of StringFilter structures
Details on the vendor severity used to filter findings.
- vulnerabilityId
-
- Type: Array of StringFilter structures
Details on the vulnerability ID used to filter findings.
- vulnerabilitySource
-
- Type: Array of StringFilter structures
Details on the vulnerability type used to filter findings.
- vulnerablePackages
-
- Type: Array of PackageFilter structures
Details on the vulnerable packages used to filter findings.
Finding
Description
Details about an Amazon Inspector finding.
Members
- awsAccountId
-
- Required: Yes
- Type: string
The Amazon Web Services account ID associated with the finding.
- codeVulnerabilityDetails
-
- Type: CodeVulnerabilityDetails structure
Details about the code vulnerability identified in a Lambda function used to filter findings.
- description
-
- Required: Yes
- Type: string
The description of the finding.
- epss
-
- Type: EpssDetails structure
The finding's EPSS score.
- exploitAvailable
-
- Type: string
If a finding discovered in your environment has an exploit available.
- exploitabilityDetails
-
- Type: ExploitabilityDetails structure
The details of an exploit available for a finding discovered in your environment.
- findingArn
-
- Required: Yes
- Type: string
The Amazon Resource Number (ARN) of the finding.
- firstObservedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that the finding was first observed.
- fixAvailable
-
- Type: string
Details on whether a fix is available through a version update. This value can be
YES,NO, orPARTIAL. APARTIALfix means that some, but not all, of the packages identified in the finding have fixes available through updated versions. - inspectorScore
-
- Type: double
The Amazon Inspector score given to the finding.
- inspectorScoreDetails
-
- Type: InspectorScoreDetails structure
An object that contains details of the Amazon Inspector score.
- lastObservedAt
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the finding was last observed. This timestamp for this field remains unchanged until a finding is updated.
- networkReachabilityDetails
-
- Type: NetworkReachabilityDetails structure
An object that contains the details of a network reachability finding.
- packageVulnerabilityDetails
-
- Type: PackageVulnerabilityDetails structure
An object that contains the details of a package vulnerability finding.
- remediation
-
- Required: Yes
- Type: Remediation structure
An object that contains the details about how to remediate a finding.
- resources
-
- Required: Yes
- Type: Array of Resource structures
Contains information on the resources involved in a finding. The
resourcevalue determines the valid values fortypein your request. For more information, see Finding types in the Amazon Inspector user guide. - severity
-
- Required: Yes
- Type: string
The severity of the finding.
UNTRIAGEDapplies toPACKAGE_VULNERABILITYtype findings that the vendor has not assigned a severity yet. For more information, see Severity levels for findings in the Amazon Inspector user guide. - status
-
- Required: Yes
- Type: string
The status of the finding.
- title
-
- Type: string
The title of the finding.
- type
-
- Required: Yes
- Type: string
The type of the finding. The
typevalue determines the valid values forresourcein your request. For more information, see Finding types in the Amazon Inspector user guide. - updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the finding was last updated at.
FindingDetail
Description
Details of the vulnerability identified in a finding.
Members
- cisaData
-
- Type: CisaData structure
The Cybersecurity and Infrastructure Security Agency (CISA) details for a specific vulnerability.
- cwes
-
- Type: Array of strings
The Common Weakness Enumerations (CWEs) associated with the vulnerability.
- epssScore
-
- Type: double
The Exploit Prediction Scoring System (EPSS) score of the vulnerability.
- evidences
-
- Type: Array of Evidence structures
Information on the evidence of the vulnerability.
- exploitObserved
-
- Type: ExploitObserved structure
Contains information on when this exploit was observed.
- findingArn
-
- Type: string
The finding ARN that the vulnerability details are associated with.
- referenceUrls
-
- Type: Array of strings
The reference URLs for the vulnerability data.
- riskScore
-
- Type: int
The risk score of the vulnerability.
- tools
-
- Type: Array of strings
The known malware tools or kits that can exploit the vulnerability.
- ttps
-
- Type: Array of strings
The MITRE adversary tactics, techniques, or procedures (TTPs) associated with the vulnerability.
FindingDetailsError
Description
Details about an error encountered when trying to return vulnerability data for a finding.
Members
- errorCode
-
- Required: Yes
- Type: string
The error code.
- errorMessage
-
- Required: Yes
- Type: string
The error message.
- findingArn
-
- Required: Yes
- Type: string
The finding ARN that returned an error.
FindingTypeAggregation
Description
The details that define an aggregation based on finding type.
Members
- findingType
-
- Type: string
The finding type to aggregate.
- resourceType
-
- Type: string
The resource type to aggregate.
- sortBy
-
- Type: string
The value to sort results by.
- sortOrder
-
- Type: string
The order to sort results by.
FindingTypeAggregationResponse
Description
A response that contains the results of a finding type aggregation.
Members
- accountId
-
- Type: string
The ID of the Amazon Web Services account associated with the findings.
- exploitAvailableCount
-
- Type: long (int|float)
The number of findings that have an exploit available.
- fixAvailableCount
-
- Type: long (int|float)
Details about the number of fixes.
- severityCounts
-
- Type: SeverityCounts structure
The value to sort results by.
FreeTrialAccountInfo
Description
Information about the Amazon Inspector free trial for an account.
Members
- accountId
-
- Required: Yes
- Type: string
The account associated with the Amazon Inspector free trial information.
