Inspector2 ********** Client ====== class Inspector2.Client A low-level client representing Inspector2 Amazon Inspector is a vulnerability discovery service that automates continuous scanning for security vulnerabilities within your Amazon EC2, Amazon ECR, and Amazon Web Services Lambda environments. import boto3 client = boto3.client('inspector2') These are the available methods: * associate_member * batch_associate_code_security_scan_configuration * batch_disassociate_code_security_scan_configuration * batch_get_account_status * batch_get_code_snippet * batch_get_finding_details * batch_get_free_trial_info * batch_get_member_ec2_deep_inspection_status * batch_update_member_ec2_deep_inspection_status * can_paginate * cancel_findings_report * cancel_sbom_export * close * create_cis_scan_configuration * create_code_security_integration * create_code_security_scan_configuration * create_filter * create_findings_report * create_sbom_export * delete_cis_scan_configuration * delete_code_security_integration * delete_code_security_scan_configuration * delete_filter * describe_organization_configuration * disable * disable_delegated_admin_account * disassociate_member * enable * enable_delegated_admin_account * get_cis_scan_report * get_cis_scan_result_details * get_clusters_for_image * get_code_security_integration * get_code_security_scan * get_code_security_scan_configuration * get_configuration * get_delegated_admin_account * get_ec2_deep_inspection_configuration * get_encryption_key * get_findings_report_status * get_member * get_paginator * get_sbom_export * get_waiter * list_account_permissions * list_cis_scan_configurations * list_cis_scan_results_aggregated_by_checks * list_cis_scan_results_aggregated_by_target_resource * list_cis_scans * list_code_security_integrations * list_code_security_scan_configuration_associations * list_code_security_scan_configurations * list_coverage * list_coverage_statistics * list_delegated_admin_accounts * list_filters * list_finding_aggregations * list_findings * list_members * list_tags_for_resource * list_usage_totals * reset_encryption_key * search_vulnerabilities * send_cis_session_health * send_cis_session_telemetry * start_cis_session * start_code_security_scan * stop_cis_session * tag_resource * untag_resource * update_cis_scan_configuration * update_code_security_integration * update_code_security_scan_configuration * update_configuration * update_ec2_deep_inspection_configuration * update_encryption_key * update_filter * update_org_ec2_deep_inspection_configuration * update_organization_configuration Paginators ========== Paginators are available on a client instance via the "get_paginator" method. For more detailed instructions and examples on the usage of paginators, see the paginators user guide. The available paginators are: * GetCisScanResultDetails * GetClustersForImage * ListAccountPermissions * ListCisScanConfigurations * ListCisScanResultsAggregatedByChecks * ListCisScanResultsAggregatedByTargetResource * ListCisScans * ListCoverage * ListCoverageStatistics * ListDelegatedAdminAccounts * ListFilters * ListFindingAggregations * ListFindings * ListMembers * ListUsageTotals * SearchVulnerabilities Inspector2 / Paginator / GetCisScanResultDetails GetCisScanResultDetails *********************** class Inspector2.Paginator.GetCisScanResultDetails paginator = client.get_paginator('get_cis_scan_result_details') paginate(**kwargs) Creates an iterator that will paginate through responses from "Inspector2.Client.get_cis_scan_result_details()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( scanArn='string', targetResourceId='string', accountId='string', filterCriteria={ 'findingStatusFilters': [ { 'comparison': 'EQUALS', 'value': 'PASSED'|'FAILED'|'SKIPPED' }, ], 'checkIdFilters': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'titleFilters': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'securityLevelFilters': [ { 'comparison': 'EQUALS', 'value': 'LEVEL_1'|'LEVEL_2' }, ], 'findingArnFilters': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ] }, sortBy='CHECK_ID'|'STATUS', sortOrder='ASC'|'DESC', PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **scanArn** (*string*) -- **[REQUIRED]** The scan ARN. * **targetResourceId** (*string*) -- **[REQUIRED]** The target resource ID. * **accountId** (*string*) -- **[REQUIRED]** The account ID. * **filterCriteria** (*dict*) -- The filter criteria. * **findingStatusFilters** *(list) --* The criteria's finding status filters. * *(dict) --* The CIS finding status filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS finding status filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS finding status filter. * **checkIdFilters** *(list) --* The criteria's check ID filters. * *(dict) --* The CIS string filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS string filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS string filter. * **titleFilters** *(list) --* The criteria's title filters. * *(dict) --* The CIS string filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS string filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS string filter. * **securityLevelFilters** *(list) --* The criteria's security level filters. . Security level refers to the Benchmark levels that CIS assigns to a profile. * *(dict) --* The CIS security level filter. Security level refers to the Benchmark levels that CIS assigns to a profile. * **comparison** *(string) --* **[REQUIRED]** The CIS security filter comparison value. * **value** *(string) --* **[REQUIRED]** The CIS security filter value. * **findingArnFilters** *(list) --* The criteria's finding ARN filters. * *(dict) --* The CIS string filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS string filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS string filter. * **sortBy** (*string*) -- The sort by order. * **sortOrder** (*string*) -- The sort order. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'scanResultDetails': [ { 'scanArn': 'string', 'accountId': 'string', 'targetResourceId': 'string', 'platform': 'string', 'status': 'PASSED'|'FAILED'|'SKIPPED', 'statusReason': 'string', 'checkId': 'string', 'title': 'string', 'checkDescription': 'string', 'remediation': 'string', 'level': 'LEVEL_1'|'LEVEL_2', 'findingArn': 'string' }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **scanResultDetails** *(list) --* The scan result details. * *(dict) --* The CIS scan result details. * **scanArn** *(string) --* The CIS scan result details' scan ARN. * **accountId** *(string) --* The CIS scan result details' account ID. * **targetResourceId** *(string) --* The CIS scan result details' target resource ID. * **platform** *(string) --* The CIS scan result details' platform. * **status** *(string) --* The CIS scan result details' status. * **statusReason** *(string) --* The CIS scan result details' status reason. * **checkId** *(string) --* The CIS scan result details' check ID. * **title** *(string) --* The CIS scan result details' title. * **checkDescription** *(string) --* The account ID that's associated with the CIS scan result details. * **remediation** *(string) --* The CIS scan result details' remediation. * **level** *(string) --* The CIS scan result details' level. * **findingArn** *(string) --* The CIS scan result details' finding ARN. * **NextToken** *(string) --* A token to resume pagination. Inspector2 / Paginator / ListCisScans ListCisScans ************ class Inspector2.Paginator.ListCisScans paginator = client.get_paginator('list_cis_scans') paginate(**kwargs) Creates an iterator that will paginate through responses from "Inspector2.Client.list_cis_scans()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( filterCriteria={ 'scanNameFilters': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'targetResourceTagFilters': [ { 'comparison': 'EQUALS', 'key': 'string', 'value': 'string' }, ], 'targetResourceIdFilters': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'scanStatusFilters': [ { 'comparison': 'EQUALS', 'value': 'FAILED'|'COMPLETED'|'CANCELLED'|'IN_PROGRESS' }, ], 'scanAtFilters': [ { 'earliestScanStartTime': datetime(2015, 1, 1), 'latestScanStartTime': datetime(2015, 1, 1) }, ], 'scanConfigurationArnFilters': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'scanArnFilters': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'scheduledByFilters': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'failedChecksFilters': [ { 'upperInclusive': 123, 'lowerInclusive': 123 }, ], 'targetAccountIdFilters': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ] }, detailLevel='ORGANIZATION'|'MEMBER', sortBy='STATUS'|'SCHEDULED_BY'|'SCAN_START_DATE'|'FAILED_CHECKS', sortOrder='ASC'|'DESC', PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **filterCriteria** (*dict*) -- The CIS scan filter criteria. * **scanNameFilters** *(list) --* The list of scan name filters. * *(dict) --* The CIS string filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS string filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS string filter. * **targetResourceTagFilters** *(list) --* The list of target resource tag filters. * *(dict) --* The tag filter. * **comparison** *(string) --* **[REQUIRED]** The tag filter comparison value. * **key** *(string) --* **[REQUIRED]** The tag filter key. * **value** *(string) --* **[REQUIRED]** The tag filter value. * **targetResourceIdFilters** *(list) --* The list of target resource ID filters. * *(dict) --* The CIS string filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS string filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS string filter. * **scanStatusFilters** *(list) --* The list of scan status filters. * *(dict) --* The CIS scan status filter. * **comparison** *(string) --* **[REQUIRED]** The filter comparison value. * **value** *(string) --* **[REQUIRED]** The filter value. * **scanAtFilters** *(list) --* The list of scan at filters. * *(dict) --* The CIS date filter. * **earliestScanStartTime** *(datetime) --* The CIS date filter's earliest scan start time. * **latestScanStartTime** *(datetime) --* The CIS date filter's latest scan start time. * **scanConfigurationArnFilters** *(list) --* The list of scan configuration ARN filters. * *(dict) --* The CIS string filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS string filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS string filter. * **scanArnFilters** *(list) --* The list of scan ARN filters. * *(dict) --* The CIS string filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS string filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS string filter. * **scheduledByFilters** *(list) --* The list of scheduled by filters. * *(dict) --* The CIS string filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS string filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS string filter. * **failedChecksFilters** *(list) --* The list of failed checks filters. * *(dict) --* The CIS number filter. * **upperInclusive** *(integer) --* The CIS number filter's upper inclusive. * **lowerInclusive** *(integer) --* The CIS number filter's lower inclusive. * **targetAccountIdFilters** *(list) --* The list of target account ID filters. * *(dict) --* The CIS string filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS string filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS string filter. * **detailLevel** (*string*) -- The detail applied to the CIS scan. * **sortBy** (*string*) -- The CIS scans sort by order. * **sortOrder** (*string*) -- The CIS scans sort order. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'scans': [ { 'scanArn': 'string', 'scanConfigurationArn': 'string', 'status': 'FAILED'|'COMPLETED'|'CANCELLED'|'IN_PROGRESS', 'scanName': 'string', 'scanDate': datetime(2015, 1, 1), 'failedChecks': 123, 'totalChecks': 123, 'targets': { 'accountIds': [ 'string', ], 'targetResourceTags': { 'string': [ 'string', ] } }, 'scheduledBy': 'string', 'securityLevel': 'LEVEL_1'|'LEVEL_2' }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **scans** *(list) --* The CIS scans. * *(dict) --* The CIS scan. * **scanArn** *(string) --* The CIS scan's ARN. * **scanConfigurationArn** *(string) --* The CIS scan's configuration ARN. * **status** *(string) --* The CIS scan's status. * **scanName** *(string) --* The the name of the scan configuration that's associated with this scan. * **scanDate** *(datetime) --* The CIS scan's date. * **failedChecks** *(integer) --* The CIS scan's failed checks. * **totalChecks** *(integer) --* The CIS scan's total checks. * **targets** *(dict) --* The CIS scan's targets. * **accountIds** *(list) --* The CIS target account ids. * *(string) --* * **targetResourceTags** *(dict) --* The CIS target resource tags. * *(string) --* * *(list) --* * *(string) --* * **scheduledBy** *(string) --* The account or organization that schedules the CIS scan. * **securityLevel** *(string) --* The security level for the CIS scan. Security level refers to the Benchmark levels that CIS assigns to a profile. * **NextToken** *(string) --* A token to resume pagination. Inspector2 / Paginator / ListUsageTotals ListUsageTotals *************** class Inspector2.Paginator.ListUsageTotals paginator = client.get_paginator('list_usage_totals') paginate(**kwargs) Creates an iterator that will paginate through responses from "Inspector2.Client.list_usage_totals()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( accountIds=[ 'string', ], PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **accountIds** (*list*) -- The Amazon Web Services account IDs to retrieve usage totals for. * *(string) --* * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'totals': [ { 'accountId': 'string', 'usage': [ { 'type': 'EC2_INSTANCE_HOURS'|'ECR_INITIAL_SCAN'|'ECR_RESCAN'|'LAMBDA_FUNCTION_HOURS'|'LAMBDA_FUNCTION_CODE_HOURS'|'CODE_REPOSITORY_SAST'|'CODE_REPOSITORY_IAC'|'CODE_REPOSITORY_SCA'|'EC2_AGENTLESS_INSTANCE_HOURS', 'total': 123.0, 'estimatedMonthlyCost': 123.0, 'currency': 'USD' }, ] }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **totals** *(list) --* An object with details on the total usage for the requested account. * *(dict) --* The total of usage for an account ID. * **accountId** *(string) --* The account ID of the account that usage data was retrieved for. * **usage** *(list) --* An object representing the total usage for an account. * *(dict) --* Contains usage information about the cost of Amazon Inspector operation. * **type** *(string) --* The type scan. * **total** *(float) --* The total of usage. * **estimatedMonthlyCost** *(float) --* The estimated monthly cost of Amazon Inspector. * **currency** *(string) --* The currency type used when calculating usage data. * **NextToken** *(string) --* A token to resume pagination. Inspector2 / Paginator / ListMembers ListMembers *********** class Inspector2.Paginator.ListMembers paginator = client.get_paginator('list_members') paginate(**kwargs) Creates an iterator that will paginate through responses from "Inspector2.Client.list_members()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( onlyAssociated=True|False, PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **onlyAssociated** (*boolean*) -- Specifies whether to list only currently associated members if "True" or to list all members within the organization if "False". * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'members': [ { 'accountId': 'string', 'relationshipStatus': 'CREATED'|'INVITED'|'DISABLED'|'ENABLED'|'REMOVED'|'RESIGNED'|'DELETED'|'EMAIL_VERIFICATION_IN_PROGRESS'|'EMAIL_VERIFICATION_FAILED'|'REGION_DISABLED'|'ACCOUNT_SUSPENDED'|'CANNOT_CREATE_DETECTOR_IN_ORG_MASTER', 'delegatedAdminAccountId': 'string', 'updatedAt': datetime(2015, 1, 1) }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **members** *(list) --* An object that contains details for each member account. * *(dict) --* Details on a member account in your organization. * **accountId** *(string) --* The Amazon Web Services account ID of the member account. * **relationshipStatus** *(string) --* The status of the member account. * **delegatedAdminAccountId** *(string) --* The Amazon Web Services account ID of the Amazon Inspector delegated administrator for this member account. * **updatedAt** *(datetime) --* A timestamp showing when the status of this member was last updated. * **NextToken** *(string) --* A token to resume pagination. Inspector2 / Paginator / SearchVulnerabilities SearchVulnerabilities ********************* class Inspector2.Paginator.SearchVulnerabilities paginator = client.get_paginator('search_vulnerabilities') paginate(**kwargs) Creates an iterator that will paginate through responses from "Inspector2.Client.search_vulnerabilities()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( filterCriteria={ 'vulnerabilityIds': [ 'string', ] }, PaginationConfig={ 'MaxItems': 123, 'StartingToken': 'string' } ) Parameters: * **filterCriteria** (*dict*) -- **[REQUIRED]** The criteria used to filter the results of a vulnerability search. * **vulnerabilityIds** *(list) --* **[REQUIRED]** The IDs for specific vulnerabilities. * *(string) --* * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'vulnerabilities': [ { 'id': 'string', 'cwes': [ 'string', ], 'cisaData': { 'dateAdded': datetime(2015, 1, 1), 'dateDue': datetime(2015, 1, 1), 'action': 'string' }, 'source': 'NVD', 'description': 'string', 'atigData': { 'firstSeen': datetime(2015, 1, 1), 'lastSeen': datetime(2015, 1, 1), 'targets': [ 'string', ], 'ttps': [ 'string', ] }, 'vendorSeverity': 'string', 'cvss4': { 'baseScore': 123.0, 'scoringVector': 'string' }, 'cvss3': { 'baseScore': 123.0, 'scoringVector': 'string' }, 'relatedVulnerabilities': [ 'string', ], 'cvss2': { 'baseScore': 123.0, 'scoringVector': 'string' }, 'vendorCreatedAt': datetime(2015, 1, 1), 'vendorUpdatedAt': datetime(2015, 1, 1), 'sourceUrl': 'string', 'referenceUrls': [ 'string', ], 'exploitObserved': { 'lastSeen': datetime(2015, 1, 1), 'firstSeen': datetime(2015, 1, 1) }, 'detectionPlatforms': [ 'string', ], 'epss': { 'score': 123.0 } }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **vulnerabilities** *(list) --* Details about the listed vulnerability. * *(dict) --* Contains details about a specific vulnerability Amazon Inspector can detect. * **id** *(string) --* The ID for the specific vulnerability. * **cwes** *(list) --* The Common Weakness Enumeration (CWE) associated with the vulnerability. * *(string) --* * **cisaData** *(dict) --* An object that contains the Cybersecurity and Infrastructure Security Agency (CISA) details for the vulnerability. * **dateAdded** *(datetime) --* The date and time CISA added this vulnerability to their catalogue. * **dateDue** *(datetime) --* The date and time CISA expects a fix to have been provided vulnerability. * **action** *(string) --* The remediation action recommended by CISA for this vulnerability. * **source** *(string) --* The source of the vulnerability information. Possible results are "RHEL", "AMAZON_CVE", "DEBIAN" or "NVD". * **description** *(string) --* A description of the vulnerability. * **atigData** *(dict) --* An object that contains information about the Amazon Web Services Threat Intel Group (ATIG) details for the vulnerability. * **firstSeen** *(datetime) --* The date and time this vulnerability was first observed. * **lastSeen** *(datetime) --* The date and time this vulnerability was last observed. * **targets** *(list) --* The commercial sectors this vulnerability targets. * *(string) --* * **ttps** *(list) --* The MITRE ATT&CK tactics, techniques, and procedures (TTPs) associated with vulnerability. * *(string) --* * **vendorSeverity** *(string) --* The severity assigned by the vendor. * **cvss4** *(dict) --* An object that contains the Common Vulnerability Scoring System (CVSS) Version 4 details for the vulnerability. * **baseScore** *(float) --* The base CVSS v4 score for the vulnerability finding, which rates the severity of the vulnerability on a scale from 0 to 10. * **scoringVector** *(string) --* The CVSS v4 scoring vector, which contains the metrics and measurements that were used to calculate the base score. * **cvss3** *(dict) --* An object that contains the Common Vulnerability Scoring System (CVSS) Version 3 details for the vulnerability. * **baseScore** *(float) --* The CVSS v3 base score for the vulnerability. * **scoringVector** *(string) --* The scoring vector associated with the CVSS v3 score. * **relatedVulnerabilities** *(list) --* A list of related vulnerabilities. * *(string) --* * **cvss2** *(dict) --* An object that contains the Common Vulnerability Scoring System (CVSS) Version 2 details for the vulnerability. * **baseScore** *(float) --* The CVSS v2 base score for the vulnerability. * **scoringVector** *(string) --* The scoring vector associated with the CVSS v2 score. * **vendorCreatedAt** *(datetime) --* The date and time when the vendor created this vulnerability. * **vendorUpdatedAt** *(datetime) --* The date and time when the vendor last updated this vulnerability. * **sourceUrl** *(string) --* A link to the official source material for this vulnerability. * **referenceUrls** *(list) --* Links to various resources with more information on this vulnerability. * *(string) --* * **exploitObserved** *(dict) --* An object that contains details on when the exploit was observed. * **lastSeen** *(datetime) --* The date an time when the exploit was last seen. * **firstSeen** *(datetime) --* The date an time when the exploit was first seen. * **detectionPlatforms** *(list) --* Platforms that the vulnerability can be detected on. * *(string) --* * **epss** *(dict) --* An object that contains the Exploit Prediction Scoring System (EPSS) score for a vulnerability. * **score** *(float) --* The Exploit Prediction Scoring System (EPSS) score. * **NextToken** *(string) --* A token to resume pagination. Inspector2 / Paginator / ListAccountPermissions ListAccountPermissions ********************** class Inspector2.Paginator.ListAccountPermissions paginator = client.get_paginator('list_account_permissions') paginate(**kwargs) Creates an iterator that will paginate through responses from "Inspector2.Client.list_account_permissions()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( service='EC2'|'ECR'|'LAMBDA', PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **service** (*string*) -- The service scan type to check permissions for. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'permissions': [ { 'service': 'EC2'|'ECR'|'LAMBDA', 'operation': 'ENABLE_SCANNING'|'DISABLE_SCANNING'|'ENABLE_REPOSITORY'|'DISABLE_REPOSITORY' }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **permissions** *(list) --* Contains details on the permissions an account has to configure Amazon Inspector. * *(dict) --* Contains information on the permissions an account has within Amazon Inspector. * **service** *(string) --* The services that the permissions allow an account to perform the given operations for. * **operation** *(string) --* The operations that can be performed with the given permissions. * **NextToken** *(string) --* A token to resume pagination. Inspector2 / Paginator / ListCoverageStatistics ListCoverageStatistics ********************** class Inspector2.Paginator.ListCoverageStatistics paginator = client.get_paginator('list_coverage_statistics') paginate(**kwargs) Creates an iterator that will paginate through responses from "Inspector2.Client.list_coverage_statistics()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( filterCriteria={ 'scanStatusCode': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'scanStatusReason': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'accountId': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'resourceId': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'resourceType': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'scanType': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrRepositoryName': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageTags': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'ec2InstanceTags': [ { 'comparison': 'EQUALS', 'key': 'string', 'value': 'string' }, ], 'lambdaFunctionName': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionTags': [ { 'comparison': 'EQUALS', 'key': 'string', 'value': 'string' }, ], 'lambdaFunctionRuntime': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'lastScannedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'scanMode': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'imagePulledAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'ecrImageLastInUseAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'ecrImageInUseCount': [ { 'upperInclusive': 123, 'lowerInclusive': 123 }, ], 'codeRepositoryProjectName': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'codeRepositoryProviderType': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'codeRepositoryProviderTypeVisibility': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'lastScannedCommitId': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ] }, groupBy='SCAN_STATUS_CODE'|'SCAN_STATUS_REASON'|'ACCOUNT_ID'|'RESOURCE_TYPE'|'ECR_REPOSITORY_NAME', PaginationConfig={ 'MaxItems': 123, 'StartingToken': 'string' } ) Parameters: * **filterCriteria** (*dict*) -- An object that contains details on the filters to apply to the coverage data for your environment. * **scanStatusCode** *(list) --* The scan status code to filter on. Valid values are: "ValidationException", "InternalServerException", "ResourceNotFoundException", "BadRequestException", and "ThrottlingException". * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **scanStatusReason** *(list) --* The scan status reason to filter on. * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **accountId** *(list) --* An array of Amazon Web Services account IDs to return coverage statistics for. * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **resourceId** *(list) --* An array of Amazon Web Services resource IDs to return coverage statistics for. * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **resourceType** *(list) --* An array of Amazon Web Services resource types to return coverage statistics for. The values can be "AWS_EC2_INSTANCE", "AWS_LAMBDA_FUNCTION", "AWS_ECR_CONTAINER_IMAGE", "AWS_ECR_REPOSITORY" or "AWS_ACCOUNT". * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **scanType** *(list) --* An array of Amazon Inspector scan types to return coverage statistics for. * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **ecrRepositoryName** *(list) --* The Amazon ECR repository name to filter on. * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **ecrImageTags** *(list) --* The Amazon ECR image tags to filter on. * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **ec2InstanceTags** *(list) --* The Amazon EC2 instance tags to filter on. * *(dict) --* Contains details of a coverage map filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare coverage on. * **key** *(string) --* **[REQUIRED]** The tag key associated with the coverage map filter. * **value** *(string) --* The tag value associated with the coverage map filter. * **lambdaFunctionName** *(list) --* Returns coverage statistics for Amazon Web Services Lambda functions filtered by function names. * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **lambdaFunctionTags** *(list) --* Returns coverage statistics for Amazon Web Services Lambda functions filtered by tag. * *(dict) --* Contains details of a coverage map filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare coverage on. * **key** *(string) --* **[REQUIRED]** The tag key associated with the coverage map filter. * **value** *(string) --* The tag value associated with the coverage map filter. * **lambdaFunctionRuntime** *(list) --* Returns coverage statistics for Amazon Web Services Lambda functions filtered by runtime. * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **lastScannedAt** *(list) --* Filters Amazon Web Services resources based on whether Amazon Inspector has checked them for vulnerabilities within the specified time range. * *(dict) --* Contains details of a coverage date filter. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period to filter results by. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period to filter results by. * **scanMode** *(list) --* The filter to search for Amazon EC2 instance coverage by scan mode. Valid values are "EC2_SSM_AGENT_BASED" and "EC2_AGENTLESS". * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **imagePulledAt** *(list) --* The date an image was last pulled at. * *(dict) --* Contains details of a coverage date filter. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period to filter results by. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period to filter results by. * **ecrImageLastInUseAt** *(list) --* The Amazon ECR image that was last in use. * *(dict) --* Contains details of a coverage date filter. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period to filter results by. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period to filter results by. * **ecrImageInUseCount** *(list) --* The number of Amazon ECR images in use. * *(dict) --* The coverage number to be used in the filter. * **upperInclusive** *(integer) --* The upper inclusive for the coverage number.> * **lowerInclusive** *(integer) --* The lower inclusive for the coverage number. * **codeRepositoryProjectName** *(list) --* Filter criteria for code repositories based on project name. * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **codeRepositoryProviderType** *(list) --* Filter criteria for code repositories based on provider type (such as GitHub, GitLab, etc.). * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **codeRepositoryProviderTypeVisibility** *(list) --* Filter criteria for code repositories based on visibility setting (public or private). * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **lastScannedCommitId** *(list) --* Filter criteria for code repositories based on the ID of the last scanned commit. * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **groupBy** (*string*) -- The value to group the results by. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'countsByGroup': [ { 'count': 123, 'groupKey': 'SCAN_STATUS_CODE'|'SCAN_STATUS_REASON'|'ACCOUNT_ID'|'RESOURCE_TYPE'|'ECR_REPOSITORY_NAME' }, ], 'totalCounts': 123, 'NextToken': 'string' } **Response Structure** * *(dict) --* * **countsByGroup** *(list) --* An array with the number for each group. * *(dict) --* a structure that contains information on the count of resources within a group. * **count** *(integer) --* The number of resources. * **groupKey** *(string) --* The key associated with this group * **totalCounts** *(integer) --* The total number for all groups. * **NextToken** *(string) --* A token to resume pagination. Inspector2 / Paginator / ListFilters ListFilters *********** class Inspector2.Paginator.ListFilters paginator = client.get_paginator('list_filters') paginate(**kwargs) Creates an iterator that will paginate through responses from "Inspector2.Client.list_filters()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( arns=[ 'string', ], action='NONE'|'SUPPRESS', PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **arns** (*list*) -- The Amazon resource number (ARN) of the filter. * *(string) --* * **action** (*string*) -- The action the filter applies to matched findings. