Class Finding

java.lang.Object
software.amazon.awssdk.services.securityagent.model.Finding
All Implemented Interfaces:
Serializable, SdkPojo, ToCopyableBuilder<Finding.Builder,Finding>
@Generated("software.amazon.awssdk:codegen") public final class Finding extends Object implements SdkPojo, Serializable, ToCopyableBuilder<Finding.Builder,Finding>

Represents a security finding discovered during a pentest job. A finding contains details about a vulnerability, including its risk level, confidence, and remediation status.

See Also:

  • Method Details

    • findingId

      public final String findingId()

      The unique identifier of the finding.

      Returns:
      The unique identifier of the finding.

    • agentSpaceId

      public final String agentSpaceId()

      The unique identifier of the agent space associated with the finding.

      Returns:
      The unique identifier of the agent space associated with the finding.

    • pentestId

      public final String pentestId()

      The unique identifier of the pentest associated with the finding.

      Returns:
      The unique identifier of the pentest associated with the finding.

    • pentestJobId

      public final String pentestJobId()

      The unique identifier of the pentest job that produced the finding.

      Returns:
      The unique identifier of the pentest job that produced the finding.

    • codeReviewId

      public final String codeReviewId()

      The unique identifier of the code review associated with the finding.

      Returns:
      The unique identifier of the code review associated with the finding.

    • codeReviewJobId

      public final String codeReviewJobId()

      The unique identifier of the code review job that produced the finding.

      Returns:
      The unique identifier of the code review job that produced the finding.

    • taskId

      public final String taskId()

      The unique identifier of the task that produced the finding.

      Returns:
      The unique identifier of the task that produced the finding.

    • name

      public final String name()

      The name of the finding.

      Returns:
      The name of the finding.

    • description

      public final String description()

      A description of the finding.

      Returns:
      A description of the finding.

    • status

      public final FindingStatus status()

      The current status of the finding. Valid values include ACTIVE, RESOLVED, ACCEPTED, and FALSE_POSITIVE.

      If the service returns an enum value that is not available in the current SDK version, status will return FindingStatus.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from statusAsString().

      Returns:
      The current status of the finding. Valid values include ACTIVE, RESOLVED, ACCEPTED, and FALSE_POSITIVE.
      See Also:

    • statusAsString

      public final String statusAsString()

      The current status of the finding. Valid values include ACTIVE, RESOLVED, ACCEPTED, and FALSE_POSITIVE.

      If the service returns an enum value that is not available in the current SDK version, status will return FindingStatus.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from statusAsString().

      Returns:
      The current status of the finding. Valid values include ACTIVE, RESOLVED, ACCEPTED, and FALSE_POSITIVE.
      See Also:

    • riskType

      public final String riskType()

      The type of security risk identified by the finding.

      Returns:
      The type of security risk identified by the finding.

    • riskLevel

      public final RiskLevel riskLevel()

      The risk level of the finding. Valid values include UNKNOWN, INFORMATIONAL, LOW, MEDIUM, HIGH, and CRITICAL.

      If the service returns an enum value that is not available in the current SDK version, riskLevel will return RiskLevel.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from riskLevelAsString().

      Returns:
      The risk level of the finding. Valid values include UNKNOWN, INFORMATIONAL, LOW, MEDIUM, HIGH, and CRITICAL.
      See Also:

    • riskLevelAsString

      public final String riskLevelAsString()

      The risk level of the finding. Valid values include UNKNOWN, INFORMATIONAL, LOW, MEDIUM, HIGH, and CRITICAL.

      If the service returns an enum value that is not available in the current SDK version, riskLevel will return RiskLevel.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from riskLevelAsString().

      Returns:
      The risk level of the finding. Valid values include UNKNOWN, INFORMATIONAL, LOW, MEDIUM, HIGH, and CRITICAL.
      See Also:

    • riskScore

      public final String riskScore()

      The numerical risk score of the finding.

      Returns:
      The numerical risk score of the finding.

    • reasoning

      public final String reasoning()

      The reasoning behind the finding, explaining why it was identified as a vulnerability.

      Returns:
      The reasoning behind the finding, explaining why it was identified as a vulnerability.

