CodeGuruSecurity **************** Client ====== class CodeGuruSecurity.Client A low-level client representing Amazon CodeGuru Security Note: Amazon CodeGuru Security is in preview release and is subject to change. This section provides documentation for the Amazon CodeGuru Security API operations. CodeGuru Security is a service that uses program analysis and machine learning to detect security policy violations and vulnerabilities, and recommends ways to address these security risks. By proactively detecting and providing recommendations for addressing security risks, CodeGuru Security improves the overall security of your application code. For more information about CodeGuru Security, see the Amazon CodeGuru Security User Guide. import boto3 client = boto3.client('codeguru-security') These are the available methods: * batch_get_findings * can_paginate * close * create_scan * create_upload_url * get_account_configuration * get_findings * get_metrics_summary * get_paginator * get_scan * get_waiter * list_findings_metrics * list_scans * list_tags_for_resource * tag_resource * untag_resource * update_account_configuration Paginators ========== Paginators are available on a client instance via the "get_paginator" method. For more detailed instructions and examples on the usage of paginators, see the paginators user guide. The available paginators are: * GetFindings * ListFindingsMetrics * ListScans CodeGuruSecurity / Paginator / ListScans ListScans ********* class CodeGuruSecurity.Paginator.ListScans paginator = client.get_paginator('list_scans') paginate(**kwargs) Creates an iterator that will paginate through responses from "CodeGuruSecurity.Client.list_scans()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max- items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'summaries': [ { 'createdAt': datetime(2015, 1, 1), 'runId': 'string', 'scanName': 'string', 'scanNameArn': 'string', 'scanState': 'InProgress'|'Successful'|'Failed', 'updatedAt': datetime(2015, 1, 1) }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **summaries** *(list) --* A list of "ScanSummary" objects with information about all scans in an account. * *(dict) --* Information about a scan. * **createdAt** *(datetime) --* The time when the scan was created. * **runId** *(string) --* The identifier for the scan run. * **scanName** *(string) --* The name of the scan. * **scanNameArn** *(string) --* The ARN for the scan name. * **scanState** *(string) --* The state of the scan. A scan can be "In Progress", "Complete", or "Failed". * **updatedAt** *(datetime) --* The time the scan was last updated. A scan is updated when it is re-run. * **NextToken** *(string) --* A token to resume pagination. CodeGuruSecurity / Paginator / GetFindings GetFindings *********** class CodeGuruSecurity.Paginator.GetFindings paginator = client.get_paginator('get_findings') paginate(**kwargs) Creates an iterator that will paginate through responses from "CodeGuruSecurity.Client.get_findings()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( scanName='string', status='Closed'|'Open'|'All', PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **scanName** (*string*) -- **[REQUIRED]** The name of the scan you want to retrieve findings from. * **status** (*string*) -- The status of the findings you want to get. Pass either "Open", "Closed", or "All". * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'findings': [ { 'createdAt': datetime(2015, 1, 1), 'description': 'string', 'detectorId': 'string', 'detectorName': 'string', 'detectorTags': [ 'string', ], 'generatorId': 'string', 'id': 'string', 'remediation': { 'recommendation': { 'text': 'string', 'url': 'string' }, 'suggestedFixes': [ { 'code': 'string', 'description': 'string' }, ] }, 'resource': { 'id': 'string', 'subResourceId': 'string' }, 'ruleId': 'string', 'severity': 'Critical'|'High'|'Medium'|'Low'|'Info', 'status': 'Closed'|'Open'|'All', 'title': 'string', 'type': 'string', 'updatedAt': datetime(2015, 1, 1), 'vulnerability': { 'filePath': { 'codeSnippet': [ { 'content': 'string', 'number': 123 }, ], 'endLine': 123, 'name': 'string', 'path': 'string', 'startLine': 123 }, 'id': 'string', 'itemCount': 123, 'referenceUrls': [ 'string', ], 'relatedVulnerabilities': [ 'string', ] } }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **findings** *(list) --* A list of findings generated by the specified scan. * *(dict) --* Information about a finding that was detected in your code. * **createdAt** *(datetime) --* The time when the finding was created. * **description** *(string) --* A description of the finding. * **detectorId** *(string) --* The identifier for the detector that detected the finding in your code. A detector is a defined rule based on industry standards and AWS best practices. * **detectorName** *(string) --* The name of the detector that identified the security vulnerability in your code. * **detectorTags** *(list) --* One or more tags or categorizations that are associated with a detector. These tags are defined by type, programming language, or other classification such as maintainability or consistency. * *(string) --* * **generatorId** *(string) --* The identifier for the component that generated a finding such as AmazonCodeGuruSecurity. * **id** *(string) --* The identifier for a finding. * **remediation** *(dict) --* An object that contains the details about how to remediate a finding. * **recommendation** *(dict) --* An object that contains information about the recommended course of action to remediate a finding. * **text** *(string) --* The recommended course of action to remediate the finding. * **url** *(string) --* The URL address to the recommendation for remediating the finding. * **suggestedFixes** *(list) --* A list of "SuggestedFix" objects. Each object contains information about a suggested code fix to remediate the finding. * *(dict) --* Information about the suggested code fix to remediate a finding. * **code** *(string) --* The suggested code fix. If applicable, includes code patch to replace your source code. * **description** *(string) --* A description of the suggested code fix and why it is being suggested. * **resource** *(dict) --* The resource where Amazon CodeGuru Security detected a finding. * **id** *(string) --* The "scanName" of the scan that was run on the resource. * **subResourceId** *(string) --* The identifier for a section of the resource. * **ruleId** *(string) --* The identifier for the rule that generated the