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'filters': [ { 'arn': 'string', 'ownerId': 'string', 'name': 'string', 'criteria': { 'findingArn': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'awsAccountId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'findingType': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'severity': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'firstObservedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'lastObservedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'updatedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'findingStatus': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'title': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'inspectorScore': [ { 'upperInclusive': 123.0, 'lowerInclusive': 123.0 }, ], 'resourceType': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'resourceId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'resourceTags': [ { 'comparison': 'EQUALS', 'key': 'string', 'value': 'string' }, ], 'ec2InstanceImageId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ec2InstanceVpcId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ec2InstanceSubnetId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImagePushedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'ecrImageArchitecture': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageRegistry': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageRepositoryName': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageTags': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageHash': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageLastInUseAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'ecrImageInUseCount': [ { 'upperInclusive': 123.0, 'lowerInclusive': 123.0 }, ], 'portRange': [ { 'beginInclusive': 123, 'endInclusive': 123 }, ], 'networkProtocol': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'componentId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'componentType': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'vulnerabilityId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'vulnerabilitySource': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'vendorSeverity': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'vulnerablePackages': [ { 'name': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'version': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'epoch': { 'upperInclusive': 123.0, 'lowerInclusive': 123.0 }, 'release': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'architecture': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'sourceLayerHash': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'sourceLambdaLayerArn': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'filePath': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' } }, ], 'relatedVulnerabilities': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'fixAvailable': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionName': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionLayers': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionRuntime': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionLastModifiedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'lambdaFunctionExecutionRoleArn': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'exploitAvailable': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'codeVulnerabilityDetectorName': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'codeVulnerabilityDetectorTags': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'codeVulnerabilityFilePath': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'epssScore': [ { 'upperInclusive': 123.0, 'lowerInclusive': 123.0 }, ], 'codeRepositoryProjectName': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'codeRepositoryProviderType': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ] }, 'action': 'NONE'|'SUPPRESS', 'createdAt': datetime(2015, 1, 1), 'updatedAt': datetime(2015, 1, 1), 'description': 'string', 'reason': 'string', 'tags': { 'string': 'string' } }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **filters** *(list) --* Contains details on the filters associated with your account. * *(dict) --* Details about a filter. * **arn** *(string) --* The Amazon Resource Number (ARN) associated with this filter. * **ownerId** *(string) --* The Amazon Web Services account ID of the account that created the filter. * **name** *(string) --* The name of the filter. * **criteria** *(dict) --* Details on the filter criteria associated with this filter. * **findingArn** *(list) --* Details on the finding ARNs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **awsAccountId** *(list) --* Details of the Amazon Web Services account IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **findingType** *(list) --* Details on the finding types used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **severity** *(list) --* Details on the severity used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **firstObservedAt** *(list) --* Details on the date and time a finding was first seen used to filter findings. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **lastObservedAt** *(list) --* Details on the date and time a finding was last seen used to filter findings. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **updatedAt** *(list) --* Details on the date and time a finding was last updated at used to filter findings. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **findingStatus** *(list) --* Details on the finding status types used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **title** *(list) --* Details on the finding title used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **inspectorScore** *(list) --* The Amazon Inspector score to filter on. * *(dict) --* An object that describes the details of a number filter. * **upperInclusive** *(float) --* The highest number to be included in the filter. * **lowerInclusive** *(float) --* The lowest number to be included in the filter. * **resourceType** *(list) --* Details on the resource types used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **resourceId** *(list) --* Details on the resource IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **resourceTags** *(list) --* Details on the resource tags used to filter findings. * *(dict) --* An object that describes details of a map filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **key** *(string) --* The tag key used in the filter. * **value** *(string) --* The tag value used in the filter. * **ec2InstanceImageId** *(list) --* Details of the Amazon EC2 instance image IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **ec2InstanceVpcId** *(list) --* Details of the Amazon EC2 instance VPC IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **ec2InstanceSubnetId** *(list) --* Details of the Amazon EC2 instance subnet IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **ecrImagePushedAt** *(list) --* Details on the Amazon ECR image push date and time used to filter findings. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **ecrImageArchitecture** *(list) --* Details of the Amazon ECR image architecture types used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **ecrImageRegistry** *(list) --* Details on the Amazon ECR registry used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **ecrImageRepositoryName** *(list) --* Details on the name of the Amazon ECR repository used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **ecrImageTags** *(list) --* The tags attached to the Amazon ECR container image. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **ecrImageHash** *(list) --* Details of the Amazon ECR image hashes used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **ecrImageLastInUseAt** *(list) --* Filter criteria indicating when an Amazon ECR image was last used in an Amazon ECS cluster task or Amazon EKS cluster pod. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **ecrImageInUseCount** *(list) --* Filter criteria indicating when details for an Amazon ECR image include when an Amazon ECR image is in use. * *(dict) --* An object that describes the details of a number filter. * **upperInclusive** *(float) --* The highest number to be included in the filter. * **lowerInclusive** *(float) --* The lowest number to be included in the filter. * **portRange** *(list) --* Details on the port ranges used to filter findings. * *(dict) --* An object that describes the details of a port range filter. * **beginInclusive** *(integer) --* The port number the port range begins at. * **endInclusive** *(integer) --* The port number the port range ends at. * **networkProtocol** *(list) --* Details on network protocol used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **componentId** *(list) --* Details of the component IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **componentType** *(list) --* Details of the component types used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **vulnerabilityId** *(list) --* Details on the vulnerability ID used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **vulnerabilitySource** *(list) --* Details on the vulnerability type used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **vendorSeverity** *(list) --* Details on the vendor severity used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **vulnerablePackages** *(list) --* Details on the vulnerable packages used to filter findings. * *(dict) --* Contains information on the details of a package filter. * **name** *(dict) --* An object that contains details on the name of the package to filter on. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **version** *(dict) --* The package version to filter on. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **epoch** *(dict) --* An object that contains details on the package epoch to filter on. * **upperInclusive** *(float) --* The highest number to be included in the filter. * **lowerInclusive** *(float) --* The lowest number to be included in the filter. * **release** *(dict) --* An object that contains details on the package release to filter on. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **architecture** *(dict) --* An object that contains details on the package architecture type to filter on. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **sourceLayerHash** *(dict) --* An object that contains details on the source layer hash to filter on. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **sourceLambdaLayerArn** *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **filePath** *(dict) --* An object that contains details on the package file path to filter on. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **relatedVulnerabilities** *(list) --* Details on the related vulnerabilities used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **fixAvailable** *(list) --* Details on whether a fix is available through a version update. This value can be "YES", "NO", or "PARTIAL". A "PARTIAL" fix means that some, but not all, of the packages identified in the finding have fixes available through updated versions. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **lambdaFunctionName** *(list) --* Filters the list of Amazon Web Services Lambda functions by the name of the function. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **lambdaFunctionLayers** *(list) --* Filters the list of Amazon Web Services Lambda functions by the function's layers. A Lambda function can have up to five layers. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **lambdaFunctionRuntime** *(list) --* Filters the list of Amazon Web Services Lambda functions by the runtime environment for the Lambda function. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **lambdaFunctionLastModifiedAt** *(list) --* Filters the list of Amazon Web Services Lambda functions by the date and time that a user last updated the configuration, in ISO 8601 format * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **lambdaFunctionExecutionRoleArn** *(list) --* Filters the list of Amazon Web Services Lambda functions by execution role. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **exploitAvailable** *(list) --* Filters the list of Amazon Web Services Lambda findings by the availability of exploits. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **codeVulnerabilityDetectorName** *(list) --* The name of the detector used to identify a code vulnerability in a Lambda function used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **codeVulnerabilityDetectorTags** *(list) --* The detector type tag associated with the vulnerability used to filter findings. Detector tags group related vulnerabilities by common themes or tactics. For a list of available tags by programming language, see Java tags, or Python tags. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **codeVulnerabilityFilePath** *(list) --* The file path to the file in a Lambda function that contains a code vulnerability used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **epssScore** *(list) --* The EPSS score used to filter findings. * *(dict) --* An object that describes the details of a number filter. * **upperInclusive** *(float) --* The highest number to be included in the filter. * **lowerInclusive** *(float) --* The lowest number to be included in the filter. * **codeRepositoryProjectName** *(list) --* Filter criteria for findings based on the project name in a code repository. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **codeRepositoryProviderType** *(list) --* Filter criteria for findings based on the repository provider type (such as GitHub, GitLab, etc.). * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **action** *(string) --* The action that is to be applied to the findings that match the filter. * **createdAt** *(datetime) --* The date and time this filter was created at. * **updatedAt** *(datetime) --* The date and time the filter was last updated at. * **description** *(string) --* A description of the filter. * **reason** *(string) --* The reason for the filter. * **tags** *(dict) --* The tags attached to the filter. * *(string) --* * *(string) --* * **NextToken** *(string) --* A token to resume pagination. Inspector2 / Paginator / ListFindingAggregations ListFindingAggregations *********************** class Inspector2.Paginator.ListFindingAggregations paginator = client.get_paginator('list_finding_aggregations') paginate(**kwargs) Creates an iterator that will paginate through responses from "Inspector2.Client.list_finding_aggregations()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( aggregationType='FINDING_TYPE'|'PACKAGE'|'TITLE'|'REPOSITORY'|'AMI'|'AWS_EC2_INSTANCE'|'AWS_ECR_CONTAINER'|'IMAGE_LAYER'|'ACCOUNT'|'AWS_LAMBDA_FUNCTION'|'LAMBDA_LAYER'|'CODE_REPOSITORY', accountIds=[ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], aggregationRequest={ 'accountAggregation': { 'findingType': 'NETWORK_REACHABILITY'|'PACKAGE_VULNERABILITY'|'CODE_VULNERABILITY', 'resourceType': 'AWS_EC2_INSTANCE'|'AWS_ECR_CONTAINER_IMAGE'|'AWS_LAMBDA_FUNCTION'|'CODE_REPOSITORY', 'sortOrder': 'ASC'|'DESC', 'sortBy': 'CRITICAL'|'HIGH'|'ALL' }, 'amiAggregation': { 'amis': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'sortOrder': 'ASC'|'DESC', 'sortBy': 'CRITICAL'|'HIGH'|'ALL'|'AFFECTED_INSTANCES' }, 'awsEcrContainerAggregation': { 'resourceIds': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'imageShas': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'repositories': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'architectures': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'imageTags': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'sortOrder': 'ASC'|'DESC', 'sortBy': 'CRITICAL'|'HIGH'|'ALL', 'lastInUseAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'inUseCount': [ { 'upperInclusive': 123.0, 'lowerInclusive': 123.0 }, ] }, 'ec2InstanceAggregation': { 'amis': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'operatingSystems': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'instanceIds': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'instanceTags': [ { 'comparison': 'EQUALS', 'key': 'string', 'value': 'string' }, ], 'sortOrder': 'ASC'|'DESC', 'sortBy': 'NETWORK_FINDINGS'|'CRITICAL'|'HIGH'|'ALL' }, 'findingTypeAggregation': { 'findingType': 'NETWORK_REACHABILITY'|'PACKAGE_VULNERABILITY'|'CODE_VULNERABILITY', 'resourceType': 'AWS_EC2_INSTANCE'|'AWS_ECR_CONTAINER_IMAGE'|'AWS_LAMBDA_FUNCTION'|'CODE_REPOSITORY', 'sortOrder': 'ASC'|'DESC', 'sortBy': 'CRITICAL'|'HIGH'|'ALL' }, 'imageLayerAggregation': { 'repositories': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'resourceIds': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'layerHashes': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'sortOrder': 'ASC'|'DESC', 'sortBy': 'CRITICAL'|'HIGH'|'ALL' }, 'packageAggregation': { 'packageNames': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'sortOrder': 'ASC'|'DESC', 'sortBy': 'CRITICAL'|'HIGH'|'ALL' }, 'repositoryAggregation': { 'repositories': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'sortOrder': 'ASC'|'DESC', 'sortBy': 'CRITICAL'|'HIGH'|'ALL'|'AFFECTED_IMAGES' }, 'titleAggregation': { 'titles': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'vulnerabilityIds': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'resourceType': 'AWS_EC2_INSTANCE'|'AWS_ECR_CONTAINER_IMAGE'|'AWS_LAMBDA_FUNCTION'|'CODE_REPOSITORY', 'sortOrder': 'ASC'|'DESC', 'sortBy': 'CRITICAL'|'HIGH'|'ALL', 'findingType': 'NETWORK_REACHABILITY'|'PACKAGE_VULNERABILITY'|'CODE_VULNERABILITY' }, 'lambdaLayerAggregation': { 'functionNames': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'resourceIds': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'layerArns': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'sortOrder': 'ASC'|'DESC', 'sortBy': 'CRITICAL'|'HIGH'|'ALL' }, 'lambdaFunctionAggregation': { 'resourceIds': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'functionNames': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'runtimes': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'functionTags': [ { 'comparison': 'EQUALS', 'key': 'string', 'value': 'string' }, ], 'sortOrder': 'ASC'|'DESC', 'sortBy': 'CRITICAL'|'HIGH'|'ALL' }, 'codeRepositoryAggregation': { 'projectNames': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'providerTypes': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'sortOrder': 'ASC'|'DESC', 'sortBy': 'CRITICAL'|'HIGH'|'ALL', 'resourceIds': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ] } }, PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **aggregationType** (*string*) -- **[REQUIRED]** The type of the aggregation request. * **accountIds** (*list*) -- The Amazon Web Services account IDs to retrieve finding aggregation data for. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **aggregationRequest** (*dict*) -- Details of the aggregation request that is used to filter your aggregation results. Note: This is a Tagged Union structure. Only one of the following top level keys can be set: "accountAggregation", "amiAggregation", "awsEcrContainerAggregation", "ec2InstanceAggregation", "findingTypeAggregation", "imageLayerAggregation", "packageAggregation", "repositoryAggregation", "titleAggregation", "lambdaLayerAggregation", "lambdaFunctionAggregation", "codeRepositoryAggregation". * **accountAggregation** *(dict) --* An object that contains details about an aggregation request based on Amazon Web Services account IDs. * **findingType** *(string) --* The type of finding. * **resourceType** *(string) --* The type of resource. * **sortOrder** *(string) --* The sort order (ascending or descending). * **sortBy** *(string) --* The value to sort by. * **amiAggregation** *(dict) --* An object that contains details about an aggregation request based on Amazon Machine Images (AMIs). * **amis** *(list) --* The IDs of AMIs to aggregate findings for. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **sortOrder** *(string) --* The order to sort results by. * **sortBy** *(string) --* The value to sort results by. * **awsEcrContainerAggregation** *(dict) --* An object that contains details about an aggregation request based on Amazon ECR container images. * **resourceIds** *(list) --* The container resource IDs. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **imageShas** *(list) --* The image SHA values. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **repositories** *(list) --* The container repositories. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **architectures** *(list) --* The architecture of the containers. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **imageTags** *(list) --* The image tags. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **sortOrder** *(string) --* The sort order (ascending or descending). * **sortBy** *(string) --* The value to sort by. * **lastInUseAt** *(list) --* The last time an Amazon ECR image was used in an Amazon ECS task or Amazon EKS pod. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **inUseCount** *(list) --* The number of Amazon ECS tasks or Amazon EKS pods where the Amazon ECR container image is in use. * *(dict) --* An object that describes the details of a number filter. * **upperInclusive** *(float) --* The highest number to be included in the filter. * **lowerInclusive** *(float) --* The lowest number to be included in the filter. * **ec2InstanceAggregation** *(dict) --* An object that contains details about an aggregation request based on Amazon EC2 instances. * **amis** *(list) --* The AMI IDs associated with the Amazon EC2 instances to aggregate findings for. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **operatingSystems** *(list) --* The operating system types to aggregate findings for. Valid values must be uppercase and underscore separated, examples are "ORACLE_LINUX_7" and "ALPINE_LINUX_3_8". * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **instanceIds** *(list) --* The Amazon EC2 instance IDs to aggregate findings for. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **instanceTags** *(list) --* The Amazon EC2 instance tags to aggregate findings for. * *(dict) --* An object that describes details of a map filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **key** *(string) --* **[REQUIRED]** The tag key used in the filter. * **value** *(string) --* The tag value used in the filter. * **sortOrder** *(string) --* The order to sort results by. * **sortBy** *(string) --* The value to sort results by. * **findingTypeAggregation** *(dict) --* An object that contains details about an aggregation request based on finding types. * **findingType** *(string) --* The finding type to aggregate. * **resourceType** *(string) --* The resource type to aggregate. * **sortOrder** *(string) --* The order to sort results by. * **sortBy** *(string) --* The value to sort results by. * **imageLayerAggregation** *(dict) --* An object that contains details about an aggregation request based on container image layers. * **repositories** *(list) --* The repository associated with the container image hosting the layers. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **resourceIds** *(list) --* The ID of the container image layer. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **layerHashes** *(list) --* The hashes associated with the layers. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **sortOrder** *(string) --* The order to sort results by. * **sortBy** *(string) --* The value to sort results by. * **packageAggregation** *(dict) --* An object that contains details about an aggregation request based on operating system package type. * **packageNames** *(list) --* The names of packages to aggregate findings on. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **sortOrder** *(string) --* The order to sort results by. * **sortBy** *(string) --* The value to sort results by. * **repositoryAggregation** *(dict) --* An object that contains details about an aggregation request based on Amazon ECR repositories. * **repositories** *(list) --* The names of repositories to aggregate findings on. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **sortOrder** *(string) --* The order to sort results by. * **sortBy** *(string) --* The value to sort results by. * **titleAggregation** *(dict) --* An object that contains details about an aggregation request based on finding title. * **titles** *(list) --* The finding titles to aggregate on. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **vulnerabilityIds** *(list) --* The vulnerability IDs of the findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **resourceType** *(string) --* The resource type to aggregate on. * **sortOrder** *(string) --* The order to sort results by. * **sortBy** *(string) --* The value to sort results by. * **findingType** *(string) --* The type of finding to aggregate on. * **lambdaLayerAggregation** *(dict) --* Returns an object with findings aggregated by Amazon Web Services Lambda layer. * **functionNames** *(list) --* The names of the Amazon Web Services Lambda functions associated with the layers. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **resourceIds** *(list) --* The resource IDs for the Amazon Web Services Lambda function layers. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **layerArns** *(list) --* The Amazon Resource Name (ARN) of the Amazon Web Services Lambda function layer. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **sortOrder** *(string) --* The order to use for sorting the results. * **sortBy** *(string) --* The finding severity to use for sorting the results. * **lambdaFunctionAggregation** *(dict) --* Returns an object with findings aggregated by Amazon Web Services Lambda function. * **resourceIds** *(list) --* The resource IDs to include in the aggregation results. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **functionNames** *(list) --* The Amazon Web Services Lambda function names to include in the aggregation results. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **runtimes** *(list) --* Returns findings aggregated by Amazon Web Services Lambda function runtime environments. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **functionTags** *(list) --* The tags to include in the aggregation results. * *(dict) --* An object that describes details of a map filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **key** *(string) --* **[REQUIRED]** The tag key used in the filter. * **value** *(string) --* The tag value used in the filter. * **sortOrder** *(string) --* The order to use for sorting the results. * **sortBy** *(string) --* The finding severity to use for sorting the results. * **codeRepositoryAggregation** *(dict) --* An object that contains details about an aggregation request based on code repositories. * **projectNames** *(list) --* The project names to include in the aggregation results. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **providerTypes** *(list) --* The repository provider types to include in the aggregation results. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **sortOrder** *(string) --* The order to sort results by (ascending or descending) in the code repository aggregation. * **sortBy** *(string) --* The value to sort results by in the code repository aggregation. * **resourceIds** *(list) --* The resource IDs to include in the aggregation results. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'aggregationType': 'FINDING_TYPE'|'PACKAGE'|'TITLE'|'REPOSITORY'|'AMI'|'AWS_EC2_INSTANCE'|'AWS_ECR_CONTAINER'|'IMAGE_LAYER'|'ACCOUNT'|'AWS_LAMBDA_FUNCTION'|'LAMBDA_LAYER'|'CODE_REPOSITORY', 'responses': [ { 'accountAggregation': { 'accountId': 'string', 'severityCounts': { 'all': 123, 'medium': 123, 'high': 123, 'critical': 123 }, 'exploitAvailableCount': 123, 'fixAvailableCount': 123 }, 'amiAggregation': { 'ami': 'string', 'accountId': 'string', 'severityCounts': { 'all': 123, 'medium': 123, 'high': 123, 'critical': 123 }, 'affectedInstances': 123 }, 'awsEcrContainerAggregation': { 'resourceId': 'string', 'imageSha': 'string', 'repository': 'string', 'architecture': 'string', 'imageTags': [ 'string', ], 'accountId': 'string', 'severityCounts': { 'all': 123, 'medium': 123, 'high': 123, 'critical': 123 }, 'lastInUseAt': datetime(2015, 1, 1), 'inUseCount': 123 }, 'ec2InstanceAggregation': { 'instanceId': 'string', 'ami': 'string', 'operatingSystem': 'string', 'instanceTags': { 'string': 'string' }, 'accountId': 'string', 'severityCounts': { 'all': 123, 'medium': 123, 'high': 123, 'critical': 123 }, 'networkFindings': 123 }, 'findingTypeAggregation': { 'accountId': 'string', 'severityCounts': { 'all': 123, 'medium': 123, 'high': 123, 'critical': 123 }, 'exploitAvailableCount': 123, 'fixAvailableCount': 123 }, 'imageLayerAggregation': { 'repository': 'string', 'resourceId': 'string', 'layerHash': 'string', 'accountId': 'string', 'severityCounts': { 'all': 123, 'medium': 123, 'high': 123, 'critical': 123 } }, 'packageAggregation': { 'packageName': 'string', 'accountId': 'string', 'severityCounts': { 'all': 123, 'medium': 123, 'high': 123, 'critical': 123 } }, 'repositoryAggregation': { 'repository': 'string', 'accountId': 'string', 'severityCounts': { 'all': 123, 'medium': 123, 'high': 123, 'critical': 123 }, 'affectedImages': 123 }, 'titleAggregation': { 'title': 'string', 'vulnerabilityId': 'string', 'accountId': 'string', 'severityCounts': { 'all': 123, 'medium': 123, 'high': 123, 'critical': 123 } }, 'lambdaLayerAggregation': { 'functionName': 'string', 'resourceId': 'string', 'layerArn': 'string', 'accountId': 'string', 'severityCounts': { 'all': 123, 'medium': 123, 'high': 123, 'critical': 123 } }, 'lambdaFunctionAggregation': { 'resourceId': 'string', 'functionName': 'string', 'runtime': 'string', 'lambdaTags': { 'string': 'string' }, 'accountId': 'string', 'severityCounts': { 'all': 123, 'medium': 123, 'high': 123, 'critical': 123 }, 'lastModifiedAt': datetime(2015, 1, 1) }, 'codeRepositoryAggregation': { 'projectNames': 'string', 'providerType': 'string', 'severityCounts': { 'all': 123, 'medium': 123, 'high': 123, 'critical': 123 }, 'exploitAvailableActiveFindingsCount': 123, 'fixAvailableActiveFindingsCount': 123, 'accountId': 'string', 'resourceId': 'string' } }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **aggregationType** *(string) --* The type of aggregation to perform. * **responses** *(list) --* Objects that contain the results of an aggregation operation. * *(dict) --* A structure that contains details about the results of an aggregation type. Note: This is a Tagged Union structure. Only one of the following top level keys will be set: "accountAggregation", "amiAggregation", "awsEcrContainerAggregation", "ec2InstanceAggregation", "findingTypeAggregation", "imageLayerAggregation", "packageAggregation", "repositoryAggregation", "titleAggregation", "lambdaLayerAggregation", "lambdaFunctionAggregation", "codeRepositoryAggregation". If a client receives an unknown member it will set "SDK_UNKNOWN_MEMBER" as the top level key, which maps to the name or tag of the unknown member. The structure of "SDK_UNKNOWN_MEMBER" is as follows: 'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'} * **accountAggregation** *(dict) --* An object that contains details about an aggregation response based on Amazon Web Services account IDs. * **accountId** *(string) --* The Amazon Web Services account ID. * **severityCounts** *(dict) --* The number of findings by severity. * **all** *(integer) --* The total count of findings from all severities. * **medium** *(integer) --* The total count of medium severity findings. * **high** *(integer) --* The total count of high severity findings. * **critical** *(integer) --* The total count of critical severity findings. * **exploitAvailableCount** *(integer) --* The number of findings that have an exploit available. * **fixAvailableCount** *(integer) --* Details about the number of fixes. * **amiAggregation** *(dict) --* An object that contains details about an aggregation response based on Amazon Machine Images (AMIs). * **ami** *(string) --* The ID of the AMI that findings were aggregated for. * **accountId** *(string) --* The Amazon Web Services account ID for the AMI. * **severityCounts** *(dict) --* An object that contains the count of matched findings per severity. * **all** *(integer) --* The total count of findings from all severities. * **medium** *(integer) --* The total count of medium severity findings. * **high** *(integer) --* The total count of high severity findings. * **critical** *(integer) --* The total count of critical severity findings. * **affectedInstances** *(integer) --* The IDs of Amazon EC2 instances using this AMI. * **awsEcrContainerAggregation** *(dict) --* An object that contains details about an aggregation response based on Amazon ECR container images. * **resourceId** *(string) --* The resource ID of the container. * **imageSha** *(string) --* The SHA value of the container image. * **repository** *(string) --* The container repository. * **architecture** *(string) --* The architecture of the container. * **imageTags** *(list) --* The container image stags. * *(string) --* * **accountId** *(string) --* The Amazon Web Services account ID of the account that owns the container. * **severityCounts** *(dict) --* The number of finding by severity. * **all** *(integer) --* The total count of findings from all severities. * **medium** *(integer) --* The total count of medium severity findings. * **high** *(integer) --* The total count of high severity findings. * **critical** *(integer) --* The total count of critical severity findings. * **lastInUseAt** *(datetime) --* The last time an Amazon ECR image was used in an Amazon ECS task or Amazon EKS pod. * **inUseCount** *(integer) --* The number of Amazon ECS tasks or Amazon EKS pods where the Amazon ECR container image is in use. * **ec2InstanceAggregation** *(dict) --* An object that contains details about an aggregation response based on Amazon EC2 instances. * **instanceId** *(string) --* The Amazon EC2 instance ID. * **ami** *(string) --* The Amazon Machine Image (AMI) of the Amazon EC2 instance. * **operatingSystem** *(string) --* The operating system of the Amazon EC2 instance. * **instanceTags** *(dict) --* The tags attached to the instance. * *(string) --* * *(string) --* * **accountId** *(string) --* The Amazon Web Services account for the Amazon EC2 instance. * **severityCounts** *(dict) --* An