- freeTrialInfo
-
- Required: Yes
- Type: Array of FreeTrialInfo structures
Contains information about the Amazon Inspector free trial for an account.
FreeTrialInfo
Description
An object that contains information about the Amazon Inspector free trial for an account.
Members
- end
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that the Amazon Inspector free trail ends for a given account.
- start
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that the Amazon Inspector free trail started for a given account.
- status
-
- Required: Yes
- Type: string
The order to sort results by.
- type
-
- Required: Yes
- Type: string
The type of scan covered by the Amazon Inspector free trail.
FreeTrialInfoError
Description
Information about an error received while accessing free trail data for an account.
Members
- accountId
-
- Required: Yes
- Type: string
The account associated with the Amazon Inspector free trial information.
- code
-
- Required: Yes
- Type: string
The error code.
- message
-
- Required: Yes
- Type: string
The error message returned.
ImageLayerAggregation
Description
The details that define an aggregation based on container image layers.
Members
- layerHashes
-
- Type: Array of StringFilter structures
The hashes associated with the layers.
- repositories
-
- Type: Array of StringFilter structures
The repository associated with the container image hosting the layers.
- resourceIds
-
- Type: Array of StringFilter structures
The ID of the container image layer.
- sortBy
-
- Type: string
The value to sort results by.
- sortOrder
-
- Type: string
The order to sort results by.
ImageLayerAggregationResponse
Description
A response that contains the results of a finding aggregation by image layer.
Members
- accountId
-
- Required: Yes
- Type: string
The ID of the Amazon Web Services account that owns the container image hosting the layer image.
- layerHash
-
- Required: Yes
- Type: string
The layer hash.
- repository
-
- Required: Yes
- Type: string
The repository the layer resides in.
- resourceId
-
- Required: Yes
- Type: string
The resource ID of the container image layer.
- severityCounts
-
- Type: SeverityCounts structure
An object that represents the count of matched findings per severity.
InspectorScoreDetails
Description
Information about the Amazon Inspector score given to a finding.
Members
- adjustedCvss
-
- Type: CvssScoreDetails structure
An object that contains details about the CVSS score given to a finding.
InternalServerException
Description
The request has failed due to an internal failure of the Amazon Inspector service.
Members
- message
-
- Required: Yes
- Type: string
- retryAfterSeconds
-
- Type: int
The number of seconds to wait before retrying the request.
LambdaFunctionAggregation
Description
The details that define a findings aggregation based on Amazon Web Services Lambda functions.
Members
- functionNames
-
- Type: Array of StringFilter structures
The Amazon Web Services Lambda function names to include in the aggregation results.
- functionTags
-
- Type: Array of MapFilter structures
The tags to include in the aggregation results.
- resourceIds
-
- Type: Array of StringFilter structures
The resource IDs to include in the aggregation results.
- runtimes
-
- Type: Array of StringFilter structures
Returns findings aggregated by Amazon Web Services Lambda function runtime environments.
- sortBy
-
- Type: string
The finding severity to use for sorting the results.
- sortOrder
-
- Type: string
The order to use for sorting the results.
LambdaFunctionAggregationResponse
Description
A response that contains the results of an Amazon Web Services Lambda function finding aggregation.
Members
- accountId
-
- Type: string
The ID of the Amazon Web Services account that owns the Amazon Web Services Lambda function.
- functionName
-
- Type: string
The Amazon Web Services Lambda function names included in the aggregation results.
- lambdaTags
-
- Type: Associative array of custom strings keys (MapKey) to strings
The tags included in the aggregation results.
- lastModifiedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date that the Amazon Web Services Lambda function included in the aggregation results was last changed.
- resourceId
-
- Required: Yes
- Type: string
The resource IDs included in the aggregation results.
- runtime
-
- Type: string
The runtimes included in the aggregation results.
- severityCounts
-
- Type: SeverityCounts structure
An object that contains the counts of aggregated finding per severity.
LambdaFunctionMetadata
Description
The Amazon Web Services Lambda function metadata.
Members
- functionName
-
- Type: string
The name of a function.
- functionTags
-
- Type: Associative array of custom strings keys (MapKey) to strings
The resource tags on an Amazon Web Services Lambda function.
- layers
-
- Type: Array of strings
The layers for an Amazon Web Services Lambda function. A Lambda function can have up to five layers.
- runtime
-
- Type: string
An Amazon Web Services Lambda function's runtime.
LambdaLayerAggregation
Description
The details that define a findings aggregation based on an Amazon Web Services Lambda function's layers.
Members
- functionNames
-
- Type: Array of StringFilter structures
The names of the Amazon Web Services Lambda functions associated with the layers.
- layerArns
-
- Type: Array of StringFilter structures
The Amazon Resource Name (ARN) of the Amazon Web Services Lambda function layer.
- resourceIds
-
- Type: Array of StringFilter structures
The resource IDs for the Amazon Web Services Lambda function layers.
- sortBy
-
- Type: string
The finding severity to use for sorting the results.
- sortOrder
-
- Type: string
The order to use for sorting the results.
LambdaLayerAggregationResponse
Description
A response that contains the results of an Amazon Web Services Lambda function layer finding aggregation.
Members
- accountId
-
- Required: Yes
- Type: string
The account ID of the Amazon Web Services Lambda function layer.
- functionName
-
- Required: Yes
- Type: string
The names of the Amazon Web Services Lambda functions associated with the layers.
- layerArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the Amazon Web Services Lambda function layer.