finding. * **severity** *(string) --* The severity of the finding. Severity can be critical, high, medium, low, or informational. For information on severity levels, see Finding severity in the *Amazon CodeGuru Security User Guide*. * **status** *(string) --* The status of the finding. A finding status can be open or closed. * **title** *(string) --* The title of the finding. * **type** *(string) --* The type of finding. * **updatedAt** *(datetime) --* The time when the finding was last updated. Findings are updated when you remediate them or when the finding code location changes. * **vulnerability** *(dict) --* An object that describes the detected security vulnerability. * **filePath** *(dict) --* An object that describes the location of the detected security vulnerability in your code. * **codeSnippet** *(list) --* A list of "CodeLine" objects that describe where the security vulnerability appears in your code. * *(dict) --* The line of code where a finding was detected. * **content** *(string) --* The code that contains a vulnerability. * **number** *(integer) --* The code line number. * **endLine** *(integer) --* The last line number of the code snippet where the security vulnerability appears in your code. * **name** *(string) --* The name of the file. * **path** *(string) --* The path to the resource with the security vulnerability. * **startLine** *(integer) --* The first line number of the code snippet where the security vulnerability appears in your code. * **id** *(string) --* The identifier for the vulnerability. * **itemCount** *(integer) --* The number of times the vulnerability appears in your code. * **referenceUrls** *(list) --* One or more URL addresses that contain details about a vulnerability. * *(string) --* * **relatedVulnerabilities** *(list) --* One or more vulnerabilities that are related to the vulnerability being described. * *(string) --* * **NextToken** *(string) --* A token to resume pagination. CodeGuruSecurity / Paginator / ListFindingsMetrics ListFindingsMetrics ******************* class CodeGuruSecurity.Paginator.ListFindingsMetrics paginator = client.get_paginator('list_findings_metrics') paginate(**kwargs) Creates an iterator that will paginate through responses from "CodeGuruSecurity.Client.list_findings_metrics()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( endDate=datetime(2015, 1, 1), startDate=datetime(2015, 1, 1), PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **endDate** (*datetime*) -- **[REQUIRED]** The end date of the interval which you want to retrieve metrics from. Round to the nearest day. * **startDate** (*datetime*) -- **[REQUIRED]** The start date of the interval which you want to retrieve metrics from. Rounds to the nearest day. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'findingsMetrics': [ { 'closedFindings': { 'critical': 123.0, 'high': 123.0, 'info': 123.0, 'low': 123.0, 'medium': 123.0 }, 'date': datetime(2015, 1, 1), 'meanTimeToClose': { 'critical': 123.0, 'high': 123.0, 'info': 123.0, 'low': 123.0, 'medium': 123.0 }, 'newFindings': { 'critical': 123.0, 'high': 123.0, 'info': 123.0, 'low': 123.0, 'medium': 123.0 }, 'openFindings': { 'critical': 123.0, 'high': 123.0, 'info': 123.0, 'low': 123.0, 'medium': 123.0 } }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **findingsMetrics** *(list) --* A list of "AccountFindingsMetric" objects retrieved from the specified time interval. * *(dict) --* A summary of findings metrics for an account on a specified date. * **closedFindings** *(dict) --* The number of closed findings of each severity on the specified date. * **critical** *(float) --* A numeric value corresponding to a critical finding. * **high** *(float) --* A numeric value corresponding to a high severity finding. * **info** *(float) --* A numeric value corresponding to an informational finding. * **low** *(float) --* A numeric value corresponding to a low severity finding. * **medium** *(float) --* A numeric value corresponding to a medium severity finding. * **date** *(datetime) --* The date from which the findings metrics were retrieved. * **meanTimeToClose** *(dict) --* The average time in days it takes to close findings of each severity as of a specified date. * **critical** *(float) --* A numeric value corresponding to a critical finding. * **high** *(float) --* A numeric value corresponding to a high severity finding. * **info** *(float) --* A numeric value corresponding to an informational finding. * **low** *(float) --* A numeric value corresponding to a low severity finding. * **medium** *(float) --* A numeric value corresponding to a medium severity finding. * **newFindings** *(dict) --* The number of new findings of each severity on the specified date. * **critical** *(float) --* A numeric value corresponding to a critical finding. * **high** *(float) --* A numeric value corresponding to a high severity finding. * **info** *(float) --* A numeric value corresponding to an informational finding. * **low** *(float) --* A numeric value corresponding to a low severity finding. * **medium** *(float) --* A numeric value corresponding to a medium severity finding. * **openFindings** *(dict) --* The number of open findings of each severity as of the specified date. * **critical** *(float) --* A numeric value corresponding to a critical finding. * **high** *(float) --* A numeric value corresponding to a high severity finding. * **info** *(float) --* A numeric value corresponding to an informational finding. * **low** *(float) --* A numeric value corresponding to a low severity finding. * **medium** *(float) --* A numeric value corresponding to a medium severity finding. * **NextToken** *(string) --* A token to resume pagination. CodeGuruSecurity / Client / get_findings get_findings ************ CodeGuruSecurity.Client.get_findings(**kwargs) Returns a list of all findings generated by a particular scan. See also: AWS API Documentation **Request Syntax** response = client.get_findings( maxResults=123, nextToken='string', scanName='string', status='Closed'|'Open'|'All' ) Parameters: * **maxResults** (*integer*) -- The maximum number of results to return in the response. Use this parameter when paginating results. If additional results exist beyond the number you specify, the "nextToken" element is returned in the response. Use "nextToken" in a subsequent request to retrieve additional results. If not specified, returns 1000 results. * **nextToken** (*string*) -- A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the "nextToken" value returned from the previous request to continue listing results after the first page. * **scanName** (*string*) -- **[REQUIRED]** The name of the scan you want to retrieve findings from. * **status** (*string*) -- The status of the findings you want to get. Pass either "Open", "Closed", or "All". Return type: dict Returns: **Response Syntax** { 'findings': [ { 'createdAt': datetime(2015, 1, 1), 'description': 'string', 'detectorId': 'string', 'detectorName': 'string', 'detectorTags': [ 'string', ], 'generatorId': 'string', 'id': 'string', 'remediation': { 'recommendation': { 'text': 'string', 'url': 'string' }, 'suggestedFixes': [ { 'code': 'string', 'description': 'string' }, ] }, 'resource': { 'id': 'string', 'subResourceId': 'string' }, 'ruleId': 'string', 'severity': 'Critical'|'High'|'Medium'|'Low'|'Info', 'status': 'Closed'|'Open'|'All', 'title': 'string', 'type': 'string', 'updatedAt': datetime(2015, 1, 1), 'vulnerability': { 'filePath': { 'codeSnippet': [ { 'content': 'string', 'number': 123 }, ], 'endLine': 123, 'name': 'string', 'path': 'string', 'startLine': 123 }, 'id': 'string', 'itemCount': 123, 'referenceUrls': [ 'string', ], 'relatedVulnerabilities': [ 'string', ] } }, ], 'nextToken': 'string' } **Response Structure** * *(dict) --* * **findings** *(list) --* A list of findings generated by the specified scan. * *(dict) --* Information about a finding that was detected in your code. * **createdAt** *(datetime) --* The time when the finding was created. * **description** *(string) --* A description of the finding. * **detectorId** *(string) --* The identifier for the detector that detected the finding in your code. A detector is a defined rule based on industry standards and AWS best practices. * **detectorName** *(string) --* The name of the detector that identified the security vulnerability in your code. * **detectorTags** *(list) --* One or more tags or categorizations that are associated with a detector. These tags are defined by type, programming language, or other classification such as maintainability or consistency. * *(string) --* * **generatorId** *(string) --* The identifier for the component that generated a finding such as AmazonCodeGuruSecurity. * **id** *(string) --* The identifier for a finding. * **remediation** *(dict) --* An object that contains the details about how to remediate a finding. * **recommendation** *(dict) --* An object that contains information about the recommended course of action to remediate a finding. * **text** *(string) --* The recommended course of action to remediate the finding. * **url** *(string) --* The URL address to the recommendation for remediating the finding. * **suggestedFixes** *(list) --* A list of "SuggestedFix" objects. Each object contains information about a suggested code fix to remediate the finding. * *(dict) --* Information about the suggested code fix to remediate a finding. * **code** *(string) --* The suggested code fix. If applicable, includes code patch to replace your source code. * **description** *(string) --* A description of the suggested code fix and why it is being suggested. * **resource** *(dict) --* The resource where Amazon CodeGuru Security detected a finding. * **id** *(string) --* The "scanName" of the scan that was run on the resource. * **subResourceId** *(string) --* The identifier for a section of the resource. * **ruleId** *(string) --* The identifier for the rule that generated the finding. * **severity** *(string) --* The severity of the finding. Severity can be critical, high, medium, low, or informational. For information on severity levels, see Finding severity in the *Amazon CodeGuru Security User Guide*. * **status** *(string) --* The status of the finding. A finding status can be open or closed. * **title** *(string) --* The title of the finding. * **type** *(string) --* The type of finding. * **updatedAt** *(datetime) --* The time when the finding was last updated. Findings are updated when you remediate them or when the finding code location changes. * **vulnerability** *(dict) --* An object that describes the detected security vulnerability. * **filePath** *(dict) --* An object that describes the location of the detected security vulnerability in your code. * **codeSnippet** *(list) --* A list of "CodeLine" objects that describe where the security vulnerability appears in your code. * *(dict) --* The line of code where a finding was detected. * **content** *(string) --* The code that contains a vulnerability. * **number** *(integer) --* The code line number. * **endLine** *(integer) --* The last line number of the code snippet where the security vulnerability appears in your code. * **name** *(string) --* The name of the file. * **path** *(string) --* The path to the resource with the security vulnerability. * **startLine** *(integer) --* The first line number of the code snippet where the security vulnerability appears in your code. * **id** *(string) --* The identifier for the vulnerability. * **itemCount** *(integer) --* The number of times the vulnerability appears in your code. * **referenceUrls** *(list) --* One or more URL addresses that contain details about a vulnerability. * *(string) --* * **relatedVulnerabilities** *(list) --* One or more vulnerabilities that are related to the vulnerability being described. * *(string) --* * **nextToken** *(string) --* A pagination token. You can use this in future calls to "GetFindings" to continue listing results after the current page. **Exceptions** * "CodeGuruSecurity.Client.exceptions.InternalServerException" * "CodeGuruSecurity.Client.exceptions.ConflictException" * "CodeGuruSecurity.Client.exceptions.ResourceNotFoundException" * "CodeGuruSecurity.Client.exceptions.ThrottlingException" * "CodeGuruSecurity.Client.exceptions.ValidationException" * "CodeGuruSecurity.Client.exceptions.AccessDeniedException" CodeGuruSecurity / Client / get_paginator get_paginator ************* CodeGuruSecurity.Client.get_paginator(operation_name) Create a paginator for an operation. Parameters: **operation_name** (*string*) -- The operation name. This is the same name as the method name on the client. For example, if the method name is "create_foo", and you'd normally invoke the operation as "client.create_foo(**kwargs)", if the "create_foo" operation can be paginated, you can use the call "client.get_paginator("create_foo")". Raises: **OperationNotPageableError** -- Raised if the operation is not pageable. You can use