object that contains the count of matched findings per severity. * **all** *(integer) --* The total count of findings from all severities. * **medium** *(integer) --* The total count of medium severity findings. * **high** *(integer) --* The total count of high severity findings. * **critical** *(integer) --* The total count of critical severity findings. * **networkFindings** *(integer) --* The number of network findings for the Amazon EC2 instance. * **findingTypeAggregation** *(dict) --* An object that contains details about an aggregation response based on finding types. * **accountId** *(string) --* The ID of the Amazon Web Services account associated with the findings. * **severityCounts** *(dict) --* The value to sort results by. * **all** *(integer) --* The total count of findings from all severities. * **medium** *(integer) --* The total count of medium severity findings. * **high** *(integer) --* The total count of high severity findings. * **critical** *(integer) --* The total count of critical severity findings. * **exploitAvailableCount** *(integer) --* The number of findings that have an exploit available. * **fixAvailableCount** *(integer) --* Details about the number of fixes. * **imageLayerAggregation** *(dict) --* An object that contains details about an aggregation response based on container image layers. * **repository** *(string) --* The repository the layer resides in. * **resourceId** *(string) --* The resource ID of the container image layer. * **layerHash** *(string) --* The layer hash. * **accountId** *(string) --* The ID of the Amazon Web Services account that owns the container image hosting the layer image. * **severityCounts** *(dict) --* An object that represents the count of matched findings per severity. * **all** *(integer) --* The total count of findings from all severities. * **medium** *(integer) --* The total count of medium severity findings. * **high** *(integer) --* The total count of high severity findings. * **critical** *(integer) --* The total count of critical severity findings. * **packageAggregation** *(dict) --* An object that contains details about an aggregation response based on operating system package type. * **packageName** *(string) --* The name of the operating system package. * **accountId** *(string) --* The ID of the Amazon Web Services account associated with the findings. * **severityCounts** *(dict) --* An object that contains the count of matched findings per severity. * **all** *(integer) --* The total count of findings from all severities. * **medium** *(integer) --* The total count of medium severity findings. * **high** *(integer) --* The total count of high severity findings. * **critical** *(integer) --* The total count of critical severity findings. * **repositoryAggregation** *(dict) --* An object that contains details about an aggregation response based on Amazon ECR repositories. * **repository** *(string) --* The name of the repository associated with the findings. * **accountId** *(string) --* The ID of the Amazon Web Services account associated with the findings. * **severityCounts** *(dict) --* An object that represent the count of matched findings per severity. * **all** *(integer) --* The total count of findings from all severities. * **medium** *(integer) --* The total count of medium severity findings. * **high** *(integer) --* The total count of high severity findings. * **critical** *(integer) --* The total count of critical severity findings. * **affectedImages** *(integer) --* The number of container images impacted by the findings. * **titleAggregation** *(dict) --* An object that contains details about an aggregation response based on finding title. * **title** *(string) --* The title that the findings were aggregated on. * **vulnerabilityId** *(string) --* The vulnerability ID of the finding. * **accountId** *(string) --* The ID of the Amazon Web Services account associated with the findings. * **severityCounts** *(dict) --* An object that represent the count of matched findings per severity. * **all** *(integer) --* The total count of findings from all severities. * **medium** *(integer) --* The total count of medium severity findings. * **high** *(integer) --* The total count of high severity findings. * **critical** *(integer) --* The total count of critical severity findings. * **lambdaLayerAggregation** *(dict) --* An aggregation of findings by Amazon Web Services Lambda layer. * **functionName** *(string) --* The names of the Amazon Web Services Lambda functions associated with the layers. * **resourceId** *(string) --* The Resource ID of the Amazon Web Services Lambda function layer. * **layerArn** *(string) --* The Amazon Resource Name (ARN) of the Amazon Web Services Lambda function layer. * **accountId** *(string) --* The account ID of the Amazon Web Services Lambda function layer. * **severityCounts** *(dict) --* An object that contains the counts of aggregated finding per severity. * **all** *(integer) --* The total count of findings from all severities. * **medium** *(integer) --* The total count of medium severity findings. * **high** *(integer) --* The total count of high severity findings. * **critical** *(integer) --* The total count of critical severity findings. * **lambdaFunctionAggregation** *(dict) --* An aggregation of findings by Amazon Web Services Lambda function. * **resourceId** *(string) --* The resource IDs included in the aggregation results. * **functionName** *(string) --* The Amazon Web Services Lambda function names included in the aggregation results. * **runtime** *(string) --* The runtimes included in the aggregation results. * **lambdaTags** *(dict) --* The tags included in the aggregation results. * *(string) --* * *(string) --* * **accountId** *(string) --* The ID of the Amazon Web Services account that owns the Amazon Web Services Lambda function. * **severityCounts** *(dict) --* An object that contains the counts of aggregated finding per severity. * **all** *(integer) --* The total count of findings from all severities. * **medium** *(integer) --* The total count of medium severity findings. * **high** *(integer) --* The total count of high severity findings. * **critical** *(integer) --* The total count of critical severity findings. * **lastModifiedAt** *(datetime) --* The date that the Amazon Web Services Lambda function included in the aggregation results was last changed. * **codeRepositoryAggregation** *(dict) --* An object that contains details about an aggregation response based on code repositories. * **projectNames** *(string) --* The names of the projects associated with the code repository. * **providerType** *(string) --* The type of repository provider for the code repository. * **severityCounts** *(dict) --* An object that contains the counts of aggregated finding per severity. * **all** *(integer) --* The total count of findings from all severities. * **medium** *(integer) --* The total count of medium severity findings. * **high** *(integer) --* The total count of high severity findings. * **critical** *(integer) --* The total count of critical severity findings. * **exploitAvailableActiveFindingsCount** *(integer) --* The number of active findings that have an exploit available for the code repository. * **fixAvailableActiveFindingsCount** *(integer) --* The number of active findings that have a fix available for the code repository. * **accountId** *(string) --* The Amazon Web Services account ID associated with the code repository. * **resourceId** *(string) --* The resource ID of the code repository. * **NextToken** *(string) --* A token to resume pagination. Inspector2 / Paginator / ListFindings ListFindings ************ class Inspector2.Paginator.ListFindings paginator = client.get_paginator('list_findings') paginate(**kwargs) Creates an iterator that will paginate through responses from "Inspector2.Client.list_findings()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( filterCriteria={ 'findingArn': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'awsAccountId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'findingType': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'severity': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'firstObservedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'lastObservedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'updatedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'findingStatus': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'title': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'inspectorScore': [ { 'upperInclusive': 123.0, 'lowerInclusive': 123.0 }, ], 'resourceType': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'resourceId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'resourceTags': [ { 'comparison': 'EQUALS', 'key': 'string', 'value': 'string' }, ], 'ec2InstanceImageId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ec2InstanceVpcId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ec2InstanceSubnetId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImagePushedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'ecrImageArchitecture': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageRegistry': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageRepositoryName': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageTags': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageHash': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageLastInUseAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'ecrImageInUseCount': [ { 'upperInclusive': 123.0, 'lowerInclusive': 123.0 }, ], 'portRange': [ { 'beginInclusive': 123, 'endInclusive': 123 }, ], 'networkProtocol': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'componentId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'componentType': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'vulnerabilityId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'vulnerabilitySource': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'vendorSeverity': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'vulnerablePackages': [ { 'name': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'version': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'epoch': { 'upperInclusive': 123.0, 'lowerInclusive': 123.0 }, 'release': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'architecture': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'sourceLayerHash': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'sourceLambdaLayerArn': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'filePath': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' } }, ], 'relatedVulnerabilities': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'fixAvailable': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionName': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionLayers': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionRuntime': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionLastModifiedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'lambdaFunctionExecutionRoleArn': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'exploitAvailable': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'codeVulnerabilityDetectorName': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'codeVulnerabilityDetectorTags': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'codeVulnerabilityFilePath': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'epssScore': [ { 'upperInclusive': 123.0, 'lowerInclusive': 123.0 }, ], 'codeRepositoryProjectName': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'codeRepositoryProviderType': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ] }, sortCriteria={ 'field': 'AWS_ACCOUNT_ID'|'FINDING_TYPE'|'SEVERITY'|'FIRST_OBSERVED_AT'|'LAST_OBSERVED_AT'|'FINDING_STATUS'|'RESOURCE_TYPE'|'ECR_IMAGE_PUSHED_AT'|'ECR_IMAGE_REPOSITORY_NAME'|'ECR_IMAGE_REGISTRY'|'NETWORK_PROTOCOL'|'COMPONENT_TYPE'|'VULNERABILITY_ID'|'VULNERABILITY_SOURCE'|'INSPECTOR_SCORE'|'VENDOR_SEVERITY'|'EPSS_SCORE', 'sortOrder': 'ASC'|'DESC' }, PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **filterCriteria** (*dict*) -- Details on the filters to apply to your finding results. * **findingArn** *(list) --* Details on the finding ARNs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **awsAccountId** *(list) --* Details of the Amazon Web Services account IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **findingType** *(list) --* Details on the finding types used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **severity** *(list) --* Details on the severity used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **firstObservedAt** *(list) --* Details on the date and time a finding was first seen used to filter findings. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **lastObservedAt** *(list) --* Details on the date and time a finding was last seen used to filter findings. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **updatedAt** *(list) --* Details on the date and time a finding was last updated at used to filter findings. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **findingStatus** *(list) --* Details on the finding status types used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **title** *(list) --* Details on the finding title used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **inspectorScore** *(list) --* The Amazon Inspector score to filter on. * *(dict) --* An object that describes the details of a number filter. * **upperInclusive** *(float) --* The highest number to be included in the filter. * **lowerInclusive** *(float) --* The lowest number to be included in the filter. * **resourceType** *(list) --* Details on the resource types used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **resourceId** *(list) --* Details on the resource IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **resourceTags** *(list) --* Details on the resource tags used to filter findings. * *(dict) --* An object that describes details of a map filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **key** *(string) --* **[REQUIRED]** The tag key used in the filter. * **value** *(string) --* The tag value used in the filter. * **ec2InstanceImageId** *(list) --* Details of the Amazon EC2 instance image IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **ec2InstanceVpcId** *(list) --* Details of the Amazon EC2 instance VPC IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **ec2InstanceSubnetId** *(list) --* Details of the Amazon EC2 instance subnet IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **ecrImagePushedAt** *(list) --* Details on the Amazon ECR image push date and time used to filter findings. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **ecrImageArchitecture** *(list) --* Details of the Amazon ECR image architecture types used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **ecrImageRegistry** *(list) --* Details on the Amazon ECR registry used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **ecrImageRepositoryName** *(list) --* Details on the name of the Amazon ECR repository used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **ecrImageTags** *(list) --* The tags attached to the Amazon ECR container image. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **ecrImageHash** *(list) --* Details of the Amazon ECR image hashes used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **ecrImageLastInUseAt** *(list) --* Filter criteria indicating when an Amazon ECR image was last used in an Amazon ECS cluster task or Amazon EKS cluster pod. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **ecrImageInUseCount** *(list) --* Filter criteria indicating when details for an Amazon ECR image include when an Amazon ECR image is in use. * *(dict) --* An object that describes the details of a number filter. * **upperInclusive** *(float) --* The highest number to be included in the filter. * **lowerInclusive** *(float) --* The lowest number to be included in the filter. * **portRange** *(list) --* Details on the port ranges used to filter findings. * *(dict) --* An object that describes the details of a port range filter. * **beginInclusive** *(integer) --* The port number the port range begins at. * **endInclusive** *(integer) --* The port number the port range ends at. * **networkProtocol** *(list) --* Details on network protocol used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **componentId** *(list) --* Details of the component IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **componentType** *(list) --* Details of the component types used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **vulnerabilityId** *(list) --* Details on the vulnerability ID used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **vulnerabilitySource** *(list) --* Details on the vulnerability type used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **vendorSeverity** *(list) --* Details on the vendor severity used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **vulnerablePackages** *(list) --* Details on the vulnerable packages used to filter findings. * *(dict) --* Contains information on the details of a package filter. * **name** *(dict) --* An object that contains details on the name of the package to filter on. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **version** *(dict) --* The package version to filter on. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **epoch** *(dict) --* An object that contains details on the package epoch to filter on. * **upperInclusive** *(float) --* The highest number to be included in the filter. * **lowerInclusive** *(float) --* The lowest number to be included in the filter. * **release** *(dict) --* An object that contains details on the package release to filter on. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **architecture** *(dict) --* An object that contains details on the package architecture type to filter on. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **sourceLayerHash** *(dict) --* An object that contains details on the source layer hash to filter on. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **sourceLambdaLayerArn** *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **filePath** *(dict) --* An object that contains details on the package file path to filter on. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **relatedVulnerabilities** *(list) --* Details on the related vulnerabilities used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **fixAvailable** *(list) --* Details on whether a fix is available through a version update. This value can be "YES", "NO", or "PARTIAL". A "PARTIAL" fix means that some, but not all, of the packages identified in the finding have fixes available through updated versions. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **lambdaFunctionName** *(list) --* Filters the list of Amazon Web Services Lambda functions by the name of the function. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **lambdaFunctionLayers** *(list) --* Filters the list of Amazon Web Services Lambda functions by the function's layers. A Lambda function can have up to five layers. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **lambdaFunctionRuntime** *(list) --* Filters the list of Amazon Web Services Lambda functions by the runtime environment for the Lambda function. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **lambdaFunctionLastModifiedAt** *(list) --* Filters the list of Amazon Web Services Lambda functions by the date and time that a user last updated the configuration, in ISO 8601 format * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **lambdaFunctionExecutionRoleArn** *(list) --* Filters the list of Amazon Web Services Lambda functions by execution role. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **exploitAvailable** *(list) --* Filters the list of Amazon Web Services Lambda findings by the availability of exploits. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **codeVulnerabilityDetectorName** *(list) --* The name of the detector used to identify a code vulnerability in a Lambda function used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **codeVulnerabilityDetectorTags** *(list) --* The detector type tag associated with the vulnerability used to filter findings. Detector tags group related vulnerabilities by common themes or tactics. For a list of available tags by programming language, see Java tags, or Python tags. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **codeVulnerabilityFilePath** *(list) --* The file path to the file in a Lambda function that contains a code vulnerability used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **epssScore** *(list) --* The EPSS score used to filter findings. * *(dict) --* An object that describes the details of a number filter. * **upperInclusive** *(float) --* The highest number to be included in the filter. * **lowerInclusive** *(float) --* The lowest number to be included in the filter. * **codeRepositoryProjectName** *(list) --* Filter criteria for findings based on the project name in a code repository. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **codeRepositoryProviderType** *(list) --* Filter criteria for findings based on the repository provider type (such as GitHub, GitLab, etc.). * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **sortCriteria** (*dict*) -- Details on the sort criteria to apply to your finding results. * **field** *(string) --* **[REQUIRED]** The finding detail field by which results are sorted. * **sortOrder** *(string) --* **[REQUIRED]** The order by which findings are sorted. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'findings': [ { 'findingArn': 'string', 'awsAccountId': 'string', 'type': 'NETWORK_REACHABILITY'|'PACKAGE_VULNERABILITY'|'CODE_VULNERABILITY', 'description': 'string', 'title': 'string', 'remediation': { 'recommendation': { 'text': 'string', 'Url': 'string' } }, 'severity': 'INFORMATIONAL'|'LOW'|'MEDIUM'|'HIGH'|'CRITICAL'|'UNTRIAGED', 'firstObservedAt': datetime(2015, 1, 1), 'lastObservedAt': datetime(2015, 1, 1), 'updatedAt': datetime(2015, 1, 1), 'status': 'ACTIVE'|'SUPPRESSED'|'CLOSED', 'resources': [ { 'type': 'AWS_EC2_INSTANCE'|'AWS_ECR_CONTAINER_IMAGE'|'AWS_ECR_REPOSITORY'|'AWS_LAMBDA_FUNCTION'|'CODE_REPOSITORY', 'id': 'string', 'partition': 'string', 'region': 'string', 'tags': { 'string': 'string' }, 'details': { 'awsEc2Instance': { 'type': 'string', 'imageId': 'string', 'ipV4Addresses': [ 'string', ], 'ipV6Addresses': [ 'string', ], 'keyName': 'string', 'iamInstanceProfileArn': 'string', 'vpcId': 'string', 'subnetId': 'string', 'launchedAt': datetime(2015, 1, 1), 'platform': 'string' }, 'awsEcrContainerImage': { 'repositoryName': 'string', 'imageTags': [ 'string', ], 'pushedAt': datetime(2015, 1, 1), 'author': 'string', 'architecture': 'string', 'imageHash': 'string', 'registry': 'string', 'platform': 'string', 'lastInUseAt': datetime(2015, 1, 1), 'inUseCount': 123 }, 'awsLambdaFunction': { 'functionName': 'string', 'runtime': 'NODEJS'|'NODEJS_12_X'|'NODEJS_14_X'|'NODEJS_16_X'|'JAVA_8'|'JAVA_8_AL2'|'JAVA_11'|'PYTHON_3_7'|'PYTHON_3_8'|'PYTHON_3_9'|'UNSUPPORTED'|'NODEJS_18_X'|'GO_1_X'|'JAVA_17'|'PYTHON_3_10'|'PYTHON_3_11'|'DOTNETCORE_3_1'|'DOTNET_6'|'DOTNET_7'|'RUBY_2_7'|'RUBY_3_2', 'codeSha256': 'string', 'version': 'string', 'executionRoleArn': 'string', 'layers': [ 'string', ], 'vpcConfig': { 'subnetIds': [ 'string', ], 'securityGroupIds': [ 'string', ], 'vpcId': 'string' }, 'packageType': 'IMAGE'|'ZIP', 'architectures': [ 'X86_64'|'ARM64', ], 'lastModifiedAt': datetime(2015, 1, 1) }, 'codeRepository': { 'projectName': 'string', 'integrationArn': 'string', 'providerType': 'GITHUB'|'GITLAB_SELF_MANAGED' } } }, ], 'inspectorScore': 123.0, 'inspectorScoreDetails': { 'adjustedCvss': { 'scoreSource': 'string', 'cvssSource': 'string', 'version': 'string', 'score': 123.0, 'scoringVector': 'string', 'adjustments': [ { 'metric': 'string', 'reason': 'string' }, ] } }, 'networkReachabilityDetails': { 'openPortRange': { 'begin': 123, 'end': 123 }, 'protocol': 'TCP'|'UDP', 'networkPath': { 'steps': [ { 'componentId': 'string', 'componentType': 'string', 'componentArn': 'string' }, ] } }, 'packageVulnerabilityDetails': { 'vulnerabilityId': 'string', 'vulnerablePackages': [ { 'name': 'string', 'version': 'string', 'sourceLayerHash': 'string', 'epoch': 123, 'release': 'string', 'arch': 'string', 'packageManager': 'BUNDLER'|'CARGO'|'COMPOSER'|'NPM'|'NUGET'|'PIPENV'|'POETRY'|'YARN'|'GOBINARY'|'GOMOD'|'JAR'|'OS'|'PIP'|'PYTHONPKG'|'NODEPKG'|'POM'|'GEMSPEC'|'DOTNET_CORE', 'filePath': 'string', 'fixedInVersion': 'string', 'remediation': 'string', 'sourceLambdaLayerArn': 'string' }, ], 'source': 'string', 'cvss': [ { 'baseScore': 123.0, 'scoringVector': 'string', 'version': 'string', 'source': 'string' }, ], 'relatedVulnerabilities': [ 'string', ], 'sourceUrl': 'string', 'vendorSeverity': 'string', 'vendorCreatedAt': datetime(2015, 1, 1), 'vendorUpdatedAt': datetime(2015, 1, 1), 'referenceUrls': [ 'string', ] }, 'fixAvailable': 'YES'|'NO'|'PARTIAL', 'exploitAvailable': 'YES'|'NO', 'exploitabilityDetails': { 'lastKnownExploitAt': datetime(2015, 1, 1) }, 'codeVulnerabilityDetails': { 'filePath': { 'fileName': 'string', 'filePath': 'string', 'startLine': 123, 'endLine': 123 }, 'detectorTags': [ 'string', ], 'referenceUrls': [ 'string', ], 'ruleId': 'string', 'sourceLambdaLayerArn': 'string', 'detectorId': 'string', 'detectorName': 'string', 'cwes': [ 'string', ] }, 'epss': { 'score': 123.0 } }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **findings** *(list) --* Contains details on the findings in your environment. * *(dict) --* Details about an Amazon Inspector finding. * **findingArn** *(string) --* The Amazon Resource Number (ARN) of the finding. * **awsAccountId** *(string) --* The Amazon Web Services account ID associated with the finding. * **type** *(string) --* The type of the finding. The "type" value determines the valid values for "resource" in your request. For more information, see Finding types in the Amazon Inspector user guide. * **description** *(string) --* The description of the finding. * **title** *(string) --* The title of the finding. * **remediation** *(dict) --* An object that contains the details about how to remediate a finding. * **recommendation** *(dict) --* An object that contains information about the recommended course of action to remediate the finding. * **text** *(string) --* The recommended course of action to remediate the finding. * **Url** *(string) --* The URL address to the CVE remediation recommendations. * **severity** *(string) --* The severity of the finding. "UNTRIAGED" applies to "PACKAGE_VULNERABILITY" type findings that the vendor has not assigned a severity yet. For more information, see Severity levels for findings in the Amazon Inspector user guide. * **firstObservedAt** *(datetime) --* The date and time that the finding was first observed. * **lastObservedAt** *(datetime) --* The date and time the finding was last observed. This timestamp for this field remains unchanged until a finding is updated. * **updatedAt** *(datetime) --* The date and time the finding was last updated at. * **status** *(string) --* The status of the finding. * **resources** *(list) --* Contains information on the resources involved in a finding. The "resource" value determines the valid values for "type" in your request. For more information, see Finding types in the Amazon Inspector user guide. * *(dict) --* Details about the resource involved in a finding. * **type** *(string) --* The type of resource. * **id** *(string) --* The ID of the resource. * **partition** *(string) --* The partition of the resource. * **region** *(string) --* The Amazon Web Services Region the impacted resource is located in. * **tags** *(dict) --* The tags attached to the resource. * *(string) --* * *(string) --* * **details** *(dict) --* An object that contains details about the resource involved in a finding. * **awsEc2Instance** *(dict) --* An object that contains details about the Amazon EC2 instance involved in the finding. * **type** *(string) --* The type of the Amazon EC2 instance. * **imageId** *(string) --* The image ID of the Amazon EC2 instance. * **ipV4Addresses** *(list) --* The IPv4 addresses of the Amazon EC2 instance. * *(string) --* * **ipV6Addresses** *(list) --* The IPv6 addresses of the Amazon EC2 instance. * *(string) --* * **keyName** *(string) --* The name of the key pair used to launch the Amazon EC2 instance. * **iamInstanceProfileArn** *(string) --* The IAM instance profile ARN of the Amazon EC2 instance. * **vpcId** *(string) --* The VPC ID of the Amazon EC2 instance. * **subnetId** *(string) --* The subnet ID of the Amazon EC2 instance. * **launchedAt** *(datetime) --* The date and time the Amazon EC2 instance was launched at. * **platform** *(string) --* The platform of the Amazon EC2 instance. * **awsEcrContainerImage** *(dict) --* An object that contains details about the Amazon ECR container image involved in the finding. * **repositoryName** *(string) --* The name of the repository the Amazon ECR container image resides in. * **imageTags** *(list) --* The image tags attached to the Amazon ECR container image. * *(string) --* * **pushedAt** *(datetime) --* The date and time the Amazon ECR container image was pushed. * **author** *(string) --* The image author of the Amazon ECR container image. * **architecture** *(string) --* The architecture of the Amazon ECR container image. * **imageHash** *(string) --* The image hash of the Amazon ECR container image. * **registry** *(string) --* The registry for the Amazon ECR container image. * **platform** *(string) --* The platform of the Amazon ECR container image. * **lastInUseAt** *(datetime) --* The last time an Amazon ECR image was used in an Amazon ECS task or Amazon EKS pod. * **inUseCount** *(integer) --* The number of Amazon ECS tasks or Amazon EKS pods where the Amazon ECR container image is in use. * **awsLambdaFunction** *(dict) --* A summary of the information about an Amazon Web Services Lambda function affected by a finding. * **functionName** *(string) --* The name of the Amazon Web Services Lambda function. * **runtime** *(string) --* The runtime environment for the Amazon Web Services Lambda function. * **codeSha256** *(string) --* The SHA256 hash of the Amazon Web Services Lambda function's deployment package. * **version** *(string) --* The version of the Amazon Web Services Lambda function. * **executionRoleArn** *(string) --* The Amazon Web Services Lambda function's execution role. * **layers** *(list) --* The Amazon Web Services Lambda function's layers. A Lambda function can have up to five layers. * *(string) --* * **vpcConfig** *(dict) --* The Amazon Web Services Lambda function's networking configuration. * **subnetIds** *(list) --* A list of VPC subnet IDs. * *(string) --* * **securityGroupIds** *(list) --* The VPC security groups and subnets that are attached to an Amazon Web Services Lambda function. For more information, see VPC Settings. * *(string) --* * **vpcId** *(string) --* The ID of the VPC. * **packageType** *(string) --* The type of deployment package. Set to "Image" for container image and set "Zip" for .zip file archive. * **architectures** *(list) --* The instruction set architecture that the Amazon Web Services Lambda function supports. Architecture is a string array with one of the valid values. The default architecture value is "x86_64". * *(string) --* * **lastModifiedAt** *(datetime) --* The date and time that a user last updated the configuration, in ISO 8601 format * **codeRepository** *(dict) --* Contains details about a code repository resource associated with a finding. * **projectName** *(string) --* The name of the project in the code repository. * **integrationArn** *(string) --* The Amazon Resource Name (ARN) of the code security integration associated with the repository. * **providerType** *(string) --* The type of repository provider (such as GitHub, GitLab, etc.). * **inspectorScore** *(float) --* The Amazon Inspector score given to the finding. * **inspectorScoreDetails** *(dict) --* An object that contains details of the Amazon Inspector score. * **adjustedCvss** *(dict) --* An object that contains details about the CVSS score given to a finding. * **scoreSource** *(string) --* The source for the CVSS score. * **cvssSource** *(string) --* The source of the CVSS data. * **version** *(string) --* The CVSS version used in scoring. * **score** *(float) --* The CVSS score. * **scoringVector** *(string) --* The vector for the CVSS score. * **adjustments** *(list) --* An object that contains details about adjustment Amazon Inspector made to the CVSS score. * *(dict) --* Details on adjustments Amazon Inspector made to the CVSS score for a finding. * **metric** *(string) --* The metric used to adjust the CVSS score. * **reason** *(string) --* The reason the CVSS