- resourceId
-
- Required: Yes
- Type: string
The Resource ID of the Amazon Web Services Lambda function layer.
- severityCounts
-
- Type: SeverityCounts structure
An object that contains the counts of aggregated finding per severity.
LambdaVpcConfig
Description
The VPC security groups and subnets that are attached to an Amazon Web Services Lambda function. For more information, see VPC Settings.
Members
- securityGroupIds
-
- Type: Array of strings
The VPC security groups and subnets that are attached to an Amazon Web Services Lambda function. For more information, see VPC Settings.
- subnetIds
-
- Type: Array of strings
A list of VPC subnet IDs.
- vpcId
-
- Type: string
The ID of the VPC.
ListCisScanConfigurationsFilterCriteria
Description
A list of CIS scan configurations filter criteria.
Members
- scanConfigurationArnFilters
-
- Type: Array of CisStringFilter structures
The list of scan configuration ARN filters.
- scanNameFilters
-
- Type: Array of CisStringFilter structures
The list of scan name filters.
- targetResourceTagFilters
-
- Type: Array of TagFilter structures
The list of target resource tag filters.
ListCisScansFilterCriteria
Description
A list of CIS scans filter criteria.
Members
- failedChecksFilters
-
- Type: Array of CisNumberFilter structures
The list of failed checks filters.
- scanArnFilters
-
- Type: Array of CisStringFilter structures
The list of scan ARN filters.
- scanAtFilters
-
- Type: Array of CisDateFilter structures
The list of scan at filters.
- scanConfigurationArnFilters
-
- Type: Array of CisStringFilter structures
The list of scan configuration ARN filters.
- scanNameFilters
-
- Type: Array of CisStringFilter structures
The list of scan name filters.
- scanStatusFilters
-
- Type: Array of CisScanStatusFilter structures
The list of scan status filters.
- scheduledByFilters
-
- Type: Array of CisStringFilter structures
The list of scheduled by filters.
- targetAccountIdFilters
-
- Type: Array of CisStringFilter structures
The list of target account ID filters.
- targetResourceIdFilters
-
- Type: Array of CisStringFilter structures
The list of target resource ID filters.
- targetResourceTagFilters
-
- Type: Array of TagFilter structures
The list of target resource tag filters.
MapFilter
Description
An object that describes details of a map filter.
Members
- comparison
-
- Required: Yes
- Type: string
The operator to use when comparing values in the filter.
- key
-
- Required: Yes
- Type: string
The tag key used in the filter.
- value
-
- Type: string
The tag value used in the filter.
Member
Description
Details on a member account in your organization.
Members
- accountId
-
- Type: string
The Amazon Web Services account ID of the member account.
- delegatedAdminAccountId
-
- Type: string
The Amazon Web Services account ID of the Amazon Inspector delegated administrator for this member account.
- relationshipStatus
-
- Type: string
The status of the member account.
- updatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
A timestamp showing when the status of this member was last updated.
MemberAccountEc2DeepInspectionStatus
Description
An object that contains details about the status of Amazon Inspector deep inspection for a member account in your organization.
Members
- accountId
-
- Required: Yes
- Type: string
The unique identifier for the Amazon Web Services account of the organization member.
- activateDeepInspection
-
- Required: Yes
- Type: boolean
Whether Amazon Inspector deep inspection is active in the account. If
TRUEAmazon Inspector deep inspection is active, ifFALSEit is not active.
MemberAccountEc2DeepInspectionStatusState
Description
An object that contains details about the state of Amazon Inspector deep inspection for a member account.
Members
- accountId
-
- Required: Yes
- Type: string
The unique identifier for the Amazon Web Services account of the organization member
- errorMessage
-
- Type: string
The error message explaining why the account failed to activate Amazon Inspector deep inspection.
- status
-
- Type: string
The state of Amazon Inspector deep inspection in the member account.
MonthlySchedule
Description
A monthly schedule.
Members
- day
-
- Required: Yes
- Type: string
The monthly schedule's day.
- startTime
-
- Required: Yes
- Type: Time structure
The monthly schedule's start time.
NetworkPath
Description
Information on the network path associated with a finding.
Members
- steps
-
- Type: Array of Step structures
The details on the steps in the network path.
NetworkReachabilityDetails
Description
Contains the details of a network reachability finding.
Members
- networkPath
-
- Required: Yes
- Type: NetworkPath structure
An object that contains details about a network path associated with a finding.
- openPortRange
-
- Required: Yes
- Type: PortRange structure
An object that contains details about the open port range associated with a finding.
- protocol
-
- Required: Yes
- Type: string
The protocol associated with a finding.
NumberFilter
Description
An object that describes the details of a number filter.
Members
- lowerInclusive
-
- Type: double
The lowest number to be included in the filter.
- upperInclusive
-
- Type: double
The highest number to be included in the filter.
OneTimeSchedule
Description
A one time schedule.
Members
PackageAggregation
Description
The details that define an aggregation based on operating system package type.
Members
- packageNames
-
- Type: Array of StringFilter structures
The names of packages to aggregate findings on.
- sortBy
-
- Type: string
The value to sort results by.
- sortOrder
-
- Type: string
The order to sort results by.
PackageAggregationResponse
Description
A response that contains the results of a finding aggregation by image layer.
Members
- accountId
-
- Type: string
The ID of the Amazon Web Services account associated with the findings.