the "client.can_paginate" method to check if an operation is pageable. Return type: "botocore.paginate.Paginator" Returns: A paginator object. CodeGuruSecurity / Client / can_paginate can_paginate ************ CodeGuruSecurity.Client.can_paginate(operation_name) Check if an operation can be paginated. Parameters: **operation_name** (*string*) -- The operation name. This is the same name as the method name on the client. For example, if the method name is "create_foo", and you'd normally invoke the operation as "client.create_foo(**kwargs)", if the "create_foo" operation can be paginated, you can use the call "client.get_paginator("create_foo")". Returns: "True" if the operation can be paginated, "False" otherwise. CodeGuruSecurity / Client / list_scans list_scans ********** CodeGuruSecurity.Client.list_scans(**kwargs) Returns a list of all scans in an account. Does not return "EXPRESS" scans. See also: AWS API Documentation **Request Syntax** response = client.list_scans( maxResults=123, nextToken='string' ) Parameters: * **maxResults** (*integer*) -- The maximum number of results to return in the response. Use this parameter when paginating results. If additional results exist beyond the number you specify, the "nextToken" element is returned in the response. Use "nextToken" in a subsequent request to retrieve additional results. If not specified, returns 100 results. * **nextToken** (*string*) -- A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the "nextToken" value returned from the previous request to continue listing results after the first page. Return type: dict Returns: **Response Syntax** { 'nextToken': 'string', 'summaries': [ { 'createdAt': datetime(2015, 1, 1), 'runId': 'string', 'scanName': 'string', 'scanNameArn': 'string', 'scanState': 'InProgress'|'Successful'|'Failed', 'updatedAt': datetime(2015, 1, 1) }, ] } **Response Structure** * *(dict) --* * **nextToken** *(string) --* A pagination token. You can use this in future calls to "ListScans" to continue listing results after the current page. * **summaries** *(list) --* A list of "ScanSummary" objects with information about all scans in an account. * *(dict) --* Information about a scan. * **createdAt** *(datetime) --* The time when the scan was created. * **runId** *(string) --* The identifier for the scan run. * **scanName** *(string) --* The name of the scan. * **scanNameArn** *(string) --* The ARN for the scan name. * **scanState** *(string) --* The state of the scan. A scan can be "In Progress", "Complete", or "Failed". * **updatedAt** *(datetime) --* The time the scan was last updated. A scan is updated when it is re-run. **Exceptions** * "CodeGuruSecurity.Client.exceptions.InternalServerException" * "CodeGuruSecurity.Client.exceptions.ThrottlingException" * "CodeGuruSecurity.Client.exceptions.ValidationException" * "CodeGuruSecurity.Client.exceptions.AccessDeniedException" CodeGuruSecurity / Client / update_account_configuration update_account_configuration **************************** CodeGuruSecurity.Client.update_account_configuration(**kwargs) Use to update the encryption configuration for an account. See also: AWS API Documentation **Request Syntax** response = client.update_account_configuration( encryptionConfig={ 'kmsKeyArn': 'string' } ) Parameters: **encryptionConfig** (*dict*) -- **[REQUIRED]** The customer-managed KMS key ARN you want to use for encryption. If not specified, CodeGuru Security will use an AWS-managed key for encryption. If you previously specified a customer-managed KMS key and want CodeGuru Security to use an AWS-managed key for encryption instead, pass nothing. * **kmsKeyArn** *(string) --* The KMS key ARN that is used for encryption. If an AWS-managed key is used for encryption, returns empty. Return type: dict Returns: **Response Syntax** { 'encryptionConfig': { 'kmsKeyArn': 'string' } } **Response Structure** * *(dict) --* * **encryptionConfig** *(dict) --* An "EncryptionConfig" object that contains the KMS key ARN that is used for encryption. If you did not specify a customer-managed KMS key in the request, returns empty. * **kmsKeyArn** *(string) --* The KMS key ARN that is used for encryption. If an AWS- managed key is used for encryption, returns empty. **Exceptions** * "CodeGuruSecurity.Client.exceptions.InternalServerException" * "CodeGuruSecurity.Client.exceptions.ResourceNotFoundException" * "CodeGuruSecurity.Client.exceptions.ThrottlingException" * "CodeGuruSecurity.Client.exceptions.ValidationException" * "CodeGuruSecurity.Client.exceptions.AccessDeniedException" CodeGuruSecurity / Client / list_tags_for_resource list_tags_for_resource ********************** CodeGuruSecurity.Client.list_tags_for_resource(**kwargs) Returns a list of all tags associated with a scan. See also: AWS API Documentation **Request Syntax** response = client.list_tags_for_resource( resourceArn='string' ) Parameters: **resourceArn** (*string*) -- **[REQUIRED]** The ARN of the "ScanName" object. You can retrieve this ARN by calling "CreateScan", "ListScans", or "GetScan". Return type: dict Returns: **Response Syntax** { 'tags': { 'string': 'string' } } **Response Structure** * *(dict) --* * **tags** *(dict) --* An array of key-value pairs used to tag an existing scan. A tag is a custom attribute label with two parts: * A tag key. For example, "CostCenter", "Environment", or "Secret". Tag keys are case sensitive. * An optional tag value field. For example, "111122223333", "Production", or a team name. Omitting the tag value is the same as using an empty string. Tag values are case sensitive. * *(string) --* * *(string) --* **Exceptions** * "CodeGuruSecurity.Client.exceptions.InternalServerException" * "CodeGuruSecurity.Client.exceptions.ConflictException" * "CodeGuruSecurity.Client.exceptions.ResourceNotFoundException" * "CodeGuruSecurity.Client.exceptions.ThrottlingException" * "CodeGuruSecurity.Client.exceptions.ValidationException" * "CodeGuruSecurity.Client.exceptions.AccessDeniedException" CodeGuruSecurity / Client / untag_resource untag_resource ************** CodeGuruSecurity.Client.untag_resource(**kwargs) Use to remove one or more tags from an existing scan. See also: AWS API Documentation **Request Syntax** response = client.untag_resource( resourceArn='string', tagKeys=[ 'string', ] ) Parameters: * **resourceArn** (*string*) -- **[REQUIRED]** The ARN of the "ScanName" object. You can retrieve this ARN by calling "CreateScan", "ListScans", or "GetScan". * **tagKeys** (*list*) -- **[REQUIRED]** A