score has been adjustment. * **networkReachabilityDetails** *(dict) --* An object that contains the details of a network reachability finding. * **openPortRange** *(dict) --* An object that contains details about the open port range associated with a finding. * **begin** *(integer) --* The beginning port in a port range. * **end** *(integer) --* The ending port in a port range. * **protocol** *(string) --* The protocol associated with a finding. * **networkPath** *(dict) --* An object that contains details about a network path associated with a finding. * **steps** *(list) --* The details on the steps in the network path. * *(dict) --* Details about the step associated with a finding. * **componentId** *(string) --* The component ID. * **componentType** *(string) --* The component type. * **componentArn** *(string) --* The component ARN. The ARN can be null and is not displayed in the Amazon Web Services console. * **packageVulnerabilityDetails** *(dict) --* An object that contains the details of a package vulnerability finding. * **vulnerabilityId** *(string) --* The ID given to this vulnerability. * **vulnerablePackages** *(list) --* The packages impacted by this vulnerability. * *(dict) --* Information on the vulnerable package identified by a finding. * **name** *(string) --* The name of the vulnerable package. * **version** *(string) --* The version of the vulnerable package. * **sourceLayerHash** *(string) --* The source layer hash of the vulnerable package. * **epoch** *(integer) --* The epoch of the vulnerable package. * **release** *(string) --* The release of the vulnerable package. * **arch** *(string) --* The architecture of the vulnerable package. * **packageManager** *(string) --* The package manager of the vulnerable package. * **filePath** *(string) --* The file path of the vulnerable package. * **fixedInVersion** *(string) --* The version of the package that contains the vulnerability fix. * **remediation** *(string) --* The code to run in your environment to update packages with a fix available. * **sourceLambdaLayerArn** *(string) --* The Amazon Resource Number (ARN) of the Amazon Web Services Lambda function affected by a finding. * **source** *(string) --* The source of the vulnerability information. * **cvss** *(list) --* An object that contains details about the CVSS score of a finding. * *(dict) --* The CVSS score for a finding. * **baseScore** *(float) --* The base CVSS score used for the finding. * **scoringVector** *(string) --* The vector string of the CVSS score. * **version** *(string) --* The version of CVSS used for the score. * **source** *(string) --* The source of the CVSS score. * **relatedVulnerabilities** *(list) --* One or more vulnerabilities related to the one identified in this finding. * *(string) --* * **sourceUrl** *(string) --* A URL to the source of the vulnerability information. * **vendorSeverity** *(string) --* The severity the vendor has given to this vulnerability type. * **vendorCreatedAt** *(datetime) --* The date and time that this vulnerability was first added to the vendor's database. * **vendorUpdatedAt** *(datetime) --* The date and time the vendor last updated this vulnerability in their database. * **referenceUrls** *(list) --* One or more URLs that contain details about this vulnerability type. * *(string) --* * **fixAvailable** *(string) --* Details on whether a fix is available through a version update. This value can be "YES", "NO", or "PARTIAL". A "PARTIAL" fix means that some, but not all, of the packages identified in the finding have fixes available through updated versions. * **exploitAvailable** *(string) --* If a finding discovered in your environment has an exploit available. * **exploitabilityDetails** *(dict) --* The details of an exploit available for a finding discovered in your environment. * **lastKnownExploitAt** *(datetime) --* The date and time of the last exploit associated with a finding discovered in your environment. * **codeVulnerabilityDetails** *(dict) --* Details about the code vulnerability identified in a Lambda function used to filter findings. * **filePath** *(dict) --* Contains information on where the code vulnerability is located in your code. * **fileName** *(string) --* The name of the file the code vulnerability was found in. * **filePath** *(string) --* The file path to the code that a vulnerability was found in. * **startLine** *(integer) --* The line number of the first line of code that a vulnerability was found in. * **endLine** *(integer) --* The line number of the last line of code that a vulnerability was found in. * **detectorTags** *(list) --* The detector tag associated with the vulnerability. Detector tags group related vulnerabilities by common themes or tactics. For a list of available tags by programming language, see Java tags, or Python tags. * *(string) --* * **referenceUrls** *(list) --* A URL containing supporting documentation about the code vulnerability detected. * *(string) --* * **ruleId** *(string) --* The identifier for a rule that was used to detect the code vulnerability. * **sourceLambdaLayerArn** *(string) --* The Amazon Resource Name (ARN) of the Lambda layer that the code vulnerability was detected in. * **detectorId** *(string) --* The ID for the Amazon CodeGuru detector associated with the finding. For more information on detectors see Amazon CodeGuru Detector Library. * **detectorName** *(string) --* The name of the detector used to identify the code vulnerability. For more information on detectors see CodeGuru Detector Library. * **cwes** *(list) --* The Common Weakness Enumeration (CWE) item associated with the detected vulnerability. * *(string) --* * **epss** *(dict) --* The finding's EPSS score. * **score** *(float) --* The EPSS score. * **NextToken** *(string) --* A token to resume pagination. Inspector2 / Paginator / ListDelegatedAdminAccounts ListDelegatedAdminAccounts ************************** class Inspector2.Paginator.ListDelegatedAdminAccounts paginator = client.get_paginator('list_delegated_admin_accounts') paginate(**kwargs) Creates an iterator that will paginate through responses from "Inspector2.Client.list_delegated_admin_accounts()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max- items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'delegatedAdminAccounts': [ { 'accountId': 'string', 'status': 'ENABLED'|'DISABLE_IN_PROGRESS' }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **delegatedAdminAccounts** *(list) --* Details of the Amazon Inspector delegated administrator of your organization. * *(dict) --* Details of the Amazon Inspector delegated administrator for your organization. * **accountId** *(string) --* The Amazon Web Services account ID of the Amazon Inspector delegated administrator for your organization. * **status** *(string) --* The status of the Amazon Inspector delegated administrator. * **NextToken** *(string) --* A token to resume pagination. Inspector2 / Paginator / ListCisScanConfigurations ListCisScanConfigurations ************************* class Inspector2.Paginator.ListCisScanConfigurations paginator = client.get_paginator('list_cis_scan_configurations') paginate(**kwargs) Creates an iterator that will paginate through responses from "Inspector2.Client.list_cis_scan_configurations()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( filterCriteria={ 'scanNameFilters': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'targetResourceTagFilters': [ { 'comparison': 'EQUALS', 'key': 'string', 'value': 'string' }, ], 'scanConfigurationArnFilters': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ] }, sortBy='SCAN_NAME'|'SCAN_CONFIGURATION_ARN', sortOrder='ASC'|'DESC', PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **filterCriteria** (*dict*) -- The CIS scan configuration filter criteria. * **scanNameFilters** *(list) --* The list of scan name filters. * *(dict) --* The CIS string filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS string filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS string filter. * **targetResourceTagFilters** *(list) --* The list of target resource tag filters. * *(dict) --* The tag filter. * **comparison** *(string) --* **[REQUIRED]** The tag filter comparison value. * **key** *(string) --* **[REQUIRED]** The tag filter key. * **value** *(string) --* **[REQUIRED]** The tag filter value. * **scanConfigurationArnFilters** *(list) --* The list of scan configuration ARN filters. * *(dict) --* The CIS string filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS string filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS string filter. * **sortBy** (*string*) -- The CIS scan configuration sort by order. * **sortOrder** (*string*) -- The CIS scan configuration sort order order. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'scanConfigurations': [ { 'scanConfigurationArn': 'string', 'ownerId': 'string', 'scanName': 'string', 'securityLevel': 'LEVEL_1'|'LEVEL_2', 'schedule': { 'oneTime': {}, 'daily': { 'startTime': { 'timeOfDay': 'string', 'timezone': 'string' } }, 'weekly': { 'startTime': { 'timeOfDay': 'string', 'timezone': 'string' }, 'days': [ 'SUN'|'MON'|'TUE'|'WED'|'THU'|'FRI'|'SAT', ] }, 'monthly': { 'startTime': { 'timeOfDay': 'string', 'timezone': 'string' }, 'day': 'SUN'|'MON'|'TUE'|'WED'|'THU'|'FRI'|'SAT' } }, 'targets': { 'accountIds': [ 'string', ], 'targetResourceTags': { 'string': [ 'string', ] } }, 'tags': { 'string': 'string' } }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **scanConfigurations** *(list) --* The CIS scan configuration scan configurations. * *(dict) --* The CIS scan configuration. * **scanConfigurationArn** *(string) --* The CIS scan configuration's scan configuration ARN. * **ownerId** *(string) --* The CIS scan configuration's owner ID. * **scanName** *(string) --* The name of the CIS scan configuration. * **securityLevel** *(string) --* The CIS scan configuration's security level. * **schedule** *(dict) --* The CIS scan configuration's schedule. Note: This is a Tagged Union structure. Only one of the following top level keys will be set: "oneTime", "daily", "weekly", "monthly". If a client receives an unknown member it will set "SDK_UNKNOWN_MEMBER" as the top level key, which maps to the name or tag of the unknown member. The structure of "SDK_UNKNOWN_MEMBER" is as follows: 'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'} * **oneTime** *(dict) --* The schedule's one time. * **daily** *(dict) --* The schedule's daily. * **startTime** *(dict) --* The schedule start time. * **timeOfDay** *(string) --* The time of day in 24-hour format (00:00). * **timezone** *(string) --* The timezone. * **weekly** *(dict) --* The schedule's weekly. * **startTime** *(dict) --* The weekly schedule's start time. * **timeOfDay** *(string) --* The time of day in 24-hour format (00:00). * **timezone** *(string) --* The timezone. * **days** *(list) --* The weekly schedule's days. * *(string) --* * **monthly** *(dict) --* The schedule's monthly. * **startTime** *(dict) --* The monthly schedule's start time. * **timeOfDay** *(string) --* The time of day in 24-hour format (00:00). * **timezone** *(string) --* The timezone. * **day** *(string) --* The monthly schedule's day. * **targets** *(dict) --* The CIS scan configuration's targets. * **accountIds** *(list) --* The CIS target account ids. * *(string) --* * **targetResourceTags** *(dict) --* The CIS target resource tags. * *(string) --* * *(list) --* * *(string) --* * **tags** *(dict) --* The CIS scan configuration's tags. * *(string) --* * *(string) --* * **NextToken** *(string) --* A token to resume pagination. Inspector2 / Paginator / ListCisScanResultsAggregatedByChecks ListCisScanResultsAggregatedByChecks ************************************ class Inspector2.Paginator.ListCisScanResultsAggregatedByChecks paginator = client.get_paginator('list_cis_scan_results_aggregated_by_checks') paginate(**kwargs) Creates an iterator that will paginate through responses from " Inspector2.Client.list_cis_scan_results_aggregated_by_checks()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( scanArn='string', filterCriteria={ 'accountIdFilters': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'checkIdFilters': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'titleFilters': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'platformFilters': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'failedResourcesFilters': [ { 'upperInclusive': 123, 'lowerInclusive': 123 }, ], 'securityLevelFilters': [ { 'comparison': 'EQUALS', 'value': 'LEVEL_1'|'LEVEL_2' }, ] }, sortBy='CHECK_ID'|'TITLE'|'PLATFORM'|'FAILED_COUNTS'|'SECURITY_LEVEL', sortOrder='ASC'|'DESC', PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **scanArn** (*string*) -- **[REQUIRED]** The scan ARN. * **filterCriteria** (*dict*) -- The filter criteria. * **accountIdFilters** *(list) --* The criteria's account ID filters. * *(dict) --* The CIS string filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS string filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS string filter. * **checkIdFilters** *(list) --* The criteria's check ID filters. * *(dict) --* The CIS string filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS string filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS string filter. * **titleFilters** *(list) --* The criteria's title filters. * *(dict) --* The CIS string filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS string filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS string filter. * **platformFilters** *(list) --* The criteria's platform filters. * *(dict) --* The CIS string filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS string filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS string filter. * **failedResourcesFilters** *(list) --* The criteria's failed resources filters. * *(dict) --* The CIS number filter. * **upperInclusive** *(integer) --* The CIS number filter's upper inclusive. * **lowerInclusive** *(integer) --* The CIS number filter's lower inclusive. * **securityLevelFilters** *(list) --* The criteria's security level filters. * *(dict) --* The CIS security level filter. Security level refers to the Benchmark levels that CIS assigns to a profile. * **comparison** *(string) --* **[REQUIRED]** The CIS security filter comparison value. * **value** *(string) --* **[REQUIRED]** The CIS security filter value. * **sortBy** (*string*) -- The sort by order. * **sortOrder** (*string*) -- The sort order. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'checkAggregations': [ { 'scanArn': 'string', 'checkId': 'string', 'title': 'string', 'checkDescription': 'string', 'level': 'LEVEL_1'|'LEVEL_2', 'accountId': 'string', 'statusCounts': { 'failed': 123, 'skipped': 123, 'passed': 123 }, 'platform': 'string' }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **checkAggregations** *(list) --* The check aggregations. * *(dict) --* A CIS check. * **scanArn** *(string) --* The scan ARN for the CIS check scan ARN. * **checkId** *(string) --* The check ID for the CIS check. * **title** *(string) --* The CIS check title. * **checkDescription** *(string) --* The description for the CIS check. * **level** *(string) --* The CIS check level. * **accountId** *(string) --* The account ID for the CIS check. * **statusCounts** *(dict) --* The CIS check status counts. * **failed** *(integer) --* The number of checks that failed. * **skipped** *(integer) --* The number of checks that were skipped. * **passed** *(integer) --* The number of checks that passed. * **platform** *(string) --* The CIS check platform. * **NextToken** *(string) --* A token to resume pagination. Inspector2 / Paginator / GetClustersForImage GetClustersForImage ******************* class Inspector2.Paginator.GetClustersForImage paginator = client.get_paginator('get_clusters_for_image') paginate(**kwargs) Creates an iterator that will paginate through responses from "Inspector2.Client.get_clusters_for_image()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( filter={ 'resourceId': 'string' }, PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **filter** (*dict*) -- **[REQUIRED]** The resource Id for the Amazon ECR image. * **resourceId** *(string) --* **[REQUIRED]** The resource Id to be used in the filter criteria. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'cluster': [ { 'clusterArn': 'string', 'clusterDetails': [ { 'lastInUse': datetime(2015, 1, 1), 'runningUnitCount': 123, 'stoppedUnitCount': 123, 'clusterMetadata': { 'awsEcsMetadataDetails': { 'detailsGroup': 'string', 'taskDefinitionArn': 'string' }, 'awsEksMetadataDetails': { 'namespace': 'string', 'workloadInfoList': [ { 'name': 'string', 'type': 'string' }, ] } } }, ] }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **cluster** *(list) --* A unit of work inside of a cluster, which can include metadata about the cluster. * *(dict) --* Information about the cluster. * **clusterArn** *(string) --* The cluster ARN. * **clusterDetails** *(list) --* Details about the cluster. * *(dict) --* Details about the task or pod in the cluster. * **lastInUse** *(datetime) --* The last timestamp when Amazon Inspector recorded the image in use in the task or pod in the cluster. * **runningUnitCount** *(integer) --* The number of tasks or pods where an image was running on the cluster. * **stoppedUnitCount** *(integer) --* The number of tasks or pods where an image was stopped on the cluster in the last 24 hours. * **clusterMetadata** *(dict) --* The metadata for a cluster. Note: This is a Tagged Union structure. Only one of the following top level keys will be set: "awsEcsMetadataDetails", "awsEksMetadataDetails". If a client receives an unknown member it will set "SDK_UNKNOWN_MEMBER" as the top level key, which maps to the name or tag of the unknown member. The structure of "SDK_UNKNOWN_MEMBER" is as follows: 'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'} * **awsEcsMetadataDetails** *(dict) --* The details for an Amazon ECS cluster in the cluster metadata. * **detailsGroup** *(string) --* The details group information for a task in a cluster. * **taskDefinitionArn** *(string) --* The task definition ARN. * **awsEksMetadataDetails** *(dict) --* The details for an Amazon EKS cluster in the cluster metadata. * **namespace** *(string) --* The namespace for an Amazon EKS cluster. * **workloadInfoList** *(list) --* The list of workloads. * *(dict) --* Information about the workload. * **name** *(string) --* The name of the workload. * **type** *(string) --* The workload type. * **NextToken** *(string) --* A token to resume pagination. Inspector2 / Paginator / ListCisScanResultsAggregatedByTargetResource ListCisScanResultsAggregatedByTargetResource ******************************************** class Inspector2.Paginator.ListCisScanResultsAggregatedByTargetResource paginator = client.get_paginator('list_cis_scan_results_aggregated_by_target_resource') paginate(**kwargs) Creates an iterator that will paginate through responses from " Inspector2.Client.list_cis_scan_results_aggregated_by_target_re source()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( scanArn='string', filterCriteria={ 'accountIdFilters': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'statusFilters': [ { 'comparison': 'EQUALS', 'value': 'PASSED'|'FAILED'|'SKIPPED' }, ], 'checkIdFilters': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'targetResourceIdFilters': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'targetResourceTagFilters': [ { 'comparison': 'EQUALS', 'key': 'string', 'value': 'string' }, ], 'platformFilters': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'targetStatusFilters': [ { 'comparison': 'EQUALS', 'value': 'TIMED_OUT'|'CANCELLED'|'COMPLETED' }, ], 'targetStatusReasonFilters': [ { 'comparison': 'EQUALS', 'value': 'SCAN_IN_PROGRESS'|'UNSUPPORTED_OS'|'SSM_UNMANAGED' }, ], 'failedChecksFilters': [ { 'upperInclusive': 123, 'lowerInclusive': 123 }, ] }, sortBy='RESOURCE_ID'|'FAILED_COUNTS'|'ACCOUNT_ID'|'PLATFORM'|'TARGET_STATUS'|'TARGET_STATUS_REASON', sortOrder='ASC'|'DESC', PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **scanArn** (*string*) -- **[REQUIRED]** The scan ARN. * **filterCriteria** (*dict*) -- The filter criteria. * **accountIdFilters** *(list) --* The criteria's account ID filters. * *(dict) --* The CIS string filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS string filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS string filter. * **statusFilters** *(list) --* The criteria's status filter. * *(dict) --* The CIS result status filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS result status filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS result status filter. * **checkIdFilters** *(list) --* The criteria's check ID filters. * *(dict) --* The CIS string filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS string filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS string filter. * **targetResourceIdFilters** *(list) --* The criteria's target resource ID filters. * *(dict) --* The CIS string filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS string filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS string filter. * **targetResourceTagFilters** *(list) --* The criteria's target resource tag filters. * *(dict) --* The tag filter. * **comparison** *(string) --* **[REQUIRED]** The tag filter comparison value. * **key** *(string) --* **[REQUIRED]** The tag filter key. * **value** *(string) --* **[REQUIRED]** The tag filter value. * **platformFilters** *(list) --* The criteria's platform filters. * *(dict) --* The CIS string filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS string filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS string filter. * **targetStatusFilters** *(list) --* The criteria's target status filters. * *(dict) --* The CIS target status filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS target status filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS target status filter. * **targetStatusReasonFilters** *(list) --* The criteria's target status reason filters. * *(dict) --* The CIS target status reason filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS target status reason filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS target status reason filter. * **failedChecksFilters** *(list) --* The criteria's failed checks filters. * *(dict) --* The CIS number filter. * **upperInclusive** *(integer) --* The CIS number filter's upper inclusive. * **lowerInclusive** *(integer) --* The CIS number filter's lower inclusive. * **sortBy** (*string*) -- The sort by order. * **sortOrder** (*string*) -- The sort order. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'targetResourceAggregations': [ { 'scanArn': 'string', 'targetResourceId': 'string', 'accountId': 'string', 'targetResourceTags': { 'string': [ 'string', ] }, 'statusCounts': { 'failed': 123, 'skipped': 123, 'passed': 123 }, 'platform': 'string', 'targetStatus': 'TIMED_OUT'|'CANCELLED'|'COMPLETED', 'targetStatusReason': 'SCAN_IN_PROGRESS'|'UNSUPPORTED_OS'|'SSM_UNMANAGED' }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **targetResourceAggregations** *(list) --* The resource aggregations. * *(dict) --* The CIS target resource aggregation. * **scanArn** *(string) --* The scan ARN for the CIS target resource. * **targetResourceId** *(string) --* The ID of the target resource. * **accountId** *(string) --* The account ID for the CIS target resource. * **targetResourceTags** *(dict) --* The tag for the target resource. * *(string) --* * *(list) --* * *(string) --* * **statusCounts** *(dict) --* The target resource status counts. * **failed** *(integer) --* The number of checks that failed. * **skipped** *(integer) --* The number of checks that were skipped. * **passed** *(integer) --* The number of checks that passed. * **platform** *(string) --* The platform for the CIS target resource. * **targetStatus** *(string) --* The status of the target resource. * **targetStatusReason** *(string) --* The reason for the target resource. * **NextToken** *(string) --* A token to resume pagination. Inspector2 / Paginator / ListCoverage ListCoverage ************ class Inspector2.Paginator.ListCoverage paginator = client.get_paginator('list_coverage') paginate(**kwargs) Creates an iterator that will paginate through responses from "Inspector2.Client.list_coverage()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( filterCriteria={ 'scanStatusCode': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'scanStatusReason': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'accountId': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'resourceId': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'resourceType': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'scanType': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrRepositoryName': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageTags': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'ec2InstanceTags': [ { 'comparison': 'EQUALS', 'key': 'string', 'value': 'string' }, ], 'lambdaFunctionName': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionTags': [ { 'comparison': 'EQUALS', 'key': 'string', 'value': 'string' }, ], 'lambdaFunctionRuntime': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'lastScannedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'scanMode': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'imagePulledAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'ecrImageLastInUseAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'ecrImageInUseCount': [ { 'upperInclusive': 123, 'lowerInclusive': 123 }, ], 'codeRepositoryProjectName': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'codeRepositoryProviderType': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'codeRepositoryProviderTypeVisibility': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'lastScannedCommitId': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ] }, PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **filterCriteria** (*dict*) -- An object that contains details on the filters to apply to the coverage data for your environment. * **scanStatusCode** *(list) --* The scan status code to filter on. Valid values are: "ValidationException", "InternalServerException", "ResourceNotFoundException", "BadRequestException", and "ThrottlingException". * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **scanStatusReason** *(list) --* The scan status reason to filter on. * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **accountId** *(list) --* An array of Amazon Web Services account IDs to return coverage statistics for. * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **resourceId** *(list) --* An array of Amazon Web Services resource IDs to return coverage statistics for. * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **resourceType** *(list) --* An array of Amazon Web Services resource types to return coverage statistics for. The values can be "AWS_EC2_INSTANCE", "AWS_LAMBDA_FUNCTION", "AWS_ECR_CONTAINER_IMAGE", "AWS_ECR_REPOSITORY" or "AWS_ACCOUNT". * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **scanType** *(list) --* An array of Amazon Inspector scan types to return coverage statistics for. * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **ecrRepositoryName** *(list) --* The Amazon ECR repository name to filter on. * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **ecrImageTags** *(list) --* The Amazon ECR image tags to filter on. * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **ec2InstanceTags** *(list) --* The Amazon EC2 instance tags to filter on. * *(dict) --* Contains details of a coverage map filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare coverage on. * **key** *(string) --* **[REQUIRED]** The tag key associated with the coverage map filter. * **value** *(string) --* The tag value associated with the coverage map filter. * **lambdaFunctionName** *(list) --* Returns coverage statistics for Amazon Web Services Lambda functions filtered by function names. * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **lambdaFunctionTags** *(list) --* Returns coverage statistics for Amazon Web Services Lambda functions filtered by tag. * *(dict) --* Contains details of a coverage map filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare coverage on. * **key** *(string) --* **[REQUIRED]** The tag key associated with the coverage map filter. * **value** *(string) --* The tag value associated with the coverage map filter. * **lambdaFunctionRuntime** *(list) --* Returns coverage statistics for Amazon Web Services Lambda functions filtered by runtime. * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **lastScannedAt** *(list) --* Filters Amazon Web Services resources based on whether Amazon Inspector has checked them for vulnerabilities within the specified time range. * *(dict) --* Contains details of a coverage date filter. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period to filter results by. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period to filter results by. * **scanMode** *(list) --* The filter to search for Amazon EC2 instance coverage by scan mode. Valid values are "EC2_SSM_AGENT_BASED" and "EC2_AGENTLESS". * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **imagePulledAt** *(list) --* The date an image was last pulled at. * *(dict) --* Contains details of a coverage date filter. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period to filter results by. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period to filter results by. * **ecrImageLastInUseAt** *(list) --* The Amazon ECR image that was last in use. * *(dict) --* Contains details of a coverage date filter. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period to filter results by. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period to filter results by. * **ecrImageInUseCount** *(list) --* The number of Amazon ECR images in use. * *(dict) --* The coverage number to be used in the filter. * **upperInclusive** *(integer) --* The upper inclusive for the coverage number.