- packageName
-
- Required: Yes
- Type: string
The name of the operating system package.
- severityCounts
-
- Type: SeverityCounts structure
An object that contains the count of matched findings per severity.
PackageFilter
Description
Contains information on the details of a package filter.
Members
- architecture
-
- Type: StringFilter structure
An object that contains details on the package architecture type to filter on.
- epoch
-
- Type: NumberFilter structure
An object that contains details on the package epoch to filter on.
- filePath
-
- Type: StringFilter structure
An object that contains details on the package file path to filter on.
- name
-
- Type: StringFilter structure
An object that contains details on the name of the package to filter on.
- release
-
- Type: StringFilter structure
An object that contains details on the package release to filter on.
- sourceLambdaLayerArn
-
- Type: StringFilter structure
An object that describes the details of a string filter.
- sourceLayerHash
-
- Type: StringFilter structure
An object that contains details on the source layer hash to filter on.
- version
-
- Type: StringFilter structure
The package version to filter on.
PackageVulnerabilityDetails
Description
Information about a package vulnerability finding.
Members
- cvss
-
- Type: Array of CvssScore structures
An object that contains details about the CVSS score of a finding.
- referenceUrls
-
- Type: Array of strings
One or more URLs that contain details about this vulnerability type.
- relatedVulnerabilities
-
- Type: Array of strings
One or more vulnerabilities related to the one identified in this finding.
- source
-
- Required: Yes
- Type: string
The source of the vulnerability information.
- sourceUrl
-
- Type: string
A URL to the source of the vulnerability information.
- vendorCreatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that this vulnerability was first added to the vendor's database.
- vendorSeverity
-
- Type: string
The severity the vendor has given to this vulnerability type.
- vendorUpdatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the vendor last updated this vulnerability in their database.
- vulnerabilityId
-
- Required: Yes
- Type: string
The ID given to this vulnerability.
- vulnerablePackages
-
- Type: Array of VulnerablePackage structures
The packages impacted by this vulnerability.
PeriodicScanConfiguration
Description
Configuration settings for periodic scans that run on a scheduled basis.
Members
- frequency
-
- Type: string
The frequency at which periodic scans are performed (such as weekly or monthly).
If you don't provide the
frequencyExpressionAmazon Inspector chooses day for the scan to run. If you provide thefrequencyExpression, the schedule must match the specifiedfrequency. - frequencyExpression
-
- Type: string
The schedule expression for periodic scans, in cron format.
Permission
Description
Contains information on the permissions an account has within Amazon Inspector.
Members
- operation
-
- Required: Yes
- Type: string
The operations that can be performed with the given permissions.
- service
-
- Required: Yes
- Type: string
The services that the permissions allow an account to perform the given operations for.
PortRange
Description
Details about the port range associated with a finding.
Members
- begin
-
- Required: Yes
- Type: int
The beginning port in a port range.
- end
-
- Required: Yes
- Type: int
The ending port in a port range.
PortRangeFilter
Description
An object that describes the details of a port range filter.
Members
- beginInclusive
-
- Type: int
The port number the port range begins at.
- endInclusive
-
- Type: int
The port number the port range ends at.
ProjectCodeSecurityScanConfiguration
Description
Contains the scan configuration settings applied to a specific project in a code repository.
Members
- continuousIntegrationScanConfigurations
-
- Type: Array of ProjectContinuousIntegrationScanConfiguration structures
The continuous integration scan configurations applied to the project.
- periodicScanConfigurations
-
- Type: Array of ProjectPeriodicScanConfiguration structures
The periodic scan configurations applied to the project.
ProjectContinuousIntegrationScanConfiguration
Description
Contains the continuous integration scan configuration settings applied to a specific project.
Members
- ruleSetCategories
-
- Type: Array of strings
The categories of security rules applied during continuous integration scans for the project.
- supportedEvent
-
- Type: string
The repository event that triggers continuous integration scans for the project.
ProjectPeriodicScanConfiguration
Description
Contains the periodic scan configuration settings applied to a specific project.
Members
- frequencyExpression
-
- Type: string
The schedule expression for periodic scans, in cron format, applied to the project.
- ruleSetCategories
-
- Type: Array of strings
The categories of security rules applied during periodic scans for the project.
Recommendation
Description
Details about the recommended course of action to remediate the finding.
Members
- Url
-
- Type: string
The URL address to the CVE remediation recommendations.
- text
-
- Type: string
The recommended course of action to remediate the finding.
Remediation
Description
Information on how to remediate a finding.
Members
- recommendation
-
- Type: Recommendation structure
An object that contains information about the recommended course of action to remediate the finding.
RepositoryAggregation
Description
The details that define an aggregation based on repository.
Members
- repositories
-
- Type: Array of StringFilter structures
The names of repositories to aggregate findings on.
- sortBy
-
- Type: string
The value to sort results by.
- sortOrder
-
- Type: string
The order to sort results by.
RepositoryAggregationResponse
Description
A response that contains details on the results of a finding aggregation by repository.
Members
- accountId
-
- Type: string
The ID of the Amazon Web Services account associated with the findings.
- affectedImages
-
- Type: long (int|float)
The number of container images impacted by the findings.
- repository
-
- Required: Yes
- Type: string
The name of the repository associated with the findings.
- severityCounts
-
- Type: SeverityCounts structure
An object that represent the count of matched findings per severity.
Resource
Description
Details about the resource involved in a finding.