list of keys for each tag you want to remove from a scan. * *(string) --* Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "CodeGuruSecurity.Client.exceptions.InternalServerException" * "CodeGuruSecurity.Client.exceptions.ConflictException" * "CodeGuruSecurity.Client.exceptions.ResourceNotFoundException" * "CodeGuruSecurity.Client.exceptions.ThrottlingException" * "CodeGuruSecurity.Client.exceptions.ValidationException" * "CodeGuruSecurity.Client.exceptions.AccessDeniedException" CodeGuruSecurity / Client / get_waiter get_waiter ********** CodeGuruSecurity.Client.get_waiter(waiter_name) Returns an object that can wait for some condition. Parameters: **waiter_name** (*str*) -- The name of the waiter to get. See the waiters section of the service docs for a list of available waiters. Returns: The specified waiter object. Return type: "botocore.waiter.Waiter" CodeGuruSecurity / Client / create_upload_url create_upload_url ***************** CodeGuruSecurity.Client.create_upload_url(**kwargs) Generates a pre-signed URL, request headers used to upload a code resource, and code artifact identifier for the uploaded resource. You can upload your code resource to the URL with the request headers using any HTTP client. See also: AWS API Documentation **Request Syntax** response = client.create_upload_url( scanName='string' ) Parameters: **scanName** (*string*) -- **[REQUIRED]** The name of the scan that will use the uploaded resource. CodeGuru Security uses the unique scan name to track revisions across multiple scans of the same resource. Use this "scanName" when you call "CreateScan" on the code resource you upload to this URL. Return type: dict Returns: **Response Syntax** { 'codeArtifactId': 'string', 'requestHeaders': { 'string': 'string' }, 's3Url': 'string' } **Response Structure** * *(dict) --* * **codeArtifactId** *(string) --* The identifier for the uploaded code resource. Pass this to "CreateScan" to use the uploaded resources. * **requestHeaders** *(dict) --* A set of key-value pairs that contain the required headers when uploading your resource. * *(string) --* * *(string) --* * **s3Url** *(string) --* A pre-signed S3 URL. You can upload the code file you want to scan with the required "requestHeaders" using any HTTP client. **Exceptions** * "CodeGuruSecurity.Client.exceptions.InternalServerException" * "CodeGuruSecurity.Client.exceptions.ThrottlingException" * "CodeGuruSecurity.Client.exceptions.ValidationException" * "CodeGuruSecurity.Client.exceptions.AccessDeniedException" CodeGuruSecurity / Client / get_scan get_scan ******** CodeGuruSecurity.Client.get_scan(**kwargs) Returns details about a scan, including whether or not a scan has completed. See also: AWS API Documentation **Request Syntax** response = client.get_scan( runId='string', scanName='string' ) Parameters: * **runId** (*string*) -- UUID that identifies the individual scan run you want to view details about. You retrieve this when you call the "CreateScan" operation. Defaults to the latest scan run if missing. * **scanName** (*string*) -- **[REQUIRED]** The name of the scan you want to view details about. Return type: dict Returns: **Response Syntax** { 'analysisType': 'Security'|'All', 'createdAt': datetime(2015, 1, 1), 'errorMessage': 'string', 'numberOfRevisions': 123, 'runId': 'string', 'scanName': 'string', 'scanNameArn': 'string', 'scanState': 'InProgress'|'Successful'|'Failed', 'updatedAt': datetime(2015, 1, 1) } **Response Structure** * *(dict) --* * **analysisType** *(string) --* The type of analysis CodeGuru Security performed in the scan, either "Security" or "All". The "Security" type only generates findings related to security. The "All" type generates both security findings and quality findings. * **createdAt** *(datetime) --* The time the scan was created. * **errorMessage** *(string) --* Details about the error that causes a scan to fail to be retrieved. * **numberOfRevisions** *(integer) --* The number of times a scan has been re-run on a revised resource. * **runId** *(string) --* UUID that identifies the individual scan run. * **scanName** *(string) --* The name of the scan. * **scanNameArn** *(string) --* The ARN for the scan name. * **scanState** *(string) --* The current state of the scan. Returns either "InProgress", "Successful", or "Failed". * **updatedAt** *(datetime) --* The time when the scan was last updated. Only available for "STANDARD" scan types. **Exceptions** * "CodeGuruSecurity.Client.exceptions.InternalServerException" * "CodeGuruSecurity.Client.exceptions.ResourceNotFoundException" * "CodeGuruSecurity.Client.exceptions.ThrottlingException" * "CodeGuruSecurity.Client.exceptions.ValidationException" * "CodeGuruSecurity.Client.exceptions.AccessDeniedException" CodeGuruSecurity / Client / get_account_configuration get_account_configuration ************************* CodeGuruSecurity.Client.get_account_configuration() Use to get the encryption configuration for an account. See also: AWS API Documentation **Request Syntax** response = client.get_account_configuration() Return type: dict Returns: **Response Syntax** { 'encryptionConfig': { 'kmsKeyArn': 'string' } } **Response Structure** * *(dict) --* * **encryptionConfig** *(dict) --* An "EncryptionConfig" object that contains the KMS key ARN that is used for encryption. By default, CodeGuru Security uses an AWS-managed key for encryption. To specify your own key, call "UpdateAccountConfiguration". If you do not specify a customer-managed key, returns empty. * **kmsKeyArn** *(string) --* The KMS key ARN that is used for encryption. If an AWS- managed key is used for encryption, returns empty. **Exceptions** * "CodeGuruSecurity.Client.exceptions.InternalServerException" * "CodeGuruSecurity.Client.exceptions.ThrottlingException" * "CodeGuruSecurity.Client.exceptions.ValidationException" * "CodeGuruSecurity.Client.exceptions.AccessDeniedException" CodeGuruSecurity / Client / close close ***** CodeGuruSecurity.Client.close() Closes underlying endpoint connections. CodeGuruSecurity / Client / batch_get_findings batch_get_findings ****************** CodeGuruSecurity.Client.batch_get_findings(**kwargs) Returns a list of requested findings from standard scans. See also: AWS API Documentation **Request Syntax** response = client.batch_get_findings( findingIdentifiers=[ { 'findingId': 'string', 'scanName': 'string' }, ] ) Parameters: **findingIdentifiers** (*list*) -- **[REQUIRED]** A list of finding identifiers. Each identifier consists