> * **lowerInclusive** *(integer) --* The lower inclusive for the coverage number. * **codeRepositoryProjectName** *(list) --* Filter criteria for code repositories based on project name. * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **codeRepositoryProviderType** *(list) --* Filter criteria for code repositories based on provider type (such as GitHub, GitLab, etc.). * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **codeRepositoryProviderTypeVisibility** *(list) --* Filter criteria for code repositories based on visibility setting (public or private). * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **lastScannedCommitId** *(list) --* Filter criteria for code repositories based on the ID of the last scanned commit. * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'coveredResources': [ { 'resourceType': 'AWS_EC2_INSTANCE'|'AWS_ECR_CONTAINER_IMAGE'|'AWS_ECR_REPOSITORY'|'AWS_LAMBDA_FUNCTION'|'CODE_REPOSITORY', 'resourceId': 'string', 'accountId': 'string', 'scanType': 'NETWORK'|'PACKAGE'|'CODE', 'scanStatus': { 'statusCode': 'ACTIVE'|'INACTIVE', 'reason': 'PENDING_INITIAL_SCAN'|'ACCESS_DENIED'|'INTERNAL_ERROR'|'UNMANAGED_EC2_INSTANCE'|'UNSUPPORTED_OS'|'SCAN_ELIGIBILITY_EXPIRED'|'RESOURCE_TERMINATED'|'SUCCESSFUL'|'NO_RESOURCES_FOUND'|'IMAGE_SIZE_EXCEEDED'|'SCAN_FREQUENCY_MANUAL'|'SCAN_FREQUENCY_SCAN_ON_PUSH'|'EC2_INSTANCE_STOPPED'|'PENDING_DISABLE'|'NO_INVENTORY'|'STALE_INVENTORY'|'EXCLUDED_BY_TAG'|'UNSUPPORTED_RUNTIME'|'UNSUPPORTED_MEDIA_TYPE'|'UNSUPPORTED_CONFIG_FILE'|'DEEP_INSPECTION_PACKAGE_COLLECTION_LIMIT_EXCEEDED'|'DEEP_INSPECTION_DAILY_SSM_INVENTORY_LIMIT_EXCEEDED'|'DEEP_INSPECTION_COLLECTION_TIME_LIMIT_EXCEEDED'|'DEEP_INSPECTION_NO_INVENTORY'|'AGENTLESS_INSTANCE_STORAGE_LIMIT_EXCEEDED'|'AGENTLESS_INSTANCE_COLLECTION_TIME_LIMIT_EXCEEDED'|'PENDING_REVIVAL_SCAN'|'INTEGRATION_CONNECTION_LOST'|'ACCESS_DENIED_TO_ENCRYPTION_KEY'|'UNSUPPORTED_LANGUAGE'|'NO_SCAN_CONFIGURATION_ASSOCIATED'|'SCAN_IN_PROGRESS' }, 'resourceMetadata': { 'ecrRepository': { 'name': 'string', 'scanFrequency': 'MANUAL'|'SCAN_ON_PUSH'|'CONTINUOUS_SCAN' }, 'ecrImage': { 'tags': [ 'string', ], 'imagePulledAt': datetime(2015, 1, 1), 'lastInUseAt': datetime(2015, 1, 1), 'inUseCount': 123 }, 'ec2': { 'tags': { 'string': 'string' }, 'amiId': 'string', 'platform': 'WINDOWS'|'LINUX'|'UNKNOWN'|'MACOS' }, 'lambdaFunction': { 'functionTags': { 'string': 'string' }, 'layers': [ 'string', ], 'functionName': 'string', 'runtime': 'NODEJS'|'NODEJS_12_X'|'NODEJS_14_X'|'NODEJS_16_X'|'JAVA_8'|'JAVA_8_AL2'|'JAVA_11'|'PYTHON_3_7'|'PYTHON_3_8'|'PYTHON_3_9'|'UNSUPPORTED'|'NODEJS_18_X'|'GO_1_X'|'JAVA_17'|'PYTHON_3_10'|'PYTHON_3_11'|'DOTNETCORE_3_1'|'DOTNET_6'|'DOTNET_7'|'RUBY_2_7'|'RUBY_3_2' }, 'codeRepository': { 'projectName': 'string', 'integrationArn': 'string', 'providerType': 'string', 'providerTypeVisibility': 'string', 'lastScannedCommitId': 'string', 'scanConfiguration': { 'periodicScanConfigurations': [ { 'frequencyExpression': 'string', 'ruleSetCategories': [ 'SAST'|'IAC'|'SCA', ] }, ], 'continuousIntegrationScanConfigurations': [ { 'supportedEvent': 'PULL_REQUEST'|'PUSH', 'ruleSetCategories': [ 'SAST'|'IAC'|'SCA', ] }, ] }, 'onDemandScan': { 'lastScannedCommitId': 'string', 'lastScanAt': datetime(2015, 1, 1), 'scanStatus': { 'statusCode': 'ACTIVE'|'INACTIVE', 'reason': 'PENDING_INITIAL_SCAN'|'ACCESS_DENIED'|'INTERNAL_ERROR'|'UNMANAGED_EC2_INSTANCE'|'UNSUPPORTED_OS'|'SCAN_ELIGIBILITY_EXPIRED'|'RESOURCE_TERMINATED'|'SUCCESSFUL'|'NO_RESOURCES_FOUND'|'IMAGE_SIZE_EXCEEDED'|'SCAN_FREQUENCY_MANUAL'|'SCAN_FREQUENCY_SCAN_ON_PUSH'|'EC2_INSTANCE_STOPPED'|'PENDING_DISABLE'|'NO_INVENTORY'|'STALE_INVENTORY'|'EXCLUDED_BY_TAG'|'UNSUPPORTED_RUNTIME'|'UNSUPPORTED_MEDIA_TYPE'|'UNSUPPORTED_CONFIG_FILE'|'DEEP_INSPECTION_PACKAGE_COLLECTION_LIMIT_EXCEEDED'|'DEEP_INSPECTION_DAILY_SSM_INVENTORY_LIMIT_EXCEEDED'|'DEEP_INSPECTION_COLLECTION_TIME_LIMIT_EXCEEDED'|'DEEP_INSPECTION_NO_INVENTORY'|'AGENTLESS_INSTANCE_STORAGE_LIMIT_EXCEEDED'|'AGENTLESS_INSTANCE_COLLECTION_TIME_LIMIT_EXCEEDED'|'PENDING_REVIVAL_SCAN'|'INTEGRATION_CONNECTION_LOST'|'ACCESS_DENIED_TO_ENCRYPTION_KEY'|'UNSUPPORTED_LANGUAGE'|'NO_SCAN_CONFIGURATION_ASSOCIATED'|'SCAN_IN_PROGRESS' } } } }, 'lastScannedAt': datetime(2015, 1, 1), 'scanMode': 'EC2_SSM_AGENT_BASED'|'EC2_AGENTLESS' }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **coveredResources** *(list) --* An object that contains details on the covered resources in your environment. * *(dict) --* An object that contains details about a resource covered by Amazon Inspector. * **resourceType** *(string) --* The type of the covered resource. * **resourceId** *(string) --* The ID of the covered resource. * **accountId** *(string) --* The Amazon Web Services account ID of the covered resource. * **scanType** *(string) --* The Amazon Inspector scan type covering the resource. * **scanStatus** *(dict) --* The status of the scan covering the resource. * **statusCode** *(string) --* The status code of the scan. * **reason** *(string) --* The scan status. Possible return values and descriptions are: "ACCESS_DENIED" - Resource access policy restricting Amazon Inspector access. Please update the IAM policy. "ACCESS_DENIED_TO_ENCRYPTION_KEY" - The KMS key policy doesn't allow Amazon Inspector access. Update the key policy. "DEEP_INSPECTION_COLLECTION_TIME_LIMIT_EXCEEDED" - Amazon Inspector failed to extract the package inventory because the package collection time exceeding the maximum threshold of 15 minutes. "DEEP_INSPECTION_DAILY_SSM_INVENTORY_LIMIT_EXCEEDE D" - The SSM agent couldn't send inventory to Amazon Inspector because the SSM quota for Inventory data collected per instance per day has already been reached for this instance. "DEEP_INSPECTION_NO_INVENTORY" - The Amazon Inspector plugin hasn't yet been able to collect an inventory of packages for this instance. This is usually the result of a pending scan, however, if this status persists after 6 hours, use SSM to ensure that the required Amazon Inspector associations exist and are running for the instance. "DEEP_INSPECTION_PACKAGE_COLLECTION_LIMIT_EXCEEDED" - The instance has exceeded the 5000 package limit for Amazon Inspector Deep inspection. To resume Deep inspection for this instance you can try to adjust the custom paths associated with the account. "EC2_INSTANCE_STOPPED" - This EC2 instance is in a stopped state, therefore, Amazon Inspector will pause scanning. The existing findings will continue to exist until the instance is terminated. Once the instance is re-started, Inspector will automatically start scanning the instance again. Please note that you will not be charged for this instance while it's in a stopped state. "EXCLUDED_BY_TAG" - This resource was not scanned because it has been excluded by a tag. "IMAGE_SIZE_EXCEEDED" - Reserved for future use. "INTEGRATION_CONNNECTION_LOST" - Amazon Inspector couldn't communicate with the source code management platform. "INTERNAL_ERROR" - Amazon Inspector has encountered an internal error for this resource. Amazon Inspector service will automatically resolve the issue and resume the scanning. No action required from the user. "NO_INVENTORY" - Amazon Inspector couldn't find software application inventory to scan for vulnerabilities. This might be caused due to required Amazon Inspector associations being deleted or failing to run on your resource. Please verify the status of "InspectorInventoryCollection- do-not-delete" association in the SSM console for the resource. Additionally, you can verify the instance's inventory in the SSM Fleet Manager console. "NO_RESOURCES_FOUND" - Reserved for future use. "NO_SCAN_CONFIGURATION_ASSOCIATED" - The code repository resource doesn't have an associated scan configuration. "PENDING_DISABLE" - This resource is pending cleanup during disablement. The customer will not be billed while a resource is in the pending disable status. "PENDING_INITIAL_SCAN" - This resource has been identified for scanning, results will be available soon. "RESOURCE_TERMINATED" - This resource has been terminated. The findings and coverage associated with this resource are in the process of being cleaned up. "SCAN_ELIGIBILITY_EXPIRED" - The configured scan duration has lapsed for this image. "SCAN_FREQUENCY_MANUAL" - This image will not be covered by Amazon Inspector due to the repository scan frequency configuration. "SCAN_FREQUENCY_SCAN_ON_PUSH" - This image will be scanned one time and will not new findings because of the scan frequency configuration. "SCAN_IN_PROGRESS" - The resource is currently being scanned. "STALE_INVENTORY" - Amazon Inspector wasn't able to collect an updated software application inventory in the last 7 days. Please confirm the required Amazon Inspector associations still exist and you can still see an updated inventory in the SSM console. "SUCCESSFUL" - The scan was successful. "UNMANAGED_EC2_INSTANCE" - The EC2 instance is not managed by SSM, please use the following SSM automation to remediate the issue: https://docs.aws.amazon.com/systems-manager- automation-runbooks/latest/userguide/automation- awssupport-troubleshoot-managed-instance.html. Once the instance becomes managed by SSM, Inspector will automatically begin scanning this instance. "UNSUPPORTED_CONFIG_FILE" - Reserved for future use. "UNSUPPORTED_LANGUAGE" - The scan was unsuccessful because the repository contains files in an unsupported programming language. >>``<>``<<- The ECR image has an unsupported media type. "UNSUPPORTED_OS" - Amazon Inspector does not support this OS, architecture, or image manifest type at this time. To see a complete list of supported operating systems see: https://docs.aws. amazon.com/inspector/latest/user/supported.html. "UNSUPPORTED_RUNTIME" - The function was not scanned because it has an unsupported runtime. To see a complete list of supported runtimes see: htt ps://docs.aws.amazon.com/inspector/latest/user/sup ported.html. * **resourceMetadata** *(dict) --* An object that contains details about the metadata. * **ecrRepository** *(dict) --* An object that contains details about the repository an Amazon ECR image resides in. * **name** *(string) --* The name of the Amazon ECR repository. * **scanFrequency** *(string) --* The frequency of scans. * **ecrImage** *(dict) --* An object that contains details about the container metadata for an Amazon ECR image. * **tags** *(list) --* Tags associated with the Amazon ECR image metadata. * *(string) --* * **imagePulledAt** *(datetime) --* The date an image was last pulled at. * **lastInUseAt** *(datetime) --* The last time an Amazon ECR image was used in an Amazon ECS task or Amazon EKS pod. * **inUseCount** *(integer) --* The number of Amazon ECS tasks or Amazon EKS pods where the Amazon ECR container image is in use. * **ec2** *(dict) --* An object that contains metadata details for an Amazon EC2 instance. * **tags** *(dict) --* The tags attached to the instance. * *(string) --* * *(string) --* * **amiId** *(string) --* The ID of the Amazon Machine Image (AMI) used to launch the instance. * **platform** *(string) --* The platform of the instance. * **lambdaFunction** *(dict) --* An object that contains metadata details for an Amazon Web Services Lambda function. * **functionTags** *(dict) --* The resource tags on an Amazon Web Services Lambda function. * *(string) --* * *(string) --* * **layers** *(list) --* The layers for an Amazon Web Services Lambda function. A Lambda function can have up to five layers. * *(string) --* * **functionName** *(string) --* The name of a function. * **runtime** *(string) --* An Amazon Web Services Lambda function's runtime. * **codeRepository** *(dict) --* Contains metadata about scan coverage for a code repository resource. * **projectName** *(string) --* The name of the project in the code repository. * **integrationArn** *(string) --* The Amazon Resource Name (ARN) of the code security integration associated with the repository. * **providerType** *(string) --* The type of repository provider (such as GitHub, GitLab, etc.). * **providerTypeVisibility** *(string) --* The visibility setting of the repository (public or private). * **lastScannedCommitId** *(string) --* The ID of the last commit that was scanned in the repository. * **scanConfiguration** *(dict) --* The scan configuration settings applied to the code repository. * **periodicScanConfigurations** *(list) --* The periodic scan configurations applied to the project. * *(dict) --* Contains the periodic scan configuration settings applied to a specific project. * **frequencyExpression** *(string) --* The schedule expression for periodic scans, in cron format, applied to the project. * **ruleSetCategories** *(list) --* The categories of security rules applied during periodic scans for the project. * *(string) --* * **continuousIntegrationScanConfigurations** *(list) --* The continuous integration scan configurations applied to the project. * *(dict) --* Contains the continuous integration scan configuration settings applied to a specific project. * **supportedEvent** *(string) --* The repository event that triggers continuous integration scans for the project. * **ruleSetCategories** *(list) --* The categories of security rules applied during continuous integration scans for the project. * *(string) --* * **onDemandScan** *(dict) --* Information about on-demand scans performed on the repository. * **lastScannedCommitId** *(string) --* The ID of the last commit that was scanned during an on-demand scan. * **lastScanAt** *(datetime) --* The timestamp when the last on-demand scan was performed. * **scanStatus** *(dict) --* The status of the scan. * **statusCode** *(string) --* The status code of the scan. * **reason** *(string) --* The scan status. Possible return values and descriptions are: "ACCESS_DENIED" - Resource access policy restricting Amazon Inspector access. Please update the IAM policy. "ACCESS_DENIED_TO_ENCRYPTION_KEY" - The KMS key policy doesn't allow Amazon Inspector access. Update the key policy. "DEEP_INSPECTION_COLLECTION_TIME_LIMIT_EXCEE DED" - Amazon Inspector failed to extract the package inventory because the package collection time exceeding the maximum threshold of 15 minutes. "DEEP_INSPECTION_DAILY_SSM_INVENTORY_LIMIT_E XCEEDED" - The SSM agent couldn't send inventory to Amazon Inspector because the SSM quota for Inventory data collected per instance per day has already been reached for this instance. "DEEP_INSPECTION_NO_INVENTORY" - The Amazon Inspector plugin hasn't yet been able to collect an inventory of packages for this instance. This is usually the result of a pending scan, however, if this status persists after 6 hours, use SSM to ensure that the required Amazon Inspector associations exist and are running for the instance. "DEEP_INSPECTION_PACKAGE_COLLECTION_LIMIT_EX CEEDED" - The instance has exceeded the 5000 package limit for Amazon Inspector Deep inspection. To resume Deep inspection for this instance you can try to adjust the custom paths associated with the account. "EC2_INSTANCE_STOPPED" - This EC2 instance is in a stopped state, therefore, Amazon Inspector will pause scanning. The existing findings will continue to exist until the instance is terminated. Once the instance is re-started, Inspector will automatically start scanning the instance again. Please note that you will not be charged for this instance while it's in a stopped state. "EXCLUDED_BY_TAG" - This resource was not scanned because it has been excluded by a tag. "IMAGE_SIZE_EXCEEDED" - Reserved for future use. "INTEGRATION_CONNNECTION_LOST" - Amazon Inspector couldn't communicate with the source code management platform. "INTERNAL_ERROR" - Amazon Inspector has encountered an internal error for this resource. Amazon Inspector service will automatically resolve the issue and resume the scanning. No action required from the user. "NO_INVENTORY" - Amazon Inspector couldn't find software application inventory to scan for vulnerabilities. This might be caused due to required Amazon Inspector associations being deleted or failing to run on your resource. Please verify the status of "InspectorInventoryCollection-do-not-delete" association in the SSM console for the resource. Additionally, you can verify the instance's inventory in the SSM Fleet Manager console. "NO_RESOURCES_FOUND" - Reserved for future use. "NO_SCAN_CONFIGURATION_ASSOCIATED" - The code repository resource doesn't have an associated scan configuration. "PENDING_DISABLE" - This resource is pending cleanup during disablement. The customer will not be billed while a resource is in the pending disable status. "PENDING_INITIAL_SCAN" - This resource has been identified for scanning, results will be available soon. "RESOURCE_TERMINATED" - This resource has been terminated. The findings and coverage associated with this resource are in the process of being cleaned up. "SCAN_ELIGIBILITY_EXPIRED" - The configured scan duration has lapsed for this image. "SCAN_FREQUENCY_MANUAL" - This image will not be covered by Amazon Inspector due to the repository scan frequency configuration. "SCAN_FREQUENCY_SCAN_ON_PUSH" - This image will be scanned one time and will not new findings because of the scan frequency configuration. "SCAN_IN_PROGRESS" - The resource is currently being scanned. "STALE_INVENTORY" - Amazon Inspector wasn't able to collect an updated software application inventory in the last 7 days. Please confirm the required Amazon Inspector associations still exist and you can still see an updated inventory in the SSM console. "SUCCESSFUL" - The scan was successful. "UNMANAGED_EC2_INSTANCE" - The EC2 instance is not managed by SSM, please use the following SSM automation to remediate the issue: https://docs.aws.amazon.com/systems- manager-automation-runbooks/latest/userguide /automation-awssupport-troubleshoot-managed- instance.html. Once the instance becomes managed by SSM, Inspector will automatically begin scanning this instance. "UNSUPPORTED_CONFIG_FILE" - Reserved for future use. "UNSUPPORTED_LANGUAGE" - The scan was unsuccessful because the repository contains files in an unsupported programming language. >>``<>``<<- The ECR image has an unsupported media type. "UNSUPPORTED_OS" - Amazon Inspector does not support this OS, architecture, or image manifest type at this time. To see a complete list of supported operating systems see: htt ps://docs.aws.amazon.com/inspector/latest/us er/supported.html. "UNSUPPORTED_RUNTIME" - The function was not scanned because it has an unsupported runtime. To see a complete list of supported runtimes see: https://docs.aws.amazon.com/in spector/latest/user/supported.html. * **lastScannedAt** *(datetime) --* The date and time the resource was last checked for vulnerabilities. * **scanMode** *(string) --* The scan method that is applied to the instance. * **NextToken** *(string) --* A token to resume pagination. Inspector2 / Client / list_delegated_admin_accounts list_delegated_admin_accounts ***************************** Inspector2.Client.list_delegated_admin_accounts(**kwargs) Lists information about the Amazon Inspector delegated administrator of your organization. See also: AWS API Documentation **Request Syntax** response = client.list_delegated_admin_accounts( maxResults=123, nextToken='string' ) Parameters: * **maxResults** (*integer*) -- The maximum number of results the response can return. If your request would return more than the maximum the response will return a "nextToken" value, use this value when you call the action again to get the remaining results. * **nextToken** (*string*) -- A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. If your response returns more than the "maxResults" maximum value it will also return a "nextToken" value. For subsequent calls, use the "nextToken" value returned from the previous request to continue listing results after the first page. Return type: dict Returns: **Response Syntax** { 'delegatedAdminAccounts': [ { 'accountId': 'string', 'status': 'ENABLED'|'DISABLE_IN_PROGRESS' }, ], 'nextToken': 'string' } **Response Structure** * *(dict) --* * **delegatedAdminAccounts** *(list) --* Details of the Amazon Inspector delegated administrator of your organization. * *(dict) --* Details of the Amazon Inspector delegated administrator for your organization. * **accountId** *(string) --* The Amazon Web Services account ID of the Amazon Inspector delegated administrator for your organization. * **status** *(string) --* The status of the Amazon Inspector delegated administrator. * **nextToken** *(string) --* A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the "NextToken" value returned from the previous request to continue listing results after the first page. **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / disable disable ******* Inspector2.Client.disable(**kwargs) Disables Amazon Inspector scans for one or more Amazon Web Services accounts. Disabling all scan types in an account disables the Amazon Inspector service. See also: AWS API Documentation **Request Syntax** response = client.disable( accountIds=[ 'string', ], resourceTypes=[ 'EC2'|'ECR'|'LAMBDA'|'LAMBDA_CODE'|'CODE_REPOSITORY', ] ) Parameters: * **accountIds** (*list*) -- An array of account IDs you want to disable Amazon Inspector scans for. * *(string) --* * **resourceTypes** (*list*) -- The resource scan types you want to disable. * *(string) --* Return type: dict Returns: **Response Syntax** { 'accounts': [ { 'accountId': 'string', 'status': 'ENABLING'|'ENABLED'|'DISABLING'|'DISABLED'|'SUSPENDING'|'SUSPENDED', 'resourceStatus': { 'ec2': 'ENABLING'|'ENABLED'|'DISABLING'|'DISABLED'|'SUSPENDING'|'SUSPENDED', 'ecr': 'ENABLING'|'ENABLED'|'DISABLING'|'DISABLED'|'SUSPENDING'|'SUSPENDED', 'lambda': 'ENABLING'|'ENABLED'|'DISABLING'|'DISABLED'|'SUSPENDING'|'SUSPENDED', 'lambdaCode': 'ENABLING'|'ENABLED'|'DISABLING'|'DISABLED'|'SUSPENDING'|'SUSPENDED', 'codeRepository': 'ENABLING'|'ENABLED'|'DISABLING'|'DISABLED'|'SUSPENDING'|'SUSPENDED' } }, ], 'failedAccounts': [ { 'accountId': 'string', 'status': 'ENABLING'|'ENABLED'|'DISABLING'|'DISABLED'|'SUSPENDING'|'SUSPENDED', 'resourceStatus': { 'ec2': 'ENABLING'|'ENABLED'|'DISABLING'|'DISABLED'|'SUSPENDING'|'SUSPENDED', 'ecr': 'ENABLING'|'ENABLED'|'DISABLING'|'DISABLED'|'SUSPENDING'|'SUSPENDED', 'lambda': 'ENABLING'|'ENABLED'|'DISABLING'|'DISABLED'|'SUSPENDING'|'SUSPENDED', 'lambdaCode': 'ENABLING'|'ENABLED'|'DISABLING'|'DISABLED'|'SUSPENDING'|'SUSPENDED', 'codeRepository': 'ENABLING'|'ENABLED'|'DISABLING'|'DISABLED'|'SUSPENDING'|'SUSPENDED' }, 'errorCode': 'ALREADY_ENABLED'|'ENABLE_IN_PROGRESS'|'DISABLE_IN_PROGRESS'|'SUSPEND_IN_PROGRESS'|'RESOURCE_NOT_FOUND'|'ACCESS_DENIED'|'INTERNAL_ERROR'|'SSM_UNAVAILABLE'|'SSM_THROTTLED'|'EVENTBRIDGE_UNAVAILABLE'|'EVENTBRIDGE_THROTTLED'|'RESOURCE_SCAN_NOT_DISABLED'|'DISASSOCIATE_ALL_MEMBERS'|'ACCOUNT_IS_ISOLATED'|'EC2_SSM_RESOURCE_DATA_SYNC_LIMIT_EXCEEDED'|'EC2_SSM_ASSOCIATION_VERSION_LIMIT_EXCEEDED', 'errorMessage': 'string' }, ] } **Response Structure** * *(dict) --* * **accounts** *(list) --* Information on the accounts that have had Amazon Inspector scans successfully disabled. Details are provided for each account. * *(dict) --* An Amazon Web Services account within your environment that Amazon Inspector has been enabled for. * **accountId** *(string) --* The ID of the Amazon Web Services account. * **status** *(string) --* The status of Amazon Inspector for the account. * **resourceStatus** *(dict) --* Details of the status of Amazon Inspector scans by resource type. * **ec2** *(string) --* The status of Amazon Inspector scanning for Amazon EC2 resources. * **ecr** *(string) --* The status of Amazon Inspector scanning for Amazon ECR resources. * **lambda** *(string) --* The status of Amazon Inspector scanning for Amazon Web Services Lambda function. * **lambdaCode** *(string) --* The status of Amazon Inspector scanning for custom application code for Amazon Web Services Lambda functions. * **codeRepository** *(string) --* The status of Amazon Inspector scanning for code repositories. * **failedAccounts** *(list) --* Information on any accounts for which Amazon Inspector scans could not be disabled. Details are provided for each account. * *(dict) --* An object with details on why an account failed to enable Amazon Inspector. * **accountId** *(string) --* The Amazon Web Services account ID. * **status** *(string) --* The status of Amazon Inspector for the account. * **resourceStatus** *(dict) --* An object detailing which resources Amazon Inspector is enabled to scan for the account. * **ec2** *(string) --* The status of Amazon Inspector scanning for Amazon EC2 resources. * **ecr** *(string) --* The status of Amazon Inspector scanning for Amazon ECR resources. * **lambda** *(string) --* The status of Amazon Inspector scanning for Amazon Web Services Lambda function. * **lambdaCode** *(string) --* The status of Amazon Inspector scanning for custom application code for Amazon Web Services Lambda functions. * **codeRepository** *(string) --* The status of Amazon Inspector scanning for code repositories. * **errorCode** *(string) --* The error code explaining why the account failed to enable Amazon Inspector. * **errorMessage** *(string) --* The error message received when the account failed to enable Amazon Inspector. **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ResourceNotFoundException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / get_clusters_for_image get_clusters_for_image ********************** Inspector2.Client.get_clusters_for_image(**kwargs) Returns a list of clusters and metadata associated with an image. See also: AWS API Documentation **Request Syntax** response = client.get_clusters_for_image( filter={ 'resourceId': 'string' }, maxResults=123, nextToken='string' ) Parameters: * **filter** (*dict*) -- **[REQUIRED]** The resource Id for the Amazon ECR image. * **resourceId** *(string) --* **[REQUIRED]** The resource Id to be used in the filter criteria. * **maxResults** (*integer*) -- The maximum number of results to be returned in a single page of results. * **nextToken** (*string*) -- The pagination token from a previous request used to retrieve the next page of results. Return type: dict Returns: **Response Syntax** { 'cluster': [ { 'clusterArn': 'string', 'clusterDetails': [ { 'lastInUse': datetime(2015, 1, 1), 'runningUnitCount': 123, 'stoppedUnitCount': 123, 'clusterMetadata': { 'awsEcsMetadataDetails': { 'detailsGroup': 'string', 'taskDefinitionArn': 'string' }, 'awsEksMetadataDetails': { 'namespace': 'string', 'workloadInfoList': [ { 'name': 'string', 'type': 'string' }, ] } } }, ] }, ], 'nextToken': 'string' } **Response Structure** * *(dict) --* * **cluster** *(list) --* A unit of work inside of a cluster, which can include metadata about the cluster. * *(dict) --* Information about the cluster. * **clusterArn** *(string) --* The cluster ARN. * **clusterDetails** *(list) --* Details about the cluster. * *(dict) --* Details about the task or pod in the cluster. * **lastInUse** *(datetime) --* The last timestamp when Amazon Inspector recorded the image in use in the task or pod in the cluster. * **runningUnitCount** *(integer) --* The number of tasks or pods where an image was running on the cluster. * **stoppedUnitCount** *(integer) --* The number of tasks or pods where an image was stopped on the cluster in the last 24 hours. * **clusterMetadata** *(dict) --* The metadata for a cluster. Note: This is a Tagged Union structure. Only one of the following top level keys will be set: "awsEcsMetadataDetails", "awsEksMetadataDetails". If a client receives an unknown member it will set "SDK_UNKNOWN_MEMBER" as the top level key, which maps to the name or tag of the unknown member. The structure of "SDK_UNKNOWN_MEMBER" is as follows: 'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'} * **awsEcsMetadataDetails** *(dict) --* The details for an Amazon ECS cluster in the cluster metadata. * **detailsGroup** *(string) --* The details group information for a task in a cluster. * **taskDefinitionArn** *(string) --* The task definition ARN. * **awsEksMetadataDetails** *(dict) --* The details for an Amazon EKS cluster in the cluster metadata. * **namespace** *(string) --* The namespace for an Amazon EKS cluster. * **workloadInfoList** *(list) --* The list of workloads. * *(dict) --* Information about the workload. * **name** *(string) --* The name of the workload. * **type** *(string) --* The workload type. * **nextToken** *(string) --* The pagination token from a previous request used to retrieve the next page of results. **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / reset_encryption_key reset_encryption_key ******************** Inspector2.Client.reset_encryption_key(**kwargs) Resets an encryption key. After the key is reset your resources will be encrypted by an Amazon Web Services owned key. See also: AWS API Documentation **Request Syntax** response = client.reset_encryption_key( scanType='NETWORK'|'PACKAGE'|'CODE', resourceType='AWS_EC2_INSTANCE'|'AWS_ECR_CONTAINER_IMAGE'|'AWS_ECR_REPOSITORY'|'AWS_LAMBDA_FUNCTION'|'CODE_REPOSITORY' ) Parameters: * **scanType** (*string*) -- **[REQUIRED]** The scan type the key encrypts. * **resourceType** (*string*) -- **[REQUIRED]** The resource type the key encrypts. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.ResourceNotFoundException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / get_paginator get_paginator ************* Inspector2.Client.get_paginator(operation_name) Create a paginator for an operation. Parameters: **operation_name** (*string*) -- The operation name. This is the same name as the method name on the client. For example, if the method name is "create_foo", and you'd normally invoke the operation as "client.create_foo(**kwargs)", if the "create_foo" operation can be paginated, you can use the call "client.get_paginator("create_foo")". Raises: **OperationNotPageableError** -- Raised if the operation is not pageable. You can use the "client.can_paginate" method to check if an operation is pageable. Return type: "botocore.paginate.Paginator" Returns: A paginator object. Inspector2 / Client / batch_associate_code_security_scan_configuration batch_associate_code_security_scan_configuration ************************************************ Inspector2.Client.batch_associate_code_security_scan_configuration(**kwargs) Associates multiple code repositories with an Amazon Inspector code security scan configuration. See also: AWS API Documentation **Request Syntax** response = client.batch_associate_code_security_scan_configuration( associateConfigurationRequests=[ { 'scanConfigurationArn': 'string', 'resource': { 'projectId': 'string' } }, ] ) Parameters: **associateConfigurationRequests** (*list*) -- **[REQUIRED]** A list of code repositories to associate with the specified scan configuration. * *(dict) --* Contains details about a request to associate a code repository with a scan configuration. * **scanConfigurationArn** *(string) --* **[REQUIRED]** The Amazon Resource Name (ARN) of the scan configuration. * **resource** *(dict) --* **[REQUIRED]** Identifies a specific resource in a code repository that will be scanned. Note: This is a Tagged Union structure. Only one of the following top level keys can be set: "projectId". * **projectId** *(string) --* The unique identifier of the project in the code repository. Return type: dict Returns: **Response Syntax** { 'failedAssociations': [ { 'scanConfigurationArn': 'string', 'resource': { 'projectId': 'string' }, 'statusCode': 'INTERNAL_ERROR'|'ACCESS_DENIED'|'SCAN_CONFIGURATION_NOT_FOUND'|'INVALID_INPUT'|'RESOURCE_NOT_FOUND'|'QUOTA_EXCEEDED', 'statusMessage': 'string' }, ], 'successfulAssociations': [ { 'scanConfigurationArn': 'string', 'resource': { 'projectId': 'string' } }, ] } **Response Structure** * *(dict) --* * **failedAssociations** *(list) --* Details of any code repositories that failed to be associated with the scan configuration. * *(dict) --* Details about a failed attempt to associate or disassociate a code repository with a scan configuration. * **scanConfigurationArn** *(string) --* The Amazon Resource Name (ARN) of the scan configuration that failed to be associated or disassociated. * **resource** *(dict) --* Identifies a specific resource in a code repository that will be scanned. Note: This is a Tagged Union structure. Only one of the following top level keys will be set: "projectId". If a client receives an unknown member it will set "SDK_UNKNOWN_MEMBER" as the top level key, which maps to the name or tag of the unknown member. The structure of "SDK_UNKNOWN_MEMBER" is as follows: 'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'} * **projectId** *(string) --* The unique identifier of the project in the code repository. * **statusCode** *(string) --* The status code indicating why the association or disassociation failed. * **statusMessage** *(string) --* A message explaining why the association or disassociation failed. * **successfulAssociations** *(list) --* Details of code repositories that were successfully associated with the scan configuration. * *(dict) --* Details about a successful association or disassociation between a code repository and a scan configuration. * **scanConfigurationArn** *(string) --* The Amazon Resource Name (ARN) of the scan configuration that was successfully associated or disassociated. * **resource** *(dict) --* Identifies a specific resource in a code repository that will be scanned. Note: This is a Tagged Union structure. Only one of the following top level keys will be set: "projectId". If a client receives an unknown member it will set "SDK_UNKNOWN_MEMBER" as the top level key, which maps to the name or tag of the unknown member. The structure of "SDK_UNKNOWN_MEMBER" is as follows: 'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'} * **projectId** *(string) --* The unique identifier of the project in the code repository. **Exceptions** * "Inspector2.Client.exceptions.ConflictException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.ResourceNotFoundException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / list_cis_scan_results_aggregated_by_checks list_cis_scan_results_aggregated_by_checks ****************************************** Inspector2.Client.list_cis_scan_results_aggregated_by_checks(**kwargs) Lists scan results aggregated by checks. See also: AWS API Documentation **Request Syntax** response = client.list_cis_scan_results_aggregated_by_checks( scanArn='string', filterCriteria={ 'accountIdFilters': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'checkIdFilters': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'titleFilters': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'platformFilters': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'failedResourcesFilters': [ { 'upperInclusive': 123, 'lowerInclusive': 123 }, ], 'securityLevelFilters': [ { 'comparison': 'EQUALS', 'value': 'LEVEL_1'|'LEVEL_2' }, ] }, sortBy='CHECK_ID'|'TITLE'|'PLATFORM'|'FAILED_COUNTS'|'SECURITY_LEVEL', sortOrder='ASC'|'DESC', nextToken='string', maxResults=123 ) Parameters: * **scanArn** (*string*) -- **[REQUIRED]** The scan ARN. * **filterCriteria** (*dict*) -- The filter criteria. * **accountIdFilters** *(list) --* The criteria's account ID filters. * *(dict) --* The CIS string filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS string filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS string filter. * **checkIdFilters** *(list) --* The criteria's check ID filters. * *(dict) --* The CIS string filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS string filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS string filter. * **titleFilters** *(list) --* The criteria's title filters. * *(dict) --* The CIS string filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS string filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS string filter. * **platformFilters** *(list) --* The criteria's platform filters. * *(dict) --* The CIS string filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS string filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS string filter. * **failedResourcesFilters** *(list) --* The criteria's failed resources filters. * *(dict) --* The CIS number filter. * **upperInclusive** *(integer) --* The CIS number filter's upper inclusive. * **lowerInclusive** *(integer) --* The CIS number filter's lower inclusive. * **securityLevelFilters** *(list) --* The criteria's security level filters. * *(dict) --* The CIS security level filter. Security level refers to the Benchmark levels that CIS assigns to a profile. * **comparison** *(string) --* **[REQUIRED]** The CIS security filter comparison value. * **value** *(string) --* **[REQUIRED]** The CIS security filter value. * **sortBy** (*string*) -- The sort by order. * **sortOrder** (*string*) -- The sort order. * **nextToken** (*string*) -- The pagination token from a previous request that's used to retrieve the next page of results. * **maxResults** (*integer*) -- The maximum number of scan results aggregated by checks to be returned in a single page of results. Return type: dict Returns: **Response Syntax** { 'checkAggregations': [ { 'scanArn': 'string', 'checkId': 'string', 'title': 'string', 'checkDescription': 'string', 'level': 'LEVEL_1'|'LEVEL_2', 'accountId': 'string', 'statusCounts': { 'failed': 123, 'skipped': 123, 'passed': 123 }, 'platform': 'string' }, ], 'nextToken': 'string' } **Response Structure** * *(dict) --* * **checkAggregations** *(list) --* The check aggregations. * *(dict) --* A CIS check. * **scanArn** *(string) --* The scan ARN for the CIS check scan ARN. * **checkId** *(string) --* The check ID for the CIS check. * **title** *(string) --* The CIS check title. * **checkDescription** *(string) --* The description for the CIS check. * **level** *(string) --* The CIS check level. * **accountId** *(string) --* The account ID for the CIS check. * **statusCounts** *(dict) --* The CIS check status counts. * **failed** *(integer) --* The number of checks that failed. * **skipped** *(integer) --* The number of checks that were skipped. * **passed** *(integer) --* The number of checks that passed. * **platform** *(string) --* The CIS check platform. * **nextToken** *(string) --* The pagination token from a previous request that's used to retrieve the next page of results. **Exceptions** * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / list_filters list_filters ************ Inspector2.Client.list_filters(**kwargs) Lists the filters associated with your account. See also: AWS API Documentation **Request Syntax** response = client.list_filters( arns=[ 'string', ], action='NONE'|'SUPPRESS', nextToken='string', maxResults=123 ) Parameters: * **arns** (*list*) -- The Amazon resource number (ARN) of the filter. * *(string) --* * **action** (*string*) -- The action the filter applies to matched findings. * **nextToken** (*string*) -- A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. If your response returns more than the "maxResults" maximum value it will also return a "nextToken" value. For subsequent calls, use the "nextToken" value returned from the previous request to continue listing results after the first page. * **maxResults** (*integer*) -- The maximum number of results the response can return. If your request would return more than the maximum the response will return a "nextToken" value, use this value when you call the action again to get the remaining results. Return type: dict Returns: **Response Syntax** { 'filters': [ { 'arn': 'string', 'ownerId': 'string', 'name': 'string', 'criteria': { 'findingArn': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'awsAccountId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'findingType': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'severity': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'firstObservedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'lastObservedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'updatedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'findingStatus': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'title': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'inspectorScore': [ { 'upperInclusive': 123.0, 'lowerInclusive': 123.0 }, ], 'resourceType': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'resourceId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'resourceTags': [ { 'comparison': 'EQUALS', 'key': 'string', 'value': 'string' }, ], 'ec2InstanceImageId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ec2InstanceVpcId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ec2InstanceSubnetId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImagePushedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'ecrImageArchitecture': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageRegistry': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageRepositoryName': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageTags': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageHash': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageLastInUseAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'ecrImageInUseCount': [ { 'upperInclusive': 123.0, 'lowerInclusive': 123.0 }, ], 'portRange': [ { 'beginInclusive': 123, 'endInclusive': 123 }, ], 'networkProtocol': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'componentId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'componentType': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'vulnerabilityId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'vulnerabilitySource': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'vendorSeverity': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'vulnerablePackages': [ { 'name': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'version': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'epoch': { 'upperInclusive': 123.0, 'lowerInclusive': 123.0 }, 'release': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'architecture': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'sourceLayerHash': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'sourceLambdaLayerArn': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'filePath': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' } }, ], 'relatedVulnerabilities': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'fixAvailable': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionName': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionLayers': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionRuntime': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionLastModifiedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'lambdaFunctionExecutionRoleArn': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'exploitAvailable': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'codeVulnerabilityDetectorName': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'codeVulnerabilityDetectorTags': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'codeVulnerabilityFilePath': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'epssScore': [ { 'upperInclusive': 123.0, 'lowerInclusive': 123.0 }, ], 'codeRepositoryProjectName': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'codeRepositoryProviderType': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ] }, 'action': 'NONE'|'SUPPRESS', 'createdAt': datetime(2015, 1, 1), 'updatedAt': datetime(2015, 1, 1), 'description': 'string', 'reason': 'string', 'tags': { 'string': 'string' } }, ], 'nextToken': 'string' } **Response Structure** * *(dict) --* * **filters** *(list) --* Contains details on the filters associated with your account. * *(dict) --* Details about a filter. * **arn** *(string) --* The Amazon Resource Number (ARN) associated with this filter. * **ownerId** *(string) --* The Amazon Web Services account ID of the account that created the filter. * **name** *(string) --* The name of the filter. * **criteria** *(dict) --* Details on the filter criteria associated with this filter. * **findingArn** *(list) --* Details on the finding ARNs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **awsAccountId** *(list) --* Details of the Amazon Web Services account IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **findingType** *(list) --* Details on the finding types used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **severity** *(list) --* Details on the severity used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **firstObservedAt** *(list) --* Details on the date and time a finding was first seen used to filter findings. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **lastObservedAt** *(list) --* Details on the date and time a finding was last seen used to filter findings. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **updatedAt** *(list) --* Details on the date and time a finding was last updated at used to filter findings. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **findingStatus** *(list) --* Details on the finding status types used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **title** *(list) --* Details on the finding title used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **inspectorScore** *(list) --* The Amazon Inspector score to filter on. * *(dict) --* An object that describes the details of a number filter. * **upperInclusive** *(float) --* The highest number to be included in the filter. * **lowerInclusive** *(float) --* The lowest number to be included in the filter. * **resourceType** *(list) --* Details on the resource types used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **resourceId** *(list) --* Details on the resource IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **resourceTags** *(list) --* Details on the resource tags used to filter findings. * *(dict) --* An object that describes details of a map filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **key** *(string) --* The tag key used in the filter. * **value** *(string) --* The tag value used in the filter. * **ec2InstanceImageId** *(list) --* Details of the Amazon EC2 instance image IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **ec2InstanceVpcId** *(list) --* Details of the Amazon EC2 instance VPC IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **ec2InstanceSubnetId** *(list) --* Details of the Amazon EC2 instance subnet IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **ecrImagePushedAt** *(list) --* Details on the Amazon ECR image push date and time used to filter findings. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **ecrImageArchitecture** *(list) --* Details of the Amazon ECR image architecture types used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **ecrImageRegistry** *(list) --* Details on the Amazon ECR registry used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **ecrImageRepositoryName** *(list) --* Details on the name of the Amazon ECR repository used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **ecrImageTags** *(list) --* The tags attached to the Amazon ECR container image. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **ecrImageHash** *(list) --* Details of the Amazon ECR image hashes used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **ecrImageLastInUseAt** *(list) --* Filter criteria indicating when an Amazon ECR image was last used in an Amazon ECS cluster task or Amazon EKS cluster pod. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **ecrImageInUseCount** *(list) --* Filter criteria indicating when details for an Amazon ECR image include when an Amazon ECR image is in use. * *(dict) --* An object that describes the details of a number filter. * **upperInclusive** *(float) --* The highest number to be included in the filter. * **lowerInclusive** *(float) --* The lowest number to be included in the filter. * **portRange** *(list) --* Details on the port ranges used to filter findings. * *(dict) --* An object that describes the details of a port range filter. * **beginInclusive** *(integer) --* The port number the port range begins at. * **endInclusive** *(integer) --* The port number the port range ends at. * **networkProtocol** *(list) --* Details on network protocol used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **componentId** *(list) --* Details of the component IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **componentType** *(list) --* Details of the component types used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **vulnerabilityId** *(list) --* Details on the vulnerability ID used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **vulnerabilitySource** *(list) --* Details on the vulnerability type used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **vendorSeverity** *(list) --* Details on the vendor severity used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **vulnerablePackages** *(list) --* Details on the vulnerable packages used to filter findings. * *(dict) --* Contains information on the details of a package filter. * **name** *(dict) --* An object that contains details on the name of the package to filter on. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **version** *(dict) --* The package version to filter on. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **epoch** *(dict) --* An object that contains details on the package epoch to filter on. * **upperInclusive** *(float) --* The highest number to be included in the filter. * **lowerInclusive** *(float) --* The lowest number to be included in the filter. * **release** *(dict) --* An object that contains details on the package release to filter on. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **architecture** *(dict) --* An object that contains details on the package architecture type to filter on. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **sourceLayerHash** *(dict) --* An object that contains details on the source layer hash to filter on. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **sourceLambdaLayerArn** *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **filePath** *(dict) --* An object that contains details on the package file path to filter on. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **relatedVulnerabilities** *(list) --* Details on the related vulnerabilities used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **fixAvailable** *(list) --* Details on whether a fix is available through a version update. This value can be "YES", "NO", or "PARTIAL". A "PARTIAL" fix means that some, but not all, of the packages identified in the finding have fixes available through updated versions. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **lambdaFunctionName** *(list) --* Filters the list of Amazon Web Services Lambda functions by the name of the function. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **lambdaFunctionLayers** *(list) --* Filters the list of Amazon Web Services Lambda functions by the function's layers. A Lambda function can have up to five layers. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **lambdaFunctionRuntime** *(list) --* Filters the list of Amazon Web Services Lambda functions by the runtime environment for the Lambda function. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **lambdaFunctionLastModifiedAt** *(list) --* Filters the list of Amazon Web Services Lambda functions by the date and time that a user last updated the configuration, in ISO 8601 format * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **lambdaFunctionExecutionRoleArn** *(list) --* Filters the list of Amazon Web Services Lambda functions by execution role. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **exploitAvailable** *(list) --* Filters the list of Amazon Web Services Lambda findings by the availability of exploits. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **codeVulnerabilityDetectorName** *(list) --* The name of the detector used to identify a code vulnerability in a Lambda function used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **codeVulnerabilityDetectorTags** *(list) --* The detector type tag associated with the vulnerability used to filter findings. Detector tags group related vulnerabilities by common themes or tactics. For a list of available tags by programming language, see Java tags, or Python tags. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **codeVulnerabilityFilePath** *(list) --* The file path to the file in a Lambda function that contains a code vulnerability used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **epssScore** *(list) --* The EPSS score used to filter findings. * *(dict) --* An object that describes the details of a number filter. * **upperInclusive** *(float) --* The highest number to be included in the filter. * **lowerInclusive** *(float) --* The lowest number to be included in the filter. * **codeRepositoryProjectName** *(list) --* Filter criteria for findings based on the project name in a code repository. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **codeRepositoryProviderType** *(list) --* Filter criteria for findings based on the repository provider type (such as GitHub, GitLab, etc.). * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **action** *(string) --* The action that is to be applied to the findings that match the filter. * **createdAt** *(datetime) --* The date and time this filter was created at. * **updatedAt** *(datetime) --* The date and time the filter was last updated at. * **description** *(string) --* A description of the filter. * **reason** *(string) --* The reason for the filter. * **tags** *(dict) --* The tags attached to the filter. * *(string) --* * *(string) --* * **nextToken** *(string) --* A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the "NextToken" value returned from the previous request to continue listing results after the first page. **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / update_org_ec2_deep_inspection_configuration update_org_ec2_deep_inspection_configuration ******************************************** Inspector2.Client.update_org_ec2_deep_inspection_configuration(**kwargs) Updates the Amazon Inspector deep inspection custom paths for your organization. You must be an Amazon Inspector delegated administrator to use this API. See also: AWS API Documentation **Request Syntax** response = client.update_org_ec2_deep_inspection_configuration( orgPackagePaths=[ 'string', ] ) Parameters: **orgPackagePaths** (*list*) -- **[REQUIRED]** The Amazon Inspector deep inspection custom paths you are adding for your organization. * *(string) --* Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / list_usage_totals list_usage_totals ***************** Inspector2.Client.list_usage_totals(**kwargs) Lists the Amazon Inspector usage totals over the last 30 days. See also: AWS API Documentation **Request Syntax** response = client.list_usage_totals( maxResults=123, nextToken='string', accountIds=[ 'string', ] ) Parameters: * **maxResults** (*integer*) -- The maximum number of results the response can return. If your request would return more than the maximum the response will return a "nextToken" value, use this value when you call the action again to get the remaining results. * **nextToken** (*string*) -- A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. If your response returns more than the "maxResults" maximum value it will also return a "nextToken" value. For subsequent calls, use the "nextToken" value returned from the previous request to continue listing results after the first page. * **accountIds** (*list*) -- The Amazon Web Services account IDs to retrieve usage totals for. * *(string) --* Return type: dict Returns: **Response Syntax** { 'nextToken': 'string', 'totals': [ { 'accountId': 'string', 'usage': [ { 'type': 'EC2_INSTANCE_HOURS'|'ECR_INITIAL_SCAN'|'ECR_RESCAN'|'LAMBDA_FUNCTION_HOURS'|'LAMBDA_FUNCTION_CODE_HOURS'|'CODE_REPOSITORY_SAST'|'CODE_REPOSITORY_IAC'|'CODE_REPOSITORY_SCA'|'EC2_AGENTLESS_INSTANCE_HOURS', 'total': 123.0, 'estimatedMonthlyCost': 123.0, 'currency': 'USD' }, ] }, ] } **Response Structure** * *(dict) --* * **nextToken** *(string) --* The pagination parameter to be used on the next list operation to retrieve more items. * **totals** *(list) --* An object with details on the total usage for the requested account. * *(dict) --* The total of usage for an account ID. * **accountId** *(string) --* The account ID of the account that usage data was retrieved for. * **usage** *(list) --* An object representing the total usage for an account. * *(dict) --* Contains usage information about the cost of Amazon Inspector operation. * **type** *(string) --* The type scan. * **total** *(float) --* The total of usage. * **estimatedMonthlyCost** *(float) --* The estimated monthly cost of Amazon Inspector. * **currency** *(string) --* The currency type used when calculating usage data. **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / get_cis_scan_result_details get_cis_scan_result_details *************************** Inspector2.Client.get_cis_scan_result_details(**kwargs) Retrieves CIS scan result details. See also: AWS API Documentation **Request Syntax** response = client.get_cis_scan_result_details( scanArn='string', targetResourceId='string', accountId='string', filterCriteria={ 'findingStatusFilters': [ { 'comparison': 'EQUALS', 'value': 'PASSED'|'FAILED'|'SKIPPED' }, ], 'checkIdFilters': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'titleFilters': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'securityLevelFilters': [ { 'comparison': 'EQUALS', 'value': 'LEVEL_1'|'LEVEL_2' }, ], 'findingArnFilters': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ] }, sortBy='CHECK_ID'|'STATUS', sortOrder='ASC'|'DESC', nextToken='string', maxResults=123 ) Parameters: * **scanArn** (*string*) -- **[REQUIRED]** The scan ARN. * **targetResourceId** (*string*) -- **[REQUIRED]** The target resource ID. * **accountId** (*string*) -- **[REQUIRED]** The account ID. * **filterCriteria** (*dict*) -- The filter criteria. * **findingStatusFilters** *(list) --* The criteria's finding status filters. * *(dict) --* The CIS finding status filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS finding status filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS finding status filter. * **checkIdFilters** *(list) --* The criteria's check ID filters. * *(dict) --* The CIS string filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS string filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS string filter. * **titleFilters** *(list) --* The criteria's title filters. * *(dict) --* The CIS string filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS string filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS string filter. * **securityLevelFilters** *(list) --* The criteria's security level filters. . Security level refers to the Benchmark levels that CIS assigns to a profile. * *(dict) --* The CIS security level filter. Security level refers to the Benchmark levels that CIS assigns to a profile. * **comparison** *(string) --* **[REQUIRED]** The CIS security filter comparison value. * **value** *(string) --* **[REQUIRED]** The CIS security filter value. * **findingArnFilters** *(list) --* The criteria's finding ARN filters. * *(dict) --* The CIS string filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS string filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS string filter. * **sortBy** (*string*) -- The sort by order. * **sortOrder** (*string*) -- The sort order. * **nextToken** (*string*) -- The pagination token from a previous request that's used to retrieve the next page of results. * **maxResults** (*integer*) -- The maximum number of CIS scan result details to be returned in a single page of results. Return type: dict Returns: **Response Syntax** { 'scanResultDetails': [ { 'scanArn': 'string', 'accountId': 'string', 'targetResourceId': 'string', 'platform': 'string', 'status': 'PASSED'|'FAILED'|'SKIPPED', 'statusReason': 'string', 'checkId': 'string', 'title': 'string', 'checkDescription': 'string', 'remediation': 'string', 'level': 'LEVEL_1'|'LEVEL_2', 'findingArn': 'string' }, ], 'nextToken': 'string' } **Response Structure** * *(dict) --* * **scanResultDetails** *(list) --* The scan result details. * *(dict) --* The CIS scan result details. * **scanArn** *(string) --* The CIS scan result details' scan ARN. * **accountId** *(string) --* The CIS scan result details' account ID. * **targetResourceId** *(string) --* The CIS scan result details' target resource ID. * **platform** *(string) --* The CIS scan result details' platform. * **status** *(string) --* The CIS scan result details' status. * **statusReason** *(string) --* The CIS scan result details' status reason. * **checkId** *(string) --* The CIS scan result details' check ID. * **title** *(string) --* The CIS scan result details' title. * **checkDescription** *(string) --* The account ID that's associated with the CIS scan result details. * **remediation** *(string) --* The CIS scan result details' remediation. * **level** *(string) --* The CIS scan result details' level. * **findingArn** *(string) --* The CIS scan result details' finding ARN. * **nextToken** *(string) --* The pagination token from a previous request that's used to retrieve the next page of results. **Exceptions** * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / can_paginate can_paginate ************ Inspector2.Client.can_paginate(operation_name) Check if an operation can be paginated. Parameters: **operation_name** (*string*) -- The operation name. This is the same name as the method name on the client. For example, if the method name is "create_foo", and you'd normally invoke the operation as "client.create_foo(**kwargs)", if the "create_foo" operation can be paginated, you can use the call "client.get_paginator("create_foo")". Returns: "True" if the operation can be paginated, "False" otherwise. Inspector2 / Client / create_findings_report create_findings_report ********************** Inspector2.Client.create_findings_report(**kwargs) Creates a finding report. By default only "ACTIVE" findings are returned in the report. To see "SUPRESSED" or "CLOSED" findings you must specify a value for the "findingStatus" filter criteria. See also: AWS API Documentation **Request Syntax** response = client.create_findings_report( filterCriteria={ 'findingArn': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'awsAccountId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'findingType': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'severity': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'firstObservedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'lastObservedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'updatedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'findingStatus': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'title': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'inspectorScore': [ { 'upperInclusive': 123.0, 'lowerInclusive': 123.0 }, ], 'resourceType': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'resourceId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'resourceTags': [ { 'comparison': 'EQUALS', 'key': 'string', 'value': 'string' }, ], 'ec2InstanceImageId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ec2InstanceVpcId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ec2InstanceSubnetId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImagePushedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'ecrImageArchitecture': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageRegistry': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageRepositoryName': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageTags': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageHash': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageLastInUseAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'ecrImageInUseCount': [ { 'upperInclusive': 123.0, 'lowerInclusive': 123.0 }, ], 'portRange': [ { 'beginInclusive': 123, 'endInclusive': 123 }, ], 'networkProtocol': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'componentId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'componentType': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'vulnerabilityId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'vulnerabilitySource': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'vendorSeverity': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'vulnerablePackages': [ { 'name': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'version': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'epoch': { 'upperInclusive': 123.0, 'lowerInclusive': 123.0 }, 'release': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'architecture': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'sourceLayerHash': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'sourceLambdaLayerArn': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'filePath': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' } }, ], 'relatedVulnerabilities': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'fixAvailable': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionName': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionLayers': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionRuntime': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionLastModifiedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'lambdaFunctionExecutionRoleArn': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'exploitAvailable': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'codeVulnerabilityDetectorName': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'codeVulnerabilityDetectorTags': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'codeVulnerabilityFilePath': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'epssScore': [ { 'upperInclusive': 123.0, 'lowerInclusive': 123.0 }, ], 'codeRepositoryProjectName': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'codeRepositoryProviderType': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ] }, reportFormat='CSV'|'JSON', s3Destination={ 'bucketName': 'string', 'keyPrefix': 'string', 'kmsKeyArn': 'string' } ) Parameters: * **filterCriteria** (*dict*) -- The filter criteria to apply to the results of the finding report. * **findingArn** *(list) --* Details on the finding ARNs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **awsAccountId** *(list) --* Details of the Amazon Web Services account IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **findingType** *(list) --* Details on the finding types used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **severity** *(list) --* Details on the severity used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **firstObservedAt** *(list) --* Details on the date and time a finding was first seen used to filter findings. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **lastObservedAt** *(list) --* Details on the date and time a finding was last seen used to filter findings. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **updatedAt** *(list) --* Details on the date and time a finding was last updated at used to filter findings. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **findingStatus** *(list) --* Details on the finding status types used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **title** *(list) --* Details on the finding title used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **inspectorScore** *(list) --* The Amazon Inspector score to filter on. * *(dict) --* An object that describes the details of a number filter. * **upperInclusive** *(float) --* The highest number to be included in the filter. * **lowerInclusive** *(float) --* The lowest number to be included in the filter. * **resourceType** *(list) --* Details on the resource types used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **resourceId** *(list) --* Details on the resource IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **resourceTags** *(list) --* Details on the resource tags used to filter findings. * *(dict) --* An object that describes details of a map filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **key** *(string) --* **[REQUIRED]** The tag key used in the filter. * **value** *(string) --* The tag value used in the filter. * **ec2InstanceImageId** *(list) --* Details of the Amazon EC2 instance image IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **ec2InstanceVpcId** *(list) --* Details of the Amazon EC2 instance VPC IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **ec2InstanceSubnetId** *(list) --* Details of the Amazon EC2 instance subnet IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **ecrImagePushedAt** *(list) --* Details on the Amazon ECR image push date and time used to filter findings. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **ecrImageArchitecture** *(list) --* Details of the Amazon ECR image architecture types used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **ecrImageRegistry** *(list) --* Details on the Amazon ECR registry used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **ecrImageRepositoryName** *(list) --* Details on the name of the Amazon ECR repository used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **ecrImageTags** *(list) --* The tags attached to the Amazon ECR container image. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **ecrImageHash** *(list) --* Details of the Amazon ECR image hashes used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **ecrImageLastInUseAt** *(list) --* Filter criteria indicating when an Amazon ECR image was last used in an Amazon ECS cluster task or Amazon EKS cluster pod. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **ecrImageInUseCount** *(list) --* Filter criteria indicating when details for an Amazon ECR image include when an Amazon ECR image is in use. * *(dict) --* An object that describes the details of a number filter. * **upperInclusive** *(float) --* The highest number to be included in the filter. * **lowerInclusive** *(float) --* The lowest number to be included in the filter. * **portRange** *(list) --* Details on the port ranges used to filter findings. * *(dict) --* An object that describes the details of a port range filter. * **beginInclusive** *(integer) --* The port number the port range begins at. * **endInclusive** *(integer) --* The port number the port range ends at. * **networkProtocol** *(list) --* Details on network protocol used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **componentId** *(list) --* Details of the component IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **componentType** *(list) --* Details of the component types used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **vulnerabilityId** *(list) --* Details on the vulnerability ID used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **vulnerabilitySource** *(list) --* Details on the vulnerability type used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **vendorSeverity** *(list) --* Details on the vendor severity used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **vulnerablePackages** *(list) --* Details on the vulnerable packages used to filter findings. * *(dict) --* Contains information on the details of a package filter. * **name** *(dict) --* An object that contains details on the name of the package to filter on. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **version** *(dict) --* The package version to filter on. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **epoch** *(dict) --* An object that contains details on the package epoch to filter on. * **upperInclusive** *(float) --* The highest number to be included in the filter. * **lowerInclusive** *(float) --* The lowest number to be included in the filter. * **release** *(dict) --* An object that contains details on the package release to filter on. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **architecture** *(dict) --* An object that contains details on the package architecture type to filter on. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **sourceLayerHash** *(dict) --* An object that contains details on the source layer hash to filter on. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **sourceLambdaLayerArn** *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **filePath** *(dict) --* An object that contains details on the package file path to filter on. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **relatedVulnerabilities** *(list) --* Details on the related vulnerabilities used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **fixAvailable** *(list) --* Details on whether a fix is available through a version update. This value can be "YES", "NO", or "PARTIAL". A "PARTIAL" fix means that some, but not all, of the packages identified in the finding have fixes available through updated versions. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **lambdaFunctionName** *(list) --* Filters the list of Amazon Web Services Lambda functions by the name of the function. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **lambdaFunctionLayers** *(list) --* Filters the list of Amazon Web Services Lambda functions by the function's layers. A Lambda function can have up to five layers. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **lambdaFunctionRuntime** *(list) --* Filters the list of Amazon Web Services Lambda functions by the runtime environment for the Lambda function. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **lambdaFunctionLastModifiedAt** *(list) --* Filters the list of Amazon Web Services Lambda functions by the date and time that a user last updated the configuration, in ISO 8601 format * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **lambdaFunctionExecutionRoleArn** *(list) --* Filters the list of Amazon Web Services Lambda functions by execution role. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **exploitAvailable** *(list) --* Filters the list of Amazon Web Services Lambda findings by the availability of exploits. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **codeVulnerabilityDetectorName** *(list) --* The name of the detector used to identify a code vulnerability in a Lambda function used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **codeVulnerabilityDetectorTags** *(list) --* The detector type tag associated with the vulnerability used to filter findings. Detector tags group related vulnerabilities by common themes or tactics. For a list of available tags by programming language, see Java tags, or Python tags. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **codeVulnerabilityFilePath** *(list) --* The file path to the file in a Lambda function that contains a code vulnerability used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **epssScore** *(list) --* The EPSS score used to filter findings. * *(dict) --* An object that describes the details of a number filter. * **upperInclusive** *(float) --* The highest number to be included in the filter. * **lowerInclusive** *(float) --* The lowest number to be included in the filter. * **codeRepositoryProjectName** *(list) --* Filter criteria for findings based on the project name in a code repository. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **codeRepositoryProviderType** *(list) --* Filter criteria for findings based on the repository provider type (such as GitHub, GitLab, etc.). * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **reportFormat** (*string*) -- **[REQUIRED]** The format to generate the report in. * **s3Destination** (*dict*) -- **[REQUIRED]** The Amazon S3 export destination for the report. * **bucketName** *(string) --* **[REQUIRED]** The name of the Amazon S3 bucket to export findings to. * **keyPrefix** *(string) --* The prefix that the findings will be written under. * **kmsKeyArn** *(string) --* **[REQUIRED]** The ARN of the KMS key used to encrypt data when exporting findings. Return type: dict Returns: **Response Syntax** { 'reportId': 'string' } **Response Structure** * *(dict) --* * **reportId** *(string) --* The ID of the report. **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ResourceNotFoundException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / create_code_security_integration create_code_security_integration ******************************** Inspector2.Client.create_code_security_integration(**kwargs) Creates a code security integration with a source code repository provider. After calling the "CreateCodeSecurityIntegration" operation, you complete authentication and authorization with your provider. Next you call the "UpdateCodeSecurityIntegration" operation to provide the "details" to complete the integration setup See also: AWS API Documentation **Request Syntax** response = client.create_code_security_integration( name='string', type='GITLAB_SELF_MANAGED'|'GITHUB', details={ 'gitlabSelfManaged': { 'instanceUrl': 'string', 'accessToken': 'string' } }, tags={ 'string': 'string' } ) Parameters: * **name** (*string*) -- **[REQUIRED]** The name of the code security integration. * **type** (*string*) -- **[REQUIRED]** The type of repository provider for the integration. * **details** (*dict*) -- The integration details specific to the repository provider type. Note: This is a Tagged Union structure. Only one of the following top level keys can be set: "gitlabSelfManaged". * **gitlabSelfManaged** *(dict) --* Details specific to creating an integration with a self- managed GitLab instance. * **instanceUrl** *(string) --* **[REQUIRED]** The URL of the self-managed GitLab instance. * **accessToken** *(string) --* **[REQUIRED]** The personal access token used to authenticate with the self-managed GitLab instance. * **tags** (*dict*) -- The tags to apply to the code security integration. * *(string) --* * *(string) --* Return type: dict Returns: **Response Syntax** { 'integrationArn': 'string', 'status': 'PENDING'|'IN_PROGRESS'|'ACTIVE'|'INACTIVE'|'DISABLING', 'authorizationUrl': 'string' } **Response Structure** * *(dict) --* * **integrationArn** *(string) --* The Amazon Resource Name (ARN) of the created code security integration. * **status** *(string) --* The current status of the code security integration. * **authorizationUrl** *(string) --* The URL used to authorize the integration with the repository provider. **Exceptions** * "Inspector2.Client.exceptions.ServiceQuotaExceededException" * "Inspector2.Client.exceptions.ConflictException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / disable_delegated_admin_account disable_delegated_admin_account ******************************* Inspector2.Client.disable_delegated_admin_account(**kwargs) Disables the Amazon Inspector delegated administrator for your organization. See also: AWS API Documentation **Request Syntax** response = client.disable_delegated_admin_account( delegatedAdminAccountId='string' ) Parameters: **delegatedAdminAccountId** (*string*) -- **[REQUIRED]** The Amazon Web Services account ID of the current Amazon Inspector delegated administrator. Return type: dict Returns: **Response Syntax** { 'delegatedAdminAccountId': 'string' } **Response Structure** * *(dict) --* * **delegatedAdminAccountId** *(string) --* The Amazon Web Services account ID of the successfully disabled delegated administrator. **Exceptions** * "Inspector2.Client.exceptions.ConflictException" * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ResourceNotFoundException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / list_account_permissions list_account_permissions ************************ Inspector2.Client.list_account_permissions(**kwargs) Lists the permissions an account has to configure Amazon Inspector. See also: AWS API Documentation **Request Syntax** response = client.list_account_permissions( service='EC2'|'ECR'|'LAMBDA', maxResults=123, nextToken='string' ) Parameters: * **service** (*string*) -- The service scan type to check permissions for. * **maxResults** (*integer*) -- The maximum number of results the response can return. If your request would return more than the maximum the response will return a "nextToken" value, use this value when you call the action again to get the remaining results. * **nextToken** (*string*) -- A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. If your response returns more than the "maxResults" maximum value it will also return a "nextToken" value. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page. Return type: dict Returns: **Response Syntax** { 'permissions': [ { 'service': 'EC2'|'ECR'|'LAMBDA', 'operation': 'ENABLE_SCANNING'|'DISABLE_SCANNING'|'ENABLE_REPOSITORY'|'DISABLE_REPOSITORY' }, ], 'nextToken': 'string' } **Response Structure** * *(dict) --* * **permissions** *(list) --* Contains details on the permissions an account has to configure Amazon Inspector. * *(dict) --* Contains information on the permissions an account has within Amazon Inspector. * **service** *(string) --* The services that the permissions allow an account to perform the given operations for. * **operation** *(string) --* The operations that can be performed with the given permissions. * **nextToken** *(string) --* A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the "NextToken" value returned from the previous request to continue listing results after the first page. **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / get_code_security_scan get_code_security_scan ********************** Inspector2.Client.get_code_security_scan(**kwargs) Retrieves information about a specific code security scan. See also: AWS API Documentation **Request Syntax** response = client.get_code_security_scan( resource={ 'projectId': 'string' }, scanId='string' ) Parameters: * **resource** (*dict*) -- **[REQUIRED]** The resource identifier for the code repository that was scanned. Note: This is a Tagged Union structure. Only one of the following top level keys can be set: "projectId". * **projectId** *(string) --* The unique identifier of the project in the code repository. * **scanId** (*string*) -- **[REQUIRED]** The unique identifier of the scan to retrieve. Return type: dict Returns: **Response Syntax** { 'scanId': 'string', 'resource': { 'projectId': 'string' }, 'accountId': 'string', 'status': 'IN_PROGRESS'|'SUCCESSFUL'|'FAILED'|'SKIPPED', 'statusReason': 'string', 'createdAt': datetime(2015, 1, 1), 'updatedAt': datetime(2015, 1, 1), 'lastCommitId': 'string' } **Response Structure** * *(dict) --* * **scanId** *(string) --* The unique identifier of the scan. * **resource** *(dict) --* The resource identifier for the code repository that was scanned. Note: This is a Tagged Union structure. Only one of the following top level keys will be set: "projectId". If a client receives an unknown member it will set "SDK_UNKNOWN_MEMBER" as the top level key, which maps to the name or tag of the unknown member. The structure of "SDK_UNKNOWN_MEMBER" is as follows: 'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'} * **projectId** *(string) --* The unique identifier of the project in the code repository. * **accountId** *(string) --* The Amazon Web Services account ID associated with the scan. * **status** *(string) --* The current status of the scan. * **statusReason** *(string) --* The reason for the current status of the scan. * **createdAt** *(datetime) --* The timestamp when the scan was created. * **updatedAt** *(datetime) --* The timestamp when the scan was last updated. * **lastCommitId** *(string) --* The identifier of the last commit that was scanned. This is only returned if the scan was successful or skipped. **Exceptions** * "Inspector2.Client.exceptions.ConflictException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.ResourceNotFoundException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / update_configuration update_configuration ******************** Inspector2.Client.update_configuration(**kwargs) Updates setting configurations for your Amazon Inspector account. When you use this API as an Amazon Inspector delegated administrator this updates the setting for all accounts you manage. Member accounts in an organization cannot update this setting. See also: AWS API Documentation **Request Syntax** response = client.update_configuration( ecrConfiguration={ 'rescanDuration': 'LIFETIME'|'DAYS_30'|'DAYS_180'|'DAYS_14'|'DAYS_60'|'DAYS_90', 'pullDateRescanDuration': 'DAYS_14'|'DAYS_30'|'DAYS_60'|'DAYS_90'|'DAYS_180', 'pullDateRescanMode': 'LAST_PULL_DATE'|'LAST_IN_USE_AT' }, ec2Configuration={ 'scanMode': 'EC2_SSM_AGENT_BASED'|'EC2_HYBRID' } ) Parameters: * **ecrConfiguration** (*dict*) -- Specifies how the ECR automated re-scan will be updated for your environment. * **rescanDuration** *(string) --* **[REQUIRED]** The rescan duration configured for image push date. * **pullDateRescanDuration** *(string) --* The rescan duration configured for image pull date. * **pullDateRescanMode** *(string) --* The pull date for the re-scan mode. * **ec2Configuration** (*dict*) -- Specifies how the Amazon EC2 automated scan will be updated for your environment. * **scanMode** *(string) --* **[REQUIRED]** The scan method that is applied to the instance. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / list_coverage_statistics list_coverage_statistics ************************ Inspector2.Client.list_coverage_statistics(**kwargs) Lists Amazon Inspector coverage statistics for your environment. See also: AWS API Documentation **Request Syntax** response = client.list_coverage_statistics( filterCriteria={ 'scanStatusCode': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'scanStatusReason': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'accountId': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'resourceId': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'resourceType': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'scanType': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrRepositoryName': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageTags': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'ec2InstanceTags': [ { 'comparison': 'EQUALS', 'key': 'string', 'value': 'string' }, ], 'lambdaFunctionName': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionTags': [ { 'comparison': 'EQUALS', 'key': 'string', 'value': 'string' }, ], 'lambdaFunctionRuntime': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'lastScannedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'scanMode': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'imagePulledAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'ecrImageLastInUseAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'ecrImageInUseCount': [ { 'upperInclusive': 123, 'lowerInclusive': 123 }, ], 'codeRepositoryProjectName': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'codeRepositoryProviderType': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'codeRepositoryProviderTypeVisibility': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'lastScannedCommitId': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ] }, groupBy='SCAN_STATUS_CODE'|'SCAN_STATUS_REASON'|'ACCOUNT_ID'|'RESOURCE_TYPE'|'ECR_REPOSITORY_NAME', nextToken='string' ) Parameters: * **filterCriteria** (*dict*) -- An object that contains details on the filters to apply to the coverage data for your environment. * **scanStatusCode** *(list) --* The scan status code to filter on. Valid values are: "ValidationException", "InternalServerException", "ResourceNotFoundException", "BadRequestException", and "ThrottlingException". * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **scanStatusReason** *(list) --* The scan status reason to filter on. * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **accountId** *(list) --* An array of Amazon Web Services account IDs to return coverage statistics for. * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **resourceId** *(list) --* An array of Amazon Web Services resource IDs to return coverage statistics for. * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **resourceType** *(list) --* An array of Amazon Web Services resource types to return coverage statistics for. The values can be "AWS_EC2_INSTANCE", "AWS_LAMBDA_FUNCTION", "AWS_ECR_CONTAINER_IMAGE", "AWS_ECR_REPOSITORY" or "AWS_ACCOUNT". * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **scanType** *(list) --* An array of Amazon Inspector scan types to return coverage statistics for. * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **ecrRepositoryName** *(list) --* The Amazon ECR repository name to filter on. * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **ecrImageTags** *(list) --* The Amazon ECR image tags to filter on. * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **ec2InstanceTags** *(list) --* The Amazon EC2 instance tags to filter on. * *(dict) --* Contains details of a coverage map filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare coverage on. * **key** *(string) --* **[REQUIRED]** The tag key associated with the coverage map filter. * **value** *(string) --* The tag value associated with the coverage map filter. * **lambdaFunctionName** *(list) --* Returns coverage statistics for Amazon Web Services Lambda functions filtered by function names. * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **lambdaFunctionTags** *(list) --* Returns coverage statistics for Amazon Web Services Lambda functions filtered by tag. * *(dict) --* Contains details of a coverage map filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare coverage on. * **key** *(string) --* **[REQUIRED]** The tag key associated with the coverage map filter. * **value** *(string) --* The tag value associated with the coverage map filter. * **lambdaFunctionRuntime** *(list) --* Returns coverage statistics for Amazon Web Services Lambda functions filtered by runtime. * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **lastScannedAt** *(list) --* Filters Amazon Web Services resources based on whether Amazon Inspector has checked them for vulnerabilities within the specified time range. * *(dict) --* Contains details of a coverage date filter. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period to filter results by. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period to filter results by. * **scanMode** *(list) --* The filter to search for Amazon EC2 instance coverage by scan mode. Valid values are "EC2_SSM_AGENT_BASED" and "EC2_AGENTLESS". * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **imagePulledAt** *(list) --* The date an image was last pulled at. * *(dict) --* Contains details of a coverage date filter. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period to filter results by. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period to filter results by. * **ecrImageLastInUseAt** *(list) --* The Amazon ECR image that was last in use. * *(dict) --* Contains details of a coverage date filter. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period to filter results by. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period to filter results by. * **ecrImageInUseCount** *(list) --* The number of Amazon ECR images in use. * *(dict) --* The coverage number to be used in the filter. * **upperInclusive** *(integer) --* The upper inclusive for the coverage number.> * **lowerInclusive** *(integer) --* The lower inclusive for the coverage number. * **codeRepositoryProjectName** *(list) --* Filter criteria for code repositories based on project name. * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **codeRepositoryProviderType** *(list) --* Filter criteria for code repositories based on provider type (such as GitHub, GitLab, etc.). * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **codeRepositoryProviderTypeVisibility** *(list) --* Filter criteria for code repositories based on visibility setting (public or private). * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **lastScannedCommitId** *(list) --* Filter criteria for code repositories based on the ID of the last scanned commit. * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **groupBy** (*string*) -- The value to group the results by. * **nextToken** (*string*) -- A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the "NextToken" value returned from the previous request to continue listing results after the first page. Return type: dict Returns: **Response Syntax** { 'countsByGroup': [ { 'count': 123, 'groupKey': 'SCAN_STATUS_CODE'|'SCAN_STATUS_REASON'|'ACCOUNT_ID'|'RESOURCE_TYPE'|'ECR_REPOSITORY_NAME' }, ], 'totalCounts': 123, 'nextToken': 'string' } **Response Structure** * *(dict) --* * **countsByGroup** *(list) --* An array with the number for each group. * *(dict) --* a structure that contains information on the count of resources within a group. * **count** *(integer) --* The number of resources. * **groupKey** *(string) --* The key associated with this group * **totalCounts** *(integer) --* The total number for all groups. * **nextToken** *(string) --* A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the "NextToken" value returned from the previous request to continue listing results after the first page. **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / enable enable ****** Inspector2.Client.enable(**kwargs) Enables Amazon Inspector scans for one or more Amazon Web Services accounts. See also: AWS API Documentation **Request Syntax** response = client.enable( accountIds=[ 'string', ], resourceTypes=[ 'EC2'|'ECR'|'LAMBDA'|'LAMBDA_CODE'|'CODE_REPOSITORY', ], clientToken='string' ) Parameters: * **accountIds** (*list*) -- A list of account IDs you want to enable Amazon Inspector scans for. * *(string) --* * **resourceTypes** (*list*) -- **[REQUIRED]** The resource scan types you want to enable. * *(string) --* * **clientToken** (*string*) -- The idempotency token for the request. This field is autopopulated if not provided. Return type: dict Returns: **Response Syntax** { 'accounts': [ { 'accountId': 'string', 'status': 'ENABLING'|'ENABLED'|'DISABLING'|'DISABLED'|'SUSPENDING'|'SUSPENDED', 'resourceStatus': { 'ec2': 'ENABLING'|'ENABLED'|'DISABLING'|'DISABLED'|'SUSPENDING'|'SUSPENDED', 'ecr': 'ENABLING'|'ENABLED'|'DISABLING'|'DISABLED'|'SUSPENDING'|'SUSPENDED', 'lambda': 'ENABLING'|'ENABLED'|'DISABLING'|'DISABLED'|'SUSPENDING'|'SUSPENDED', 'lambdaCode': 'ENABLING'|'ENABLED'|'DISABLING'|'DISABLED'|'SUSPENDING'|'SUSPENDED', 'codeRepository': 'ENABLING'|'ENABLED'|'DISABLING'|'DISABLED'|'SUSPENDING'|'SUSPENDED' } }, ], 'failedAccounts': [ { 'accountId': 'string', 'status': 'ENABLING'|'ENABLED'|'DISABLING'|'DISABLED'|'SUSPENDING'|'SUSPENDED', 'resourceStatus': { 'ec2': 'ENABLING'|'ENABLED'|'DISABLING'|'DISABLED'|'SUSPENDING'|'SUSPENDED', 'ecr': 'ENABLING'|'ENABLED'|'DISABLING'|'DISABLED'|'SUSPENDING'|'SUSPENDED', 'lambda': 'ENABLING'|'ENABLED'|'DISABLING'|'DISABLED'|'SUSPENDING'|'SUSPENDED', 'lambdaCode': 'ENABLING'|'ENABLED'|'DISABLING'|'DISABLED'|'SUSPENDING'|'SUSPENDED', 'codeRepository': 'ENABLING'|'ENABLED'|'DISABLING'|'DISABLED'|'SUSPENDING'|'SUSPENDED' }, 'errorCode': 'ALREADY_ENABLED'|'ENABLE_IN_PROGRESS'|'DISABLE_IN_PROGRESS'|'SUSPEND_IN_PROGRESS'|'RESOURCE_NOT_FOUND'|'ACCESS_DENIED'|'INTERNAL_ERROR'|'SSM_UNAVAILABLE'|'SSM_THROTTLED'|'EVENTBRIDGE_UNAVAILABLE'|'EVENTBRIDGE_THROTTLED'|'RESOURCE_SCAN_NOT_DISABLED'|'DISASSOCIATE_ALL_MEMBERS'|'ACCOUNT_IS_ISOLATED'|'EC2_SSM_RESOURCE_DATA_SYNC_LIMIT_EXCEEDED'|'EC2_SSM_ASSOCIATION_VERSION_LIMIT_EXCEEDED', 'errorMessage': 'string' }, ] } **Response Structure** * *(dict) --* * **accounts** *(list) --* Information on the accounts that have had Amazon Inspector scans successfully enabled. Details are provided for each account. * *(dict) --* An Amazon Web Services account within your environment that Amazon Inspector has been enabled for. * **accountId** *(string) --* The ID of the Amazon Web Services account. * **status** *(string) --* The status of Amazon Inspector for the account. * **resourceStatus** *(dict) --* Details of the status of Amazon Inspector scans by resource type. * **ec2** *(string) --* The status of Amazon Inspector scanning for Amazon EC2 resources. * **ecr** *(string) --* The status of Amazon Inspector scanning for Amazon ECR resources. * **lambda** *(string) --* The status of Amazon Inspector scanning for Amazon Web Services Lambda function. * **lambdaCode** *(string) --* The status of Amazon Inspector scanning for custom application code for Amazon Web Services Lambda functions. * **codeRepository** *(string) --* The status of Amazon Inspector scanning for code repositories. * **failedAccounts** *(list) --* Information on any accounts for which Amazon Inspector scans could not be enabled. Details are provided for each account. * *(dict) --* An object with details on why an account failed to enable Amazon Inspector. * **accountId** *(string) --* The Amazon Web Services account ID. * **status** *(string) --* The status of Amazon Inspector for the account. * **resourceStatus** *(dict) --* An object detailing which resources Amazon Inspector is enabled to scan for the account. * **ec2** *(string) --* The status of Amazon Inspector scanning for Amazon EC2 resources. * **ecr** *(string) --* The status of Amazon Inspector scanning for Amazon ECR resources. * **lambda** *(string) --* The status of Amazon Inspector scanning for Amazon Web Services Lambda function. * **lambdaCode** *(string) --* The status of Amazon Inspector scanning for custom application code for Amazon Web Services Lambda functions. * **codeRepository** *(string) --* The status of Amazon Inspector scanning for code repositories. * **errorCode** *(string) --* The error code explaining why the account failed to enable Amazon Inspector. * **errorMessage** *(string) --* The error message received when the account failed to enable Amazon Inspector. **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ResourceNotFoundException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / batch_get_free_trial_info batch_get_free_trial_info ************************* Inspector2.Client.batch_get_free_trial_info(**kwargs) Gets free trial status for multiple Amazon Web Services accounts. See also: AWS API Documentation **Request Syntax** response = client.batch_get_free_trial_info( accountIds=[ 'string', ] ) Parameters: **accountIds** (*list*) -- **[REQUIRED]** The account IDs to get free trial status for. * *(string) --* Return type: dict Returns: **Response Syntax** { 'accounts': [ { 'accountId': 'string', 'freeTrialInfo': [ { 'type': 'EC2'|'ECR'|'LAMBDA'|'LAMBDA_CODE'|'CODE_REPOSITORY', 'start': datetime(2015, 1, 1), 'end': datetime(2015, 1, 1), 'status': 'ACTIVE'|'INACTIVE' }, ] }, ], 'failedAccounts': [ { 'accountId': 'string', 'code': 'ACCESS_DENIED'|'INTERNAL_ERROR', 'message': 'string' }, ] } **Response Structure** * *(dict) --* * **accounts** *(list) --* An array of objects that provide Amazon Inspector free trial details for each of the requested accounts. * *(dict) --* Information about the Amazon Inspector free trial for an account. * **accountId** *(string) --* The account associated with the Amazon Inspector free trial information. * **freeTrialInfo** *(list) --* Contains information about the Amazon Inspector free trial for an account. * *(dict) --* An object that contains information about the Amazon Inspector free trial for an account. * **type** *(string) --* The type of scan covered by the Amazon Inspector free trail. * **start** *(datetime) --* The date and time that the Amazon Inspector free trail started for a given account. * **end** *(datetime) --* The date and time that the Amazon Inspector free trail ends for a given account. * **status** *(string) --* The order to sort results by. * **failedAccounts** *(list) --* An array of objects detailing any accounts that free trial data could not be returned for. * *(dict) --* Information about an error received while accessing free trail data for an account. * **accountId** *(string) --* The account associated with the Amazon Inspector free trial information. * **code** *(string) --* The error code. * **message** *(string) --* The error message returned. **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / describe_organization_configuration describe_organization_configuration *********************************** Inspector2.Client.describe_organization_configuration() Describe Amazon Inspector configuration settings for an Amazon Web Services organization. See also: AWS API Documentation **Request Syntax** response = client.describe_organization_configuration() Return type: dict Returns: **Response Syntax** { 'autoEnable': { 'ec2': True|False, 'ecr': True|False, 'lambda': True|False, 'lambdaCode': True|False, 'codeRepository': True|False }, 'maxAccountLimitReached': True|False } **Response Structure** * *(dict) --* * **autoEnable** *(dict) --* The scan types are automatically enabled for new members of your organization. * **ec2** *(boolean) --* Represents whether Amazon EC2 scans are automatically enabled for new members of your Amazon Inspector organization. * **ecr** *(boolean) --* Represents whether Amazon ECR scans are automatically enabled for new members of your Amazon Inspector organization. * **lambda** *(boolean) --* Represents whether Amazon Web Services Lambda standard scans are automatically enabled for new members of your Amazon Inspector organization. * **lambdaCode** *(boolean) --* Represents whether Lambda code scans are automatically enabled for new members of your Amazon Inspector organization. * **codeRepository** *(boolean) --* Represents whether code repository scans are automatically enabled for new members of your Amazon Inspector organization. * **maxAccountLimitReached** *(boolean) --* Represents whether your organization has reached the maximum Amazon Web Services account limit for Amazon