Members
- details
-
- Type: ResourceDetails structure
An object that contains details about the resource involved in a finding.
- id
-
- Required: Yes
- Type: string
The ID of the resource.
- partition
-
- Type: string
The partition of the resource.
- region
-
- Type: string
The Amazon Web Services Region the impacted resource is located in.
- tags
-
- Type: Associative array of custom strings keys (MapKey) to strings
The tags attached to the resource.
- type
-
- Required: Yes
- Type: string
The type of resource.
ResourceDetails
Description
Contains details about the resource involved in the finding.
Members
- awsEc2Instance
-
- Type: AwsEc2InstanceDetails structure
An object that contains details about the Amazon EC2 instance involved in the finding.
- awsEcrContainerImage
-
- Type: AwsEcrContainerImageDetails structure
An object that contains details about the Amazon ECR container image involved in the finding.
- awsLambdaFunction
-
- Type: AwsLambdaFunctionDetails structure
A summary of the information about an Amazon Web Services Lambda function affected by a finding.
- codeRepository
-
- Type: CodeRepositoryDetails structure
Contains details about a code repository resource associated with a finding.
ResourceFilterCriteria
Description
The resource filter criteria for a Software bill of materials (SBOM) report.
Members
- accountId
-
- Type: Array of ResourceStringFilter structures
The account IDs used as resource filter criteria.
- ec2InstanceTags
-
- Type: Array of ResourceMapFilter structures
The EC2 instance tags used as resource filter criteria.
- ecrImageTags
-
- Type: Array of ResourceStringFilter structures
The ECR image tags used as resource filter criteria.
- ecrRepositoryName
-
- Type: Array of ResourceStringFilter structures
The ECR repository names used as resource filter criteria.
- lambdaFunctionName
-
- Type: Array of ResourceStringFilter structures
The Amazon Web Services Lambda function name used as resource filter criteria.
- lambdaFunctionTags
-
- Type: Array of ResourceMapFilter structures
The Amazon Web Services Lambda function tags used as resource filter criteria.
- resourceId
-
- Type: Array of ResourceStringFilter structures
The resource IDs used as resource filter criteria.
- resourceType
-
- Type: Array of ResourceStringFilter structures
The resource types used as resource filter criteria.
ResourceMapFilter
Description
A resource map filter for a software bill of material report.
Members
- comparison
-
- Required: Yes
- Type: string
The filter's comparison.
- key
-
- Required: Yes
- Type: string
The filter's key.
- value
-
- Type: string
The filter's value.
ResourceNotFoundException
Description
The operation tried to access an invalid resource. Make sure the resource is specified correctly.
Members
- message
-
- Required: Yes
- Type: string
ResourceScanMetadata
Description
An object that contains details about the metadata for an Amazon ECR resource.
Members
- codeRepository
-
- Type: CodeRepositoryMetadata structure
Contains metadata about scan coverage for a code repository resource.
- ec2
-
- Type: Ec2Metadata structure
An object that contains metadata details for an Amazon EC2 instance.
- ecrImage
-
- Type: EcrContainerImageMetadata structure
An object that contains details about the container metadata for an Amazon ECR image.
- ecrRepository
-
- Type: EcrRepositoryMetadata structure
An object that contains details about the repository an Amazon ECR image resides in.
- lambdaFunction
-
- Type: LambdaFunctionMetadata structure
An object that contains metadata details for an Amazon Web Services Lambda function.
ResourceState
Description
Details the state of Amazon Inspector for each resource type Amazon Inspector scans.
Members
- codeRepository
-
- Type: State structure
An object that described the state of Amazon Inspector scans for an account.
- ec2
-
- Required: Yes
- Type: State structure
An object detailing the state of Amazon Inspector scanning for Amazon EC2 resources.
- ecr
-
- Required: Yes
- Type: State structure
An object detailing the state of Amazon Inspector scanning for Amazon ECR resources.
- lambda
-
- Type: State structure
An object that described the state of Amazon Inspector scans for an account.
- lambdaCode
-
- Type: State structure
An object that described the state of Amazon Inspector scans for an account.
ResourceStatus
Description
Details the status of Amazon Inspector for each resource type Amazon Inspector scans.
Members
- codeRepository
-
- Type: string
The status of Amazon Inspector scanning for code repositories.
- ec2
-
- Required: Yes
- Type: string
The status of Amazon Inspector scanning for Amazon EC2 resources.
- ecr
-
- Required: Yes
- Type: string
The status of Amazon Inspector scanning for Amazon ECR resources.
- lambda
-
- Type: string
The status of Amazon Inspector scanning for Amazon Web Services Lambda function.
- lambdaCode
-
- Type: string
The status of Amazon Inspector scanning for custom application code for Amazon Web Services Lambda functions.
ResourceStringFilter
Description
A resource string filter for a software bill of materials report.
Members
- comparison
-
- Required: Yes
- Type: string
The filter's comparison.
- value
-
- Required: Yes
- Type: string
The filter's value.
ScanStatus
Description
The status of the scan.