of a "scanName" and a "findingId". You retrieve the "findingId" when you call "GetFindings". * *(dict) --* An object that contains information about a finding and the scan that generated it. * **findingId** *(string) --* **[REQUIRED]** The identifier for a finding. * **scanName** *(string) --* **[REQUIRED]** The name of the scan that generated the finding. Return type: dict Returns: **Response Syntax** { 'failedFindings': [ { 'errorCode': 'DUPLICATE_IDENTIFIER'|'ITEM_DOES_NOT_EXIST'|'INTERNAL_ERROR'|'INVALID_FINDING_ID'|'INVALID_SCAN_NAME', 'findingId': 'string', 'message': 'string', 'scanName': 'string' }, ], 'findings': [ { 'createdAt': datetime(2015, 1, 1), 'description': 'string', 'detectorId': 'string', 'detectorName': 'string', 'detectorTags': [ 'string', ], 'generatorId': 'string', 'id': 'string', 'remediation': { 'recommendation': { 'text': 'string', 'url': 'string' }, 'suggestedFixes': [ { 'code': 'string', 'description': 'string' }, ] }, 'resource': { 'id': 'string', 'subResourceId': 'string' }, 'ruleId': 'string', 'severity': 'Critical'|'High'|'Medium'|'Low'|'Info', 'status': 'Closed'|'Open'|'All', 'title': 'string', 'type': 'string', 'updatedAt': datetime(2015, 1, 1), 'vulnerability': { 'filePath': { 'codeSnippet': [ { 'content': 'string', 'number': 123 }, ], 'endLine': 123, 'name': 'string', 'path': 'string', 'startLine': 123 }, 'id': 'string', 'itemCount': 123, 'referenceUrls': [ 'string', ], 'relatedVulnerabilities': [ 'string', ] } }, ] } **Response Structure** * *(dict) --* * **failedFindings** *(list) --* A list of errors for individual findings which were not fetched. Each BatchGetFindingsError contains the "scanName", "findingId", "errorCode" and error "message". * *(dict) --* Contains information about the error that caused a finding to fail to be retrieved. * **errorCode** *(string) --* A code associated with the type of error. * **findingId** *(string) --* The finding ID of the finding that was not fetched. * **message** *(string) --* Describes the error. * **scanName** *(string) --* The name of the scan that generated the finding. * **findings** *(list) --* A list of all findings which were successfully fetched. * *(dict) --* Information about a finding that was detected in your code. * **createdAt** *(datetime) --* The time when the finding was created. * **description** *(string) --* A description of the finding. * **detectorId** *(string) --* The identifier for the detector that detected the finding in your code. A detector is a defined rule based on industry standards and AWS best practices. * **detectorName** *(string) --* The name of the detector that identified the security vulnerability in your code. * **detectorTags** *(list) --* One or more tags or categorizations that are associated with a detector. These tags are defined by type, programming language, or other classification such as maintainability or consistency. * *(string) --* * **generatorId** *(string) --* The identifier for the component that generated a finding such as AmazonCodeGuruSecurity. * **id** *(string) --* The identifier for a finding. * **remediation** *(dict) --* An object that contains the details about how to remediate a finding. * **recommendation** *(dict) --* An object that contains information about the recommended course of action to remediate a finding. * **text** *(string) --* The recommended course of action to remediate the finding. * **url** *(string) --* The URL address to the recommendation for remediating the finding. * **suggestedFixes** *(list) --* A list of "SuggestedFix" objects. Each object contains information about a suggested code fix to remediate the finding. * *(dict) --* Information about the suggested code fix to remediate a finding. * **code** *(string) --* The suggested code fix. If applicable, includes code patch to replace your source code. * **description** *(string) --* A description of the suggested code fix and why it is being suggested. * **resource** *(dict) --* The resource where Amazon CodeGuru Security detected a finding. * **id** *(string) --* The "scanName" of the scan that was run on the resource. * **subResourceId** *(string) --* The identifier for a section of the resource. * **ruleId** *(string) --* The identifier for the rule that generated the finding. * **severity** *(string) --* The severity of the finding. Severity can be critical, high, medium, low, or informational. For information on severity levels, see Finding severity in the *Amazon CodeGuru Security User Guide*. * **status** *(string) --* The status of the finding. A finding status can be open or closed. * **title** *(string) --* The title of the finding. * **type** *(string) --* The type of finding. * **updatedAt** *(datetime) --* The time when the finding was last updated. Findings are updated when you remediate them or when the finding code location changes. * **vulnerability** *(dict) --* An object that describes the detected security vulnerability. * **filePath** *(dict) --* An object that describes the location of the detected security vulnerability in your code. * **codeSnippet** *(list) --* A list of "CodeLine" objects that describe where the security vulnerability appears in your code. * *(dict) --* The line of code where a finding was detected. * **content** *(string) --* The code that contains a vulnerability. * **number** *(integer) --* The code line number. * **endLine** *(integer) --* The last line number of the code snippet where the security vulnerability appears in your code. * **name** *(string) --* The name of the file. * **path** *(string) --* The path to the resource with the security vulnerability. * **startLine** *(integer) --* The first line number of the code snippet where the security vulnerability appears in your code. * **id** *(string) --* The identifier for the vulnerability. * **itemCount** *(integer) --* The number of times the vulnerability appears in your code. * **referenceUrls** *(list) --* One or more URL addresses that contain details about a vulnerability. * *(string) --* * **relatedVulnerabilities** *(list) --* One or more vulnerabilities that are related to the vulnerability being described. * *(string) --* **Exceptions** * "CodeGuruSecurity.Client.exceptions.InternalServerException" * "CodeGuruSecurity.Client.exceptions.ThrottlingException" * "CodeGuruSecurity.Client.exceptions.ValidationException" * "CodeGuruSecurity.Client.exceptions.AccessDeniedException" CodeGuruSecurity / Client / create_scan create_scan *********** CodeGuruSecurity.Client.create_scan(**kwargs) Use to create a scan using code uploaded to an Amazon S3 bucket. See also: AWS API Documentation **Request Syntax** response = client.create_scan( analysisType='Security'|'All', clientToken='string', resourceId={ 'codeArtifactId': 'string' }, scanName='string', scanType='Standard'|'Express', tags={ 'string': 'string' } ) Parameters: * **analysisType** (*string*) -- The type of analysis you want CodeGuru Security to perform in the scan, either "Security" or "All". The "Security" type only generates findings related to security. The "All" type generates both security findings and quality findings. Defaults to "Security" type if missing. * **clientToken** (*string*) -- The idempotency token for the request. Amazon CodeGuru Security uses this value to prevent the accidental creation of duplicate scans if there are failures and retries. This field is autopopulated if not provided. * **resourceId** (*dict*) -- **[REQUIRED]** The identifier for the resource object to be scanned. Note: This is a Tagged Union structure. Only one of the following top level keys can be set: "codeArtifactId". * **codeArtifactId** *(string) --* The identifier for the code file uploaded to the resource object. Returned by "CreateUploadUrl" when you upload resources to be scanned. * **scanName** (*string*) -- **[REQUIRED]** The unique name that CodeGuru Security uses to track revisions across multiple scans of the same resource. Only allowed for a "STANDARD" scan type. * **scanType** (*string*) -- The type of scan, either "Standard" or "Express". Defaults to "Standard" type if missing. "Express" scans run on limited resources and use a limited set of detectors to analyze your code in near-real time. "Standard" scans have standard resource limits and use the full set of detectors to analyze your code. * **tags** (*dict*) -- An array of key-value pairs used to tag a scan. A tag is a custom attribute label with two parts: * A tag key. For example, "CostCenter", "Environment", or "Secret". Tag keys are case sensitive. * An optional tag value field. For example, "111122223333", "Production", or a team name. Omitting the tag value is the same as using an empty string. Tag values are case sensitive. * *(string) --* * *(string) --* Return type: dict Returns: **Response Syntax** { 'resourceId': { 'codeArtifactId': 'string' }, 'runId': 'string', 'scanName': 'string', 'scanNameArn': 'string', 'scanState': 'InProgress'|'Successful'|'Failed' } **Response Structure** * *(dict) --* * **resourceId** *(dict) --* The identifier for the resource object that contains resources that were scanned. Note: This is a Tagged Union structure. Only one of the following top level keys will be set: "codeArtifactId". If a client receives an unknown member it will set "SDK_UNKNOWN_MEMBER" as the top level key, which maps to the name or tag of the unknown member. The structure of "SDK_UNKNOWN_MEMBER" is as follows: 'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'} * **codeArtifactId** *(string) --* The identifier for the code file uploaded to the resource object. Returned by "CreateUploadUrl" when you upload resources to be scanned. * **runId** *(string) --* UUID that identifies the individual scan run. * **scanName** *(string) --* The name of the scan. * **scanNameArn** *(string) --* The ARN for the scan name. * **scanState** *(string) --* The current state of the scan. Returns either "InProgress", "Successful", or "Failed". **Exceptions** * "CodeGuruSecurity.Client.exceptions.InternalServerException" * "CodeGuruSecurity.Client.exceptions.ConflictException" * "CodeGuruSecurity.Client.exceptions.ResourceNotFoundException" * "CodeGuruSecurity.Client.exceptions.ThrottlingException" * "CodeGuruSecurity.Client.exceptions.ValidationException" * "CodeGuruSecurity.Client.exceptions.AccessDeniedException" CodeGuruSecurity / Client / tag_resource tag_resource ************ CodeGuruSecurity.Client.tag_resource(**kwargs) Use to add one or more tags to an existing scan. See also: AWS API Documentation **Request Syntax** response = client.tag_resource( resourceArn='string', tags={ 'string': 'string' } ) Parameters: * **resourceArn** (*string*) -- **[REQUIRED]** The ARN of the "ScanName" object. You can retrieve this ARN by calling "CreateScan", "ListScans", or "GetScan". * **tags** (*dict*) -- **[REQUIRED]** An array of key-value pairs used to tag an existing scan. A tag is a custom attribute label with two parts: * A tag key. For example, "CostCenter", "Environment", or "Secret". Tag keys are case sensitive. * An optional tag value field. For example, "111122223333", "Production", or a team name. Omitting the tag value is the same as using an empty string. Tag values are case sensitive. * *(string) --* * *(string) --* Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "CodeGuruSecurity.Client.exceptions.InternalServerException" * "CodeGuruSecurity.Client.exceptions.ConflictException" * "CodeGuruSecurity.Client.exceptions.ResourceNotFoundException" * "CodeGuruSecurity.Client.exceptions.ThrottlingException" * "CodeGuruSecurity.Client.exceptions.ValidationException" * "CodeGuruSecurity.Client.exceptions.AccessDeniedException" CodeGuruSecurity / Client / get_metrics_summary get_metrics_summary ******************* CodeGuruSecurity.Client.get_metrics_summary(**kwargs) Returns a summary of metrics for an account from a specified date, including number of open findings, the categories with most findings, the scans with most open findings, and scans with most open critical findings. See also: AWS API Documentation **Request Syntax** response = client.get_metrics_summary( date=datetime(2015, 1, 1) ) Parameters: **date** (*datetime*) -- **[REQUIRED]** The date you want to retrieve summary metrics from, rounded to the nearest day. The date must be within the past two years. Return type: dict Returns: **Response Syntax** { 'metricsSummary': { 'categoriesWithMostFindings': [ { 'categoryName': 'string', 'findingNumber': 123 }, ], 'date': datetime(2015, 1, 1), 'openFindings': { 'critical': 123.0, 'high': 123.0, 'info': 123.0, 'low': 123.0, 'medium': 123.0 }, 'scansWithMostOpenCriticalFindings': [ { 'findingNumber': 123, 'scanName': 'string' }, ], 'scansWithMostOpenFindings': [ { 'findingNumber': 123, 'scanName': 'string' }, ] } } **Response Structure** * *(dict) --* * **metricsSummary** *(dict) --* The summary metrics from the specified date. * **categoriesWithMostFindings** *(list) --* A list of "CategoryWithFindingNum" objects for the top 5 