    • confidence

      public final ConfidenceLevel confidence()

      The confidence level of the finding. Valid values include FALSE_POSITIVE, UNCONFIRMED, LOW, MEDIUM, and HIGH.

      If the service returns an enum value that is not available in the current SDK version, confidence will return ConfidenceLevel.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from confidenceAsString().

      Returns:
      The confidence level of the finding. Valid values include FALSE_POSITIVE, UNCONFIRMED, LOW, MEDIUM, and HIGH.
      See Also:

    • confidenceAsString

      public final String confidenceAsString()

      The confidence level of the finding. Valid values include FALSE_POSITIVE, UNCONFIRMED, LOW, MEDIUM, and HIGH.

      If the service returns an enum value that is not available in the current SDK version, confidence will return ConfidenceLevel.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from confidenceAsString().

      Returns:
      The confidence level of the finding. Valid values include FALSE_POSITIVE, UNCONFIRMED, LOW, MEDIUM, and HIGH.
      See Also:

    • attackScript

      public final String attackScript()

      The attack script used to reproduce the finding.

      Returns:
      The attack script used to reproduce the finding.

    • codeRemediationTask

      public final CodeRemediationTask codeRemediationTask()

      The code remediation task associated with the finding, if code remediation was initiated.

      Returns:
      The code remediation task associated with the finding, if code remediation was initiated.

    • lastUpdatedBy

      public final String lastUpdatedBy()

      The identifier of the entity that last updated the finding.

      Returns:
      The identifier of the entity that last updated the finding.

    • hasCodeLocations

      public final boolean hasCodeLocations()
      For responses, this returns true if the service returned a value for the CodeLocations property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

    • codeLocations

      public final List<CodeLocation> codeLocations()

      The file locations involved in the vulnerability, as reported by the code scanner.

      Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

      This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasCodeLocations() method.

      Returns:
      The file locations involved in the vulnerability, as reported by the code scanner.

    • createdAt

      public final Instant createdAt()

      The date and time the finding was created, in UTC format.

      Returns:
      The date and time the finding was created, in UTC format.

    • updatedAt

      public final Instant updatedAt()

      The date and time the finding was last updated, in UTC format.

      Returns:
      The date and time the finding was last updated, in UTC format.

    • toBuilder

      public Finding.Builder toBuilder()
      Description copied from interface: ToCopyableBuilder
      Take this object and create a builder that contains all of the current property values of this object.
      Specified by:
      toBuilder in interface ToCopyableBuilder<Finding.Builder,Finding>
      Returns:
      a builder for type T

    • builder

      public static Finding.Builder builder()

    • serializableBuilderClass

      public static Class<? extends Finding.Builder> serializableBuilderClass()

    • hashCode

      public final int hashCode()
      Overrides:
      hashCode in class Object

    • equals

      public final boolean equals(Object obj)
      Overrides:
      equals in class Object

    • equalsBySdkFields

      public final boolean equalsBySdkFields(Object obj)
      Description copied from interface: SdkPojo
      Indicates whether some other object is "equal to" this one by SDK fields. An SDK field is a modeled, non-inherited field in an SdkPojo class, and is generated based on a service model.

      If an SdkPojo class does not have any inherited fields, equalsBySdkFields and equals are essentially the same.

      Specified by:
      equalsBySdkFields in interface SdkPojo
      Parameters:
      obj - the object to be compared with
      Returns:
      true if the other object equals to this object by sdk fields, false otherwise.

    • toString

      public final String toString()
      Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value.
      Overrides:
      toString in class Object

    • getValueForField

      public final <T> Optional<T> getValueForField(String fieldName, Class<T> clazz)

    • sdkFields

      public final List<SdkField<?>> sdkFields()
      Specified by:
      sdkFields in interface SdkPojo
      Returns:
      List of SdkField in this POJO. May be empty list but should never be null.

    • sdkFieldNameToField

      public final Map<String,SdkField<?>> sdkFieldNameToField()
      Specified by:
      sdkFieldNameToField in interface SdkPojo
      Returns:
      The mapping between the field name and its corresponding field.