Members
- reason
-
- Required: Yes
- Type: string
The scan status. Possible return values and descriptions are:
ACCESS_DENIED- Resource access policy restricting Amazon Inspector access. Please update the IAM policy.ACCESS_DENIED_TO_ENCRYPTION_KEY- The KMS key policy doesn't allow Amazon Inspector access. Update the key policy.DEEP_INSPECTION_COLLECTION_TIME_LIMIT_EXCEEDED- Amazon Inspector failed to extract the package inventory because the package collection time exceeding the maximum threshold of 15 minutes.DEEP_INSPECTION_DAILY_SSM_INVENTORY_LIMIT_EXCEEDED- The SSM agent couldn't send inventory to Amazon Inspector because the SSM quota for Inventory data collected per instance per day has already been reached for this instance.DEEP_INSPECTION_NO_INVENTORY- The Amazon Inspector plugin hasn't yet been able to collect an inventory of packages for this instance. This is usually the result of a pending scan, however, if this status persists after 6 hours, use SSM to ensure that the required Amazon Inspector associations exist and are running for the instance.DEEP_INSPECTION_PACKAGE_COLLECTION_LIMIT_EXCEEDED- The instance has exceeded the 5000 package limit for Amazon Inspector Deep inspection. To resume Deep inspection for this instance you can try to adjust the custom paths associated with the account.EC2_INSTANCE_STOPPED- This EC2 instance is in a stopped state, therefore, Amazon Inspector will pause scanning. The existing findings will continue to exist until the instance is terminated. Once the instance is re-started, Inspector will automatically start scanning the instance again. Please note that you will not be charged for this instance while it's in a stopped state.EXCLUDED_BY_TAG- This resource was not scanned because it has been excluded by a tag.IMAGE_SIZE_EXCEEDED- Reserved for future use.INTEGRATION_CONNNECTION_LOST- Amazon Inspector couldn't communicate with the source code management platform.INTERNAL_ERROR- Amazon Inspector has encountered an internal error for this resource. Amazon Inspector service will automatically resolve the issue and resume the scanning. No action required from the user.NO_INVENTORY- Amazon Inspector couldn't find software application inventory to scan for vulnerabilities. This might be caused due to required Amazon Inspector associations being deleted or failing to run on your resource. Please verify the status ofInspectorInventoryCollection-do-not-deleteassociation in the SSM console for the resource. Additionally, you can verify the instance's inventory in the SSM Fleet Manager console.NO_RESOURCES_FOUND- Reserved for future use.NO_SCAN_CONFIGURATION_ASSOCIATED- The code repository resource doesn't have an associated scan configuration.PENDING_DISABLE- This resource is pending cleanup during disablement. The customer will not be billed while a resource is in the pending disable status.PENDING_INITIAL_SCAN- This resource has been identified for scanning, results will be available soon.RESOURCE_TERMINATED- This resource has been terminated. The findings and coverage associated with this resource are in the process of being cleaned up.SCAN_ELIGIBILITY_EXPIRED- The configured scan duration has lapsed for this image.SCAN_FREQUENCY_MANUAL- This image will not be covered by Amazon Inspector due to the repository scan frequency configuration.SCAN_FREQUENCY_SCAN_ON_PUSH- This image will be scanned one time and will not new findings because of the scan frequency configuration.SCAN_IN_PROGRESS- The resource is currently being scanned.STALE_INVENTORY- Amazon Inspector wasn't able to collect an updated software application inventory in the last 7 days. Please confirm the required Amazon Inspector associations still exist and you can still see an updated inventory in the SSM console.SUCCESSFUL- The scan was successful.UNMANAGED_EC2_INSTANCE- The EC2 instance is not managed by SSM, please use the following SSM automation to remediate the issue: https://docs.aws.amazon.com/systems-manager-automation-runbooks/latest/userguide/automation-awssupport-troubleshoot-managed-instance.html. Once the instance becomes managed by SSM, Inspector will automatically begin scanning this instance.UNSUPPORTED_CONFIG_FILE- Reserved for future use.UNSUPPORTED_LANGUAGE- The scan was unsuccessful because the repository contains files in an unsupported programming language.UNSUPPORTED_MEDIA_TYPE- The ECR image has an unsupported media type.UNSUPPORTED_OS- Amazon Inspector does not support this OS, architecture, or image manifest type at this time. To see a complete list of supported operating systems see: https://docs.aws.amazon.com/inspector/latest/user/supported.html.UNSUPPORTED_RUNTIME- The function was not scanned because it has an unsupported runtime. To see a complete list of supported runtimes see: https://docs.aws.amazon.com/inspector/latest/user/supported.html. - statusCode
-
- Required: Yes
- Type: string
The status code of the scan.
Schedule
Description
A schedule.
Members
- daily
-
- Type: DailySchedule structure
The schedule's daily.
- monthly
-
- Type: MonthlySchedule structure
The schedule's monthly.
- oneTime
-
- Type: OneTimeSchedule structure
The schedule's one time.
- weekly
-
- Type: WeeklySchedule structure
The schedule's weekly.
ScopeSettings
Description
Defines the scope of repositories to be included in code security scans.
Members
- projectSelectionScope
-
- Type: string
The scope of projects to be selected for scanning within the integrated repositories. Setting the value to
ALLapplies the scope settings to all existing and future projects imported into Amazon Inspector.
SearchVulnerabilitiesFilterCriteria
Description
Details on the criteria used to define the filter for a vulnerability search.
Members
- vulnerabilityIds
-
- Required: Yes
- Type: Array of strings
The IDs for specific vulnerabilities.
ServiceQuotaExceededException
Description
You have exceeded your service quota. To perform the requested action, remove some of the relevant resources, or use Service Quotas to request a service quota increase.
