Package-level declarations
Types
AWS Security Agent is a frontier agent that proactively secures your applications throughout the development lifecycle. It conducts automated security reviews tailored to your organizational requirements and delivers context-aware penetration testing on demand. By continuously validating security from design to deployment, AWS Security Agent helps prevent vulnerabilities early across all your environments. Key capabilities include design security review for architecture documents, code security review for pull requests in connected repositories, and on-demand penetration testing that discovers, validates, and remediates security vulnerabilities through tailored multi-step attack scenarios. For more information, see the AWS Security Agent User Guide.
Inherited functions
Uploads an artifact to an agent space. Artifacts provide additional context for security testing, such as architecture diagrams, API specifications, or configuration files.
Deletes one or more code reviews from an agent space.
Deletes one or more pentests from an agent space.
Retrieves information about one or more agent spaces.
Retrieves metadata for one or more artifacts in an agent space.
Retrieves information about one or more code review jobs in an agent space.
Retrieves information about one or more tasks within a code review job.
Retrieves information about one or more code reviews in an agent space.
Retrieves information about one or more security findings in an agent space.
Retrieves information about one or more pentest jobs in an agent space.
Retrieves information about one or more tasks within a pentest job.
Retrieves information about one or more pentests in an agent space.
Retrieves information about one or more target domains.
Creates a new agent space. An agent space is a dedicated workspace for securing a specific application.
Creates a new application. An application is the top-level organizational unit that supports IAM Identity Center integration.
Creates a new code review configuration in an agent space. A code review defines the parameters for automated security-focused code analysis.
Creates a new integration with a third-party provider, such as GitHub, for code review and remediation.
Creates a new membership, granting a user access to an agent space within an application.
Creates a new pentest configuration in an agent space. A pentest defines the security test parameters, including target assets, risk type exclusions, and logging configuration.
Creates a new target domain for penetration testing. A target domain is a web domain that must be registered and verified before it can be tested.
Deletes an agent space and all of its associated resources, including pentests, findings, and artifacts.
Deletes an application and its associated configuration, including IAM Identity Center settings.
Deletes an artifact from an agent space.
Deletes an integration with a third-party provider.
Deletes a membership, revoking a user's access to an agent space.
Deletes a target domain registration. After deletion, the domain can no longer be used for penetration testing.
Retrieves information about an application.
Retrieves an artifact from an agent space.
Retrieves information about an integration.
Initiates the OAuth registration flow with a third-party provider. Returns a redirect URL and CSRF state token for completing the authorization.
Returns a paginated list of agent space summaries in your account.
Returns a paginated list of application summaries in your account.
Returns a paginated list of artifact summaries for the specified agent space.
Returns a paginated list of code review job summaries for the specified code review configuration.
Returns a paginated list of task summaries for the specified code review job, optionally filtered by step name or category.
Returns a paginated list of code review summaries for the specified agent space.
Returns a paginated list of endpoints discovered during a pentest job execution.
Lists the security findings for a pentest job.
Lists the integrated resources for an agent space, optionally filtered by integration or resource type.
Lists the integrations in your account, optionally filtered by provider or provider type.
Returns a paginated list of membership summaries for the specified agent space within an application.
Returns a paginated list of pentest job summaries for the specified pentest configuration.
Returns a paginated list of task summaries for the specified pentest job, optionally filtered by step name or category.
Returns a paginated list of pentest summaries for the specified agent space.
Returns the tags associated with the specified resource.
Returns a paginated list of target domain summaries in your account.
Initiates code remediation for one or more security findings. This creates pull requests in integrated repositories to fix the identified vulnerabilities.
Starts a new code review job for a code review configuration. The job executes the security-focused code analysis defined in the code review.
Starts a new pentest job for a pentest configuration. The job executes the security tests defined in the pentest.
Stops a running code review job. The job transitions to a stopping state and then to stopped after cleanup completes.
Stops a running pentest job. The job transitions to a stopping state and then to stopped after cleanup completes.
Adds tags to a resource.
Removes tags from a resource.
Updates the configuration of an existing agent space, including its name, description, AWS resources, target domains, and code review settings.
Updates the configuration of an existing application, including the IAM role and default KMS key.
Updates an existing code review configuration.
Updates the status or risk level of a security finding.
Updates the integrated resources for an agent space, including their capabilities.
Updates an existing pentest configuration.
Updates the verification method for a target domain.
Initiates verification of a target domain. This checks whether the domain ownership verification token has been properly configured.
Create a copy of the client with one or more configuration values overridden. This method allows the caller to perform scoped config overrides for one or more client operations.