finding categories with the most findings. * *(dict) --* Information about a finding category with open findings. * **categoryName** *(string) --* The name of the finding category. A finding category is determined by the detector that detected the finding. * **findingNumber** *(integer) --* The number of open findings in the category. * **date** *(datetime) --* The date from which the metrics summary information was retrieved. * **openFindings** *(dict) --* The number of open findings of each severity. * **critical** *(float) --* A numeric value corresponding to a critical finding. * **high** *(float) --* A numeric value corresponding to a high severity finding. * **info** *(float) --* A numeric value corresponding to an informational finding. * **low** *(float) --* A numeric value corresponding to a low severity finding. * **medium** *(float) --* A numeric value corresponding to a medium severity finding. * **scansWithMostOpenCriticalFindings** *(list) --* A list of "ScanNameWithFindingNum" objects for the top 3 scans with the most number of open critical findings. * *(dict) --* Information about the number of findings generated by a scan. * **findingNumber** *(integer) --* The number of findings generated by a scan. * **scanName** *(string) --* The name of the scan. * **scansWithMostOpenFindings** *(list) --* A list of "ScanNameWithFindingNum" objects for the top 3 scans with the most number of open findings. * *(dict) --* Information about the number of findings generated by a scan. * **findingNumber** *(integer) --* The number of findings generated by a scan. * **scanName** *(string) --* The name of the scan. **Exceptions** * "CodeGuruSecurity.Client.exceptions.InternalServerException" * "CodeGuruSecurity.Client.exceptions.ThrottlingException" * "CodeGuruSecurity.Client.exceptions.ValidationException" * "CodeGuruSecurity.Client.exceptions.AccessDeniedException" CodeGuruSecurity / Client / list_findings_metrics list_findings_metrics ********************* CodeGuruSecurity.Client.list_findings_metrics(**kwargs) Returns metrics about all findings in an account within a specified time range. See also: AWS API Documentation **Request Syntax** response = client.list_findings_metrics( endDate=datetime(2015, 1, 1), maxResults=123, nextToken='string', startDate=datetime(2015, 1, 1) ) Parameters: * **endDate** (*datetime*) -- **[REQUIRED]** The end date of the interval which you want to retrieve metrics from. Round to the nearest day. * **maxResults** (*integer*) -- The maximum number of results to return in the response. Use this parameter when paginating results. If additional results exist beyond the number you specify, the "nextToken" element is returned in the response. Use "nextToken" in a subsequent request to retrieve additional results. If not specified, returns 1000 results. * **nextToken** (*string*) -- A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the "nextToken" value returned from the previous request to continue listing results after the first page. * **startDate** (*datetime*) -- **[REQUIRED]** The start date of the interval which you want to retrieve metrics from. Rounds to the nearest day. Return type: dict Returns: **Response Syntax** { 'findingsMetrics': [ { 'closedFindings': { 'critical': 123.0, 'high': 123.0, 'info': 123.0, 'low': 123.0, 'medium': 123.0 }, 'date': datetime(2015, 1, 1), 'meanTimeToClose': { 'critical': 123.0, 'high': 123.0, 'info': 123.0, 'low': 123.0, 'medium': 123.0 }, 'newFindings': { 'critical': 123.0, 'high': 123.0, 'info': 123.0, 'low': 123.0, 'medium': 123.0 }, 'openFindings': { 'critical': 123.0, 'high': 123.0, 'info': 123.0, 'low': 123.0, 'medium': 123.0 } }, ], 'nextToken': 'string' } **Response Structure** * *(dict) --* * **findingsMetrics** *(list) --* A list of "AccountFindingsMetric" objects retrieved from the specified time interval. * *(dict) --* A summary of findings metrics for an account on a specified date. * **closedFindings** *(dict) --* The number of closed findings of each severity on the specified date. * **critical** *(float) --* A numeric value corresponding to a critical finding. * **high** *(float) --* A numeric value corresponding to a high severity finding. * **info** *(float) --* A numeric value corresponding to an informational finding. * **low** *(float) --* A numeric value corresponding to a low severity finding. * **medium** *(float) --* A numeric value corresponding to a medium severity finding. * **date** *(datetime) --* The date from which the findings metrics were retrieved. * **meanTimeToClose** *(dict) --* The average time in days it takes to close findings of each severity as of a specified date. * **critical** *(float) --* A numeric value corresponding to a critical finding. * **high** *(float) --* A numeric value corresponding to a high severity finding. * **info** *(float) --* A numeric value corresponding to an informational finding. * **low** *(float) --* A numeric value corresponding to a low severity finding. * **medium** *(float) --* A numeric value corresponding to a medium severity finding. * **newFindings** *(dict) --* The number of new findings of each severity on the specified date. * **critical** *(float) --* A numeric value corresponding to a critical finding. * **high** *(float) --* A numeric value corresponding to a high severity finding. * **info** *(float) --* A numeric value corresponding to an informational finding. * **low** *(float) --* A numeric value corresponding to a low severity finding. * **medium** *(float) --* A numeric value corresponding to a medium severity finding. * **openFindings** *(dict) --* The number of open findings of each severity as of the specified date. * **critical** *(float) --* A numeric value corresponding to a critical finding. * **high** *(float) --* A numeric value corresponding to a high severity finding. * **info** *(float) --* A numeric value corresponding to an informational finding. * **low** *(float) --* A numeric value corresponding to a low severity finding. * **medium** *(float) --* A numeric value corresponding to a medium severity finding. * **nextToken** *(string) --* A pagination token. You can use this in future calls to "ListFindingMetrics" to continue listing results after the current page. **Exceptions** * "CodeGuruSecurity.Client.exceptions.InternalServerException" * "CodeGuruSecurity.Client.exceptions.ThrottlingException" * "CodeGuruSecurity.Client.exceptions.ValidationException" * "CodeGuruSecurity.Client.exceptions.AccessDeniedException"