Members
- message
-
- Required: Yes
- Type: string
- resourceId
-
- Required: Yes
- Type: string
The ID of the resource that exceeds a service quota.
SeverityCounts
Description
An object that contains the counts of aggregated finding per severity.
Members
- all
-
- Type: long (int|float)
The total count of findings from all severities.
- critical
-
- Type: long (int|float)
The total count of critical severity findings.
- high
-
- Type: long (int|float)
The total count of high severity findings.
- medium
-
- Type: long (int|float)
The total count of medium severity findings.
SortCriteria
Description
Details about the criteria used to sort finding results.
Members
- field
-
- Required: Yes
- Type: string
The finding detail field by which results are sorted.
- sortOrder
-
- Required: Yes
- Type: string
The order by which findings are sorted.
StartCisSessionMessage
Description
The start CIS session message.
Members
- sessionToken
-
- Required: Yes
- Type: string
The unique token that identifies the CIS session.
State
Description
An object that described the state of Amazon Inspector scans for an account.
Members
- errorCode
-
- Required: Yes
- Type: string
The error code explaining why the account failed to enable Amazon Inspector.
- errorMessage
-
- Required: Yes
- Type: string
The error message received when the account failed to enable Amazon Inspector.
- status
-
- Required: Yes
- Type: string
The status of Amazon Inspector for the account.
StatusCounts
Description
The status counts.
Members
- failed
-
- Type: int
The number of checks that failed.
- passed
-
- Type: int
The number of checks that passed.
- skipped
-
- Type: int
The number of checks that were skipped.
Step
Description
Details about the step associated with a finding.
Members
- componentArn
-
- Type: string
The component ARN. The ARN can be null and is not displayed in the Amazon Web Services console.
- componentId
-
- Required: Yes
- Type: string
The component ID.
- componentType
-
- Required: Yes
- Type: string
The component type.
StopCisMessageProgress
Description
The stop CIS message progress.
Members
- errorChecks
-
- Type: int
The progress' error checks.
- failedChecks
-
- Type: int
The progress' failed checks.
- informationalChecks
-
- Type: int
The progress' informational checks.
- notApplicableChecks
-
- Type: int
The progress' not applicable checks.
- notEvaluatedChecks
-
- Type: int
The progress' not evaluated checks.
- successfulChecks
-
- Type: int
The progress' successful checks.
- totalChecks
-
- Type: int
The progress' total checks.
- unknownChecks
-
- Type: int
The progress' unknown checks.
StopCisSessionMessage
Description
The stop CIS session message.
Members
- benchmarkProfile
-
- Type: string
The message benchmark profile.
- benchmarkVersion
-
- Type: string
The message benchmark version.
- computePlatform
-
- Type: ComputePlatform structure
The message compute platform.
- progress
-
- Required: Yes
- Type: StopCisMessageProgress structure
The progress of the message.
- reason
-
- Type: string
The reason for the message.
- status
-
- Required: Yes
- Type: string
The status of the message.
StringFilter
Description
An object that describes the details of a string filter.
Members
- comparison
-
- Required: Yes
- Type: string
The operator to use when comparing values in the filter.
- value
-
- Required: Yes
- Type: string
The value to filter on.
SuccessfulAssociationResult
Description
Details about a successful association or disassociation between a code repository and a scan configuration.
Members
- resource
-
- Type: CodeSecurityResource structure
Identifies a specific resource in a code repository that will be scanned.
- scanConfigurationArn
-
- Type: string
The Amazon Resource Name (ARN) of the scan configuration that was successfully associated or disassociated.
SuggestedFix
Description
A suggested fix for a vulnerability in your Lambda function code.
Members
- code
-
- Type: string
The fix's code.
- description
-
- Type: string
The fix's description.
TagFilter
Description
The tag filter.
Members
- comparison
-
- Required: Yes
- Type: string
The tag filter comparison value.
- key
-
- Required: Yes
- Type: string
The tag filter key.
- value
-
- Required: Yes
- Type: string
The tag filter value.
ThrottlingException
Description
The limit on the number of requests per second was exceeded.
Members
- message
-
- Required: Yes
- Type: string
- retryAfterSeconds
-
- Type: int
The number of seconds to wait before retrying the request.
Time
Description
The time.
Members
- timeOfDay
-
- Required: Yes
- Type: string
The time of day in 24-hour format (00:00).
- timezone
-
- Required: Yes
- Type: string
The timezone.
TitleAggregation
Description
The details that define an aggregation based on finding title.
Members
- findingType
-
- Type: string
The type of finding to aggregate on.
- resourceType
-
- Type: string
The resource type to aggregate on.
- sortBy
-
- Type: string
The value to sort results by.
- sortOrder
-
- Type: string
The order to sort results by.
- titles
-
- Type: Array of StringFilter structures
The finding titles to aggregate on.
- vulnerabilityIds
-
- Type: Array of StringFilter structures
The vulnerability IDs of the findings.
TitleAggregationResponse
Description
A response that contains details on the results of a finding aggregation by title.
Members
- accountId
-
- Type: string
The ID of the Amazon Web Services account associated with the findings.
- severityCounts
-
- Type: SeverityCounts structure
An object that represent the count of matched findings per severity.
- title
-
- Required: Yes
- Type: string
The title that the findings were aggregated on.
- vulnerabilityId
-
- Type: string
The vulnerability ID of the finding.
UpdateCisTargets
Description
Updates CIS targets.
Members
- accountIds
-
- Type: Array of strings
The target account ids.
- targetResourceTags
-
- Type: Associative array of custom strings keys (TargetResourceTagsKey) to stringss
The target resource tags.
UpdateGitHubIntegrationDetail
Description
Contains details required to update an integration with GitHub.
Members
- code
-
- Required: Yes
- Type: string
The authorization code received from GitHub to update the integration.
- installationId
-
- Required: Yes
- Type: string
The installation ID of the GitHub App associated with the integration.
UpdateGitLabSelfManagedIntegrationDetail
Description
Contains details required to update an integration with a self-managed GitLab instance.
Members
- authCode
-
- Required: Yes
- Type: string
The authorization code received from the self-managed GitLab instance to update the integration.
UpdateIntegrationDetails
Description
Contains details required to update a code security integration with a specific repository provider.
Members
- github
-
- Type: UpdateGitHubIntegrationDetail structure
Details specific to updating an integration with GitHub.
- gitlabSelfManaged
-
- Type: UpdateGitLabSelfManagedIntegrationDetail structure
Details specific to updating an integration with a self-managed GitLab instance.
Usage
Description
Contains usage information about the cost of Amazon Inspector operation.
Members
- currency
-
- Type: string
The currency type used when calculating usage data.
- estimatedMonthlyCost
-
- Type: double
The estimated monthly cost of Amazon Inspector.
- total
-
- Type: double
The total of usage.
- type
-
- Type: string
The type scan.
UsageTotal
Description
The total of usage for an account ID.
Members
- accountId
-
- Type: string
The account ID of the account that usage data was retrieved for.
- usage
-
- Type: Array of Usage structures
An object representing the total usage for an account.
ValidationException
Description
The request has failed validation due to missing required fields or having invalid inputs.
Members
- fields
-
- Type: Array of ValidationExceptionField structures
The fields that failed validation.
- message
-
- Required: Yes
- Type: string
- reason
-
- Required: Yes
- Type: string
The reason for the validation failure.
ValidationExceptionField
Description
An object that describes a validation exception.
Members
- message
-
- Required: Yes
- Type: string
The validation exception message.
- name
-
- Required: Yes
- Type: string
The name of the validation exception.
Vulnerability
Description
Contains details about a specific vulnerability Amazon Inspector can detect.
Members
- atigData
-
- Type: AtigData structure
An object that contains information about the Amazon Web Services Threat Intel Group (ATIG) details for the vulnerability.
- cisaData
-
- Type: CisaData structure
An object that contains the Cybersecurity and Infrastructure Security Agency (CISA) details for the vulnerability.
- cvss2
-
- Type: Cvss2 structure
An object that contains the Common Vulnerability Scoring System (CVSS) Version 2 details for the vulnerability.
- cvss3
-
- Type: Cvss3 structure
An object that contains the Common Vulnerability Scoring System (CVSS) Version 3 details for the vulnerability.
- cvss4
-
- Type: Cvss4 structure
An object that contains the Common Vulnerability Scoring System (CVSS) Version 4 details for the vulnerability.
- cwes
-
- Type: Array of strings
The Common Weakness Enumeration (CWE) associated with the vulnerability.
- description
-
- Type: string
A description of the vulnerability.
- detectionPlatforms
-
- Type: Array of strings
Platforms that the vulnerability can be detected on.
- epss
-
- Type: Epss structure
An object that contains the Exploit Prediction Scoring System (EPSS) score for a vulnerability.
- exploitObserved
-
- Type: ExploitObserved structure
An object that contains details on when the exploit was observed.
- id
-
- Required: Yes
- Type: string
The ID for the specific vulnerability.
- referenceUrls
-
- Type: Array of strings
Links to various resources with more information on this vulnerability.
- relatedVulnerabilities
-
- Type: Array of strings
A list of related vulnerabilities.
- source
-
- Type: string
The source of the vulnerability information. Possible results are
RHEL,AMAZON_CVE,DEBIANorNVD. - sourceUrl
-
- Type: string
A link to the official source material for this vulnerability.
- vendorCreatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time when the vendor created this vulnerability.
- vendorSeverity
-
- Type: string
The severity assigned by the vendor.
- vendorUpdatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time when the vendor last updated this vulnerability.
VulnerablePackage
Description
Information on the vulnerable package identified by a finding.
Members
- arch
-
- Type: string
The architecture of the vulnerable package.
- epoch
-
- Type: int
The epoch of the vulnerable package.
- filePath
-
- Type: string
The file path of the vulnerable package.
- fixedInVersion
-
- Type: string
The version of the package that contains the vulnerability fix.
- name
-
- Required: Yes
- Type: string
The name of the vulnerable package.
- packageManager
-
- Type: string
The package manager of the vulnerable package.
- release
-
- Type: string
The release of the vulnerable package.
- remediation
-
- Type: string
The code to run in your environment to update packages with a fix available.
- sourceLambdaLayerArn
-
- Type: string
The Amazon Resource Number (ARN) of the Amazon Web Services Lambda function affected by a finding.
- sourceLayerHash
-
- Type: string
The source layer hash of the vulnerable package.
- version
-
- Required: Yes
- Type: string
The version of the vulnerable package.
WeeklySchedule
Description
A weekly schedule.
Members
- days
-
- Required: Yes
- Type: Array of strings
The weekly schedule's days.
- startTime
-
- Required: Yes
- Type: Time structure
The weekly schedule's start time.