Inspector. **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / list_members list_members ************ Inspector2.Client.list_members(**kwargs) List members associated with the Amazon Inspector delegated administrator for your organization. See also: AWS API Documentation **Request Syntax** response = client.list_members( onlyAssociated=True|False, maxResults=123, nextToken='string' ) Parameters: * **onlyAssociated** (*boolean*) -- Specifies whether to list only currently associated members if "True" or to list all members within the organization if "False". * **maxResults** (*integer*) -- The maximum number of results the response can return. If your request would return more than the maximum the response will return a "nextToken" value, use this value when you call the action again to get the remaining results. * **nextToken** (*string*) -- A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. If your response returns more than the "maxResults" maximum value it will also return a "nextToken" value. For subsequent calls, use the "nextToken" value returned from the previous request to continue listing results after the first page. Return type: dict Returns: **Response Syntax** { 'members': [ { 'accountId': 'string', 'relationshipStatus': 'CREATED'|'INVITED'|'DISABLED'|'ENABLED'|'REMOVED'|'RESIGNED'|'DELETED'|'EMAIL_VERIFICATION_IN_PROGRESS'|'EMAIL_VERIFICATION_FAILED'|'REGION_DISABLED'|'ACCOUNT_SUSPENDED'|'CANNOT_CREATE_DETECTOR_IN_ORG_MASTER', 'delegatedAdminAccountId': 'string', 'updatedAt': datetime(2015, 1, 1) }, ], 'nextToken': 'string' } **Response Structure** * *(dict) --* * **members** *(list) --* An object that contains details for each member account. * *(dict) --* Details on a member account in your organization. * **accountId** *(string) --* The Amazon Web Services account ID of the member account. * **relationshipStatus** *(string) --* The status of the member account. * **delegatedAdminAccountId** *(string) --* The Amazon Web Services account ID of the Amazon Inspector delegated administrator for this member account. * **updatedAt** *(datetime) --* A timestamp showing when the status of this member was last updated. * **nextToken** *(string) --* The pagination parameter to be used on the next list operation to retrieve more items. **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / list_tags_for_resource list_tags_for_resource ********************** Inspector2.Client.list_tags_for_resource(**kwargs) Lists all tags attached to a given resource. See also: AWS API Documentation **Request Syntax** response = client.list_tags_for_resource( resourceArn='string' ) Parameters: **resourceArn** (*string*) -- **[REQUIRED]** The Amazon resource number (ARN) of the resource to list tags of. Return type: dict Returns: **Response Syntax** { 'tags': { 'string': 'string' } } **Response Structure** * *(dict) --* * **tags** *(dict) --* The tags associated with the resource. * *(string) --* * *(string) --* **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.ResourceNotFoundException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / list_cis_scan_configurations list_cis_scan_configurations **************************** Inspector2.Client.list_cis_scan_configurations(**kwargs) Lists CIS scan configurations. See also: AWS API Documentation **Request Syntax** response = client.list_cis_scan_configurations( filterCriteria={ 'scanNameFilters': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'targetResourceTagFilters': [ { 'comparison': 'EQUALS', 'key': 'string', 'value': 'string' }, ], 'scanConfigurationArnFilters': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ] }, sortBy='SCAN_NAME'|'SCAN_CONFIGURATION_ARN', sortOrder='ASC'|'DESC', nextToken='string', maxResults=123 ) Parameters: * **filterCriteria** (*dict*) -- The CIS scan configuration filter criteria. * **scanNameFilters** *(list) --* The list of scan name filters. * *(dict) --* The CIS string filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS string filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS string filter. * **targetResourceTagFilters** *(list) --* The list of target resource tag filters. * *(dict) --* The tag filter. * **comparison** *(string) --* **[REQUIRED]** The tag filter comparison value. * **key** *(string) --* **[REQUIRED]** The tag filter key. * **value** *(string) --* **[REQUIRED]** The tag filter value. * **scanConfigurationArnFilters** *(list) --* The list of scan configuration ARN filters. * *(dict) --* The CIS string filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS string filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS string filter. * **sortBy** (*string*) -- The CIS scan configuration sort by order. * **sortOrder** (*string*) -- The CIS scan configuration sort order order. * **nextToken** (*string*) -- The pagination token from a previous request that's used to retrieve the next page of results. * **maxResults** (*integer*) -- The maximum number of CIS scan configurations to be returned in a single page of results. Return type: dict Returns: **Response Syntax** { 'scanConfigurations': [ { 'scanConfigurationArn': 'string', 'ownerId': 'string', 'scanName': 'string', 'securityLevel': 'LEVEL_1'|'LEVEL_2', 'schedule': { 'oneTime': {}, 'daily': { 'startTime': { 'timeOfDay': 'string', 'timezone': 'string' } }, 'weekly': { 'startTime': { 'timeOfDay': 'string', 'timezone': 'string' }, 'days': [ 'SUN'|'MON'|'TUE'|'WED'|'THU'|'FRI'|'SAT', ] }, 'monthly': { 'startTime': { 'timeOfDay': 'string', 'timezone': 'string' }, 'day': 'SUN'|'MON'|'TUE'|'WED'|'THU'|'FRI'|'SAT' } }, 'targets': { 'accountIds': [ 'string', ], 'targetResourceTags': { 'string': [ 'string', ] } }, 'tags': { 'string': 'string' } }, ], 'nextToken': 'string' } **Response Structure** * *(dict) --* * **scanConfigurations** *(list) --* The CIS scan configuration scan configurations. * *(dict) --* The CIS scan configuration. * **scanConfigurationArn** *(string) --* The CIS scan configuration's scan configuration ARN. * **ownerId** *(string) --* The CIS scan configuration's owner ID. * **scanName** *(string) --* The name of the CIS scan configuration. * **securityLevel** *(string) --* The CIS scan configuration's security level. * **schedule** *(dict) --* The CIS scan configuration's schedule. Note: This is a Tagged Union structure. Only one of the following top level keys will be set: "oneTime", "daily", "weekly", "monthly". If a client receives an unknown member it will set "SDK_UNKNOWN_MEMBER" as the top level key, which maps to the name or tag of the unknown member. The structure of "SDK_UNKNOWN_MEMBER" is as follows: 'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'} * **oneTime** *(dict) --* The schedule's one time. * **daily** *(dict) --* The schedule's daily. * **startTime** *(dict) --* The schedule start time. * **timeOfDay** *(string) --* The time of day in 24-hour format (00:00). * **timezone** *(string) --* The timezone. * **weekly** *(dict) --* The schedule's weekly. * **startTime** *(dict) --* The weekly schedule's start time. * **timeOfDay** *(string) --* The time of day in 24-hour format (00:00). * **timezone** *(string) --* The timezone. * **days** *(list) --* The weekly schedule's days. * *(string) --* * **monthly** *(dict) --* The schedule's monthly. * **startTime** *(dict) --* The monthly schedule's start time. * **timeOfDay** *(string) --* The time of day in 24-hour format (00:00). * **timezone** *(string) --* The timezone. * **day** *(string) --* The monthly schedule's day. * **targets** *(dict) --* The CIS scan configuration's targets. * **accountIds** *(list) --* The CIS target account ids. * *(string) --* * **targetResourceTags** *(dict) --* The CIS target resource tags. * *(string) --* * *(list) --* * *(string) --* * **tags** *(dict) --* The CIS scan configuration's tags. * *(string) --* * *(string) --* * **nextToken** *(string) --* The pagination token from a previous request that's used to retrieve the next page of results. **Exceptions** * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / batch_update_member_ec2_deep_inspection_status batch_update_member_ec2_deep_inspection_status ********************************************** Inspector2.Client.batch_update_member_ec2_deep_inspection_status(**kwargs) Activates or deactivates Amazon Inspector deep inspection for the provided member accounts in your organization. You must be the delegated administrator of an organization in Amazon Inspector to use this API. See also: AWS API Documentation **Request Syntax** response = client.batch_update_member_ec2_deep_inspection_status( accountIds=[ { 'accountId': 'string', 'activateDeepInspection': True|False }, ] ) Parameters: **accountIds** (*list*) -- **[REQUIRED]** The unique identifiers for the Amazon Web Services accounts to change Amazon Inspector deep inspection status for. * *(dict) --* An object that contains details about the status of Amazon Inspector deep inspection for a member account in your organization. * **accountId** *(string) --* **[REQUIRED]** The unique identifier for the Amazon Web Services account of the organization member. * **activateDeepInspection** *(boolean) --* **[REQUIRED]** Whether Amazon Inspector deep inspection is active in the account. If "TRUE" Amazon Inspector deep inspection is active, if "FALSE" it is not active. Return type: dict Returns: **Response Syntax** { 'accountIds': [ { 'accountId': 'string', 'status': 'ACTIVATED'|'DEACTIVATED'|'PENDING'|'FAILED', 'errorMessage': 'string' }, ], 'failedAccountIds': [ { 'accountId': 'string', 'ec2ScanStatus': 'ENABLING'|'ENABLED'|'DISABLING'|'DISABLED'|'SUSPENDING'|'SUSPENDED', 'errorMessage': 'string' }, ] } **Response Structure** * *(dict) --* * **accountIds** *(list) --* An array of objects that provide details for each of the accounts that Amazon Inspector deep inspection status was successfully changed for. * *(dict) --* An object that contains details about the state of Amazon Inspector deep inspection for a member account. * **accountId** *(string) --* The unique identifier for the Amazon Web Services account of the organization member * **status** *(string) --* The state of Amazon Inspector deep inspection in the member account. * **errorMessage** *(string) --* The error message explaining why the account failed to activate Amazon Inspector deep inspection. * **failedAccountIds** *(list) --* An array of objects that provide details for each of the accounts that Amazon Inspector deep inspection status could not be successfully changed for. * *(dict) --* An object that contains details about a member account in your organization that failed to activate Amazon Inspector deep inspection. * **accountId** *(string) --* The unique identifier for the Amazon Web Services account of the organization member that failed to activate Amazon Inspector deep inspection. * **ec2ScanStatus** *(string) --* The status of EC2 scanning in the account that failed to activate Amazon Inspector deep inspection. * **errorMessage** *(string) --* The error message explaining why the account failed to activate Amazon Inspector deep inspection. **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / create_cis_scan_configuration create_cis_scan_configuration ***************************** Inspector2.Client.create_cis_scan_configuration(**kwargs) Creates a CIS scan configuration. See also: AWS API Documentation **Request Syntax** response = client.create_cis_scan_configuration( scanName='string', securityLevel='LEVEL_1'|'LEVEL_2', schedule={ 'oneTime': {} , 'daily': { 'startTime': { 'timeOfDay': 'string', 'timezone': 'string' } }, 'weekly': { 'startTime': { 'timeOfDay': 'string', 'timezone': 'string' }, 'days': [ 'SUN'|'MON'|'TUE'|'WED'|'THU'|'FRI'|'SAT', ] }, 'monthly': { 'startTime': { 'timeOfDay': 'string', 'timezone': 'string' }, 'day': 'SUN'|'MON'|'TUE'|'WED'|'THU'|'FRI'|'SAT' } }, targets={ 'accountIds': [ 'string', ], 'targetResourceTags': { 'string': [ 'string', ] } }, tags={ 'string': 'string' } ) Parameters: * **scanName** (*string*) -- **[REQUIRED]** The scan name for the CIS scan configuration. * **securityLevel** (*string*) -- **[REQUIRED]** The security level for the CIS scan configuration. Security level refers to the Benchmark levels that CIS assigns to a profile. * **schedule** (*dict*) -- **[REQUIRED]** The schedule for the CIS scan configuration. Note: This is a Tagged Union structure. Only one of the following top level keys can be set: "oneTime", "daily", "weekly", "monthly". * **oneTime** *(dict) --* The schedule's one time. * **daily** *(dict) --* The schedule's daily. * **startTime** *(dict) --* **[REQUIRED]** The schedule start time. * **timeOfDay** *(string) --* **[REQUIRED]** The time of day in 24-hour format (00:00). * **timezone** *(string) --* **[REQUIRED]** The timezone. * **weekly** *(dict) --* The schedule's weekly. * **startTime** *(dict) --* **[REQUIRED]** The weekly schedule's start time. * **timeOfDay** *(string) --* **[REQUIRED]** The time of day in 24-hour format (00:00). * **timezone** *(string) --* **[REQUIRED]** The timezone. * **days** *(list) --* **[REQUIRED]** The weekly schedule's days. * *(string) --* * **monthly** *(dict) --* The schedule's monthly. * **startTime** *(dict) --* **[REQUIRED]** The monthly schedule's start time. * **timeOfDay** *(string) --* **[REQUIRED]** The time of day in 24-hour format (00:00). * **timezone** *(string) --* **[REQUIRED]** The timezone. * **day** *(string) --* **[REQUIRED]** The monthly schedule's day. * **targets** (*dict*) -- **[REQUIRED]** The targets for the CIS scan configuration. * **accountIds** *(list) --* **[REQUIRED]** The CIS target account ids. * *(string) --* * **targetResourceTags** *(dict) --* **[REQUIRED]** The CIS target resource tags. * *(string) --* * *(list) --* * *(string) --* * **tags** (*dict*) -- The tags for the CIS scan configuration. * *(string) --* * *(string) --* Return type: dict Returns: **Response Syntax** { 'scanConfigurationArn': 'string' } **Response Structure** * *(dict) --* * **scanConfigurationArn** *(string) --* The scan configuration ARN for the CIS scan configuration. **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / get_configuration get_configuration ***************** Inspector2.Client.get_configuration() Retrieves setting configurations for Inspector scans. See also: AWS API Documentation **Request Syntax** response = client.get_configuration() Return type: dict Returns: **Response Syntax** { 'ecrConfiguration': { 'rescanDurationState': { 'rescanDuration': 'LIFETIME'|'DAYS_30'|'DAYS_180'|'DAYS_14'|'DAYS_60'|'DAYS_90', 'status': 'SUCCESS'|'PENDING'|'FAILED', 'updatedAt': datetime(2015, 1, 1), 'pullDateRescanDuration': 'DAYS_14'|'DAYS_30'|'DAYS_60'|'DAYS_90'|'DAYS_180', 'pullDateRescanMode': 'LAST_PULL_DATE'|'LAST_IN_USE_AT' } }, 'ec2Configuration': { 'scanModeState': { 'scanMode': 'EC2_SSM_AGENT_BASED'|'EC2_HYBRID', 'scanModeStatus': 'SUCCESS'|'PENDING' } } } **Response Structure** * *(dict) --* * **ecrConfiguration** *(dict) --* Specifies how the ECR automated re-scan duration is currently configured for your environment. * **rescanDurationState** *(dict) --* An object that contains details about the state of the ECR re-scan settings. * **rescanDuration** *(string) --* The rescan duration configured for image push date. * **status** *(string) --* The status of changes to the ECR automated re-scan duration. * **updatedAt** *(datetime) --* A timestamp representing when the last time the ECR scan duration setting was changed. * **pullDateRescanDuration** *(string) --* The rescan duration configured for image pull date. * **pullDateRescanMode** *(string) --* The pull date for the re-scan mode. * **ec2Configuration** *(dict) --* Specifies how the Amazon EC2 automated scan mode is currently configured for your environment. * **scanModeState** *(dict) --* An object that contains details about the state of the Amazon EC2 scan mode. * **scanMode** *(string) --* The scan method that is applied to the instance. * **scanModeStatus** *(string) --* The status of the Amazon EC2 scan mode setting. **Exceptions** * "Inspector2.Client.exceptions.ResourceNotFoundException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / untag_resource untag_resource ************** Inspector2.Client.untag_resource(**kwargs) Removes tags from a resource. See also: AWS API Documentation **Request Syntax** response = client.untag_resource( resourceArn='string', tagKeys=[ 'string', ] ) Parameters: * **resourceArn** (*string*) -- **[REQUIRED]** The Amazon Resource Name (ARN) for the resource to remove tags from. * **tagKeys** (*list*) -- **[REQUIRED]** The tag keys to remove from the resource. * *(string) --* Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.ResourceNotFoundException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / get_delegated_admin_account get_delegated_admin_account *************************** Inspector2.Client.get_delegated_admin_account() Retrieves information about the Amazon Inspector delegated administrator for your organization. See also: AWS API Documentation **Request Syntax** response = client.get_delegated_admin_account() Return type: dict Returns: **Response Syntax** { 'delegatedAdmin': { 'accountId': 'string', 'relationshipStatus': 'CREATED'|'INVITED'|'DISABLED'|'ENABLED'|'REMOVED'|'RESIGNED'|'DELETED'|'EMAIL_VERIFICATION_IN_PROGRESS'|'EMAIL_VERIFICATION_FAILED'|'REGION_DISABLED'|'ACCOUNT_SUSPENDED'|'CANNOT_CREATE_DETECTOR_IN_ORG_MASTER' } } **Response Structure** * *(dict) --* * **delegatedAdmin** *(dict) --* The Amazon Web Services account ID of the Amazon Inspector delegated administrator. * **accountId** *(string) --* The Amazon Web Services account ID of the Amazon Inspector delegated administrator for your organization. * **relationshipStatus** *(string) --* The status of the Amazon Inspector delegated administrator. **Exceptions** * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.ResourceNotFoundException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / get_findings_report_status get_findings_report_status ************************** Inspector2.Client.get_findings_report_status(**kwargs) Gets the status of a findings report. See also: AWS API Documentation **Request Syntax** response = client.get_findings_report_status( reportId='string' ) Parameters: **reportId** (*string*) -- The ID of the report to retrieve the status of. Return type: dict Returns: **Response Syntax** { 'reportId': 'string', 'status': 'SUCCEEDED'|'IN_PROGRESS'|'CANCELLED'|'FAILED', 'errorCode': 'INTERNAL_ERROR'|'INVALID_PERMISSIONS'|'NO_FINDINGS_FOUND'|'BUCKET_NOT_FOUND'|'INCOMPATIBLE_BUCKET_REGION'|'MALFORMED_KMS_KEY', 'errorMessage': 'string', 'destination': { 'bucketName': 'string', 'keyPrefix': 'string', 'kmsKeyArn': 'string' }, 'filterCriteria': { 'findingArn': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'awsAccountId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'findingType': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'severity': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'firstObservedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'lastObservedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'updatedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'findingStatus': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'title': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'inspectorScore': [ { 'upperInclusive': 123.0, 'lowerInclusive': 123.0 }, ], 'resourceType': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'resourceId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'resourceTags': [ { 'comparison': 'EQUALS', 'key': 'string', 'value': 'string' }, ], 'ec2InstanceImageId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ec2InstanceVpcId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ec2InstanceSubnetId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImagePushedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'ecrImageArchitecture': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageRegistry': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageRepositoryName': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageTags': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageHash': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageLastInUseAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'ecrImageInUseCount': [ { 'upperInclusive': 123.0, 'lowerInclusive': 123.0 }, ], 'portRange': [ { 'beginInclusive': 123, 'endInclusive': 123 }, ], 'networkProtocol': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'componentId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'componentType': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'vulnerabilityId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'vulnerabilitySource': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'vendorSeverity': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'vulnerablePackages': [ { 'name': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'version': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'epoch': { 'upperInclusive': 123.0, 'lowerInclusive': 123.0 }, 'release': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'architecture': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'sourceLayerHash': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'sourceLambdaLayerArn': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'filePath': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' } }, ], 'relatedVulnerabilities': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'fixAvailable': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionName': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionLayers': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionRuntime': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionLastModifiedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'lambdaFunctionExecutionRoleArn': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'exploitAvailable': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'codeVulnerabilityDetectorName': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'codeVulnerabilityDetectorTags': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'codeVulnerabilityFilePath': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'epssScore': [ { 'upperInclusive': 123.0, 'lowerInclusive': 123.0 }, ], 'codeRepositoryProjectName': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'codeRepositoryProviderType': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ] } } **Response Structure** * *(dict) --* * **reportId** *(string) --* The ID of the report. * **status** *(string) --* The status of the report. * **errorCode** *(string) --* The error code of the report. * **errorMessage** *(string) --* The error message of the report. * **destination** *(dict) --* The destination of the report. * **bucketName** *(string) --* The name of the Amazon S3 bucket to export findings to. * **keyPrefix** *(string) --* The prefix that the findings will be written under. * **kmsKeyArn** *(string) --* The ARN of the KMS key used to encrypt data when exporting findings. * **filterCriteria** *(dict) --* The filter criteria associated with the report. * **findingArn** *(list) --* Details on the finding ARNs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **awsAccountId** *(list) --* Details of the Amazon Web Services account IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **findingType** *(list) --* Details on the finding types used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **severity** *(list) --* Details on the severity used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **firstObservedAt** *(list) --* Details on the date and time a finding was first seen used to filter findings. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **lastObservedAt** *(list) --* Details on the date and time a finding was last seen used to filter findings. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **updatedAt** *(list) --* Details on the date and time a finding was last updated at used to filter findings. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **findingStatus** *(list) --* Details on the finding status types used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **title** *(list) --* Details on the finding title used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **inspectorScore** *(list) --* The Amazon Inspector score to filter on. * *(dict) --* An object that describes the details of a number filter. * **upperInclusive** *(float) --* The highest number to be included in the filter. * **lowerInclusive** *(float) --* The lowest number to be included in the filter. * **resourceType** *(list) --* Details on the resource types used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **resourceId** *(list) --* Details on the resource IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **resourceTags** *(list) --* Details on the resource tags used to filter findings. * *(dict) --* An object that describes details of a map filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **key** *(string) --* The tag key used in the filter. * **value** *(string) --* The tag value used in the filter. * **ec2InstanceImageId** *(list) --* Details of the Amazon EC2 instance image IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **ec2InstanceVpcId** *(list) --* Details of the Amazon EC2 instance VPC IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **ec2InstanceSubnetId** *(list) --* Details of the Amazon EC2 instance subnet IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **ecrImagePushedAt** *(list) --* Details on the Amazon ECR image push date and time used to filter findings. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **ecrImageArchitecture** *(list) --* Details of the Amazon ECR image architecture types used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **ecrImageRegistry** *(list) --* Details on the Amazon ECR registry used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **ecrImageRepositoryName** *(list) --* Details on the name of the Amazon ECR repository used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **ecrImageTags** *(list) --* The tags attached to the Amazon ECR container image. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **ecrImageHash** *(list) --* Details of the Amazon ECR image hashes used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **ecrImageLastInUseAt** *(list) --* Filter criteria indicating when an Amazon ECR image was last used in an Amazon ECS cluster task or Amazon EKS cluster pod. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **ecrImageInUseCount** *(list) --* Filter criteria indicating when details for an Amazon ECR image include when an Amazon ECR image is in use. * *(dict) --* An object that describes the details of a number filter. * **upperInclusive** *(float) --* The highest number to be included in the filter. * **lowerInclusive** *(float) --* The lowest number to be included in the filter. * **portRange** *(list) --* Details on the port ranges used to filter findings. * *(dict) --* An object that describes the details of a port range filter. * **beginInclusive** *(integer) --* The port number the port range begins at. * **endInclusive** *(integer) --* The port number the port range ends at. * **networkProtocol** *(list) --* Details on network protocol used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **componentId** *(list) --* Details of the component IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **componentType** *(list) --* Details of the component types used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **vulnerabilityId** *(list) --* Details on the vulnerability ID used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **vulnerabilitySource** *(list) --* Details on the vulnerability type used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **vendorSeverity** *(list) --* Details on the vendor severity used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **vulnerablePackages** *(list) --* Details on the vulnerable packages used to filter findings. * *(dict) --* Contains information on the details of a package filter. * **name** *(dict) --* An object that contains details on the name of the package to filter on. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **version** *(dict) --* The package version to filter on. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **epoch** *(dict) --* An object that contains details on the package epoch to filter on. * **upperInclusive** *(float) --* The highest number to be included in the filter. * **lowerInclusive** *(float) --* The lowest number to be included in the filter. * **release** *(dict) --* An object that contains details on the package release to filter on. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **architecture** *(dict) --* An object that contains details on the package architecture type to filter on. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **sourceLayerHash** *(dict) --* An object that contains details on the source layer hash to filter on. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **sourceLambdaLayerArn** *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **filePath** *(dict) --* An object that contains details on the package file path to filter on. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **relatedVulnerabilities** *(list) --* Details on the related vulnerabilities used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **fixAvailable** *(list) --* Details on whether a fix is available through a version update. This value can be "YES", "NO", or "PARTIAL". A "PARTIAL" fix means that some, but not all, of the packages identified in the finding have fixes available through updated versions. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **lambdaFunctionName** *(list) --* Filters the list of Amazon Web Services Lambda functions by the name of the function. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **lambdaFunctionLayers** *(list) --* Filters the list of Amazon Web Services Lambda functions by the function's layers. A Lambda function can have up to five layers. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **lambdaFunctionRuntime** *(list) --* Filters the list of Amazon Web Services Lambda functions by the runtime environment for the Lambda function. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **lambdaFunctionLastModifiedAt** *(list) --* Filters the list of Amazon Web Services Lambda functions by the date and time that a user last updated the configuration, in ISO 8601 format * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **lambdaFunctionExecutionRoleArn** *(list) --* Filters the list of Amazon Web Services Lambda functions by execution role. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **exploitAvailable** *(list) --* Filters the list of Amazon Web Services Lambda findings by the availability of exploits. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **codeVulnerabilityDetectorName** *(list) --* The name of the detector used to identify a code vulnerability in a Lambda function used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **codeVulnerabilityDetectorTags** *(list) --* The detector type tag associated with the vulnerability used to filter findings. Detector tags group related vulnerabilities by common themes or tactics. For a list of available tags by programming language, see Java tags, or Python tags. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **codeVulnerabilityFilePath** *(list) --* The file path to the file in a Lambda function that contains a code vulnerability used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **epssScore** *(list) --* The EPSS score used to filter findings. * *(dict) --* An object that describes the details of a number filter. * **upperInclusive** *(float) --* The highest number to be included in the filter. * **lowerInclusive** *(float) --* The lowest number to be included in the filter. * **codeRepositoryProjectName** *(list) --* Filter criteria for findings based on the project name in a code repository. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. * **codeRepositoryProviderType** *(list) --* Filter criteria for findings based on the repository provider type (such as GitHub, GitLab, etc.). * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* The operator to use when comparing values in the filter. * **value** *(string) --* The value to filter on. **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ResourceNotFoundException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / get_waiter get_waiter ********** Inspector2.Client.get_waiter(waiter_name) Returns an object that can wait for some condition. Parameters: **waiter_name** (*str*) -- The name of the waiter to get. See the waiters section of the service docs for a list of available waiters. Returns: The specified waiter object. Return type: "botocore.waiter.Waiter" Inspector2 / Client / start_cis_session start_cis_session ***************** Inspector2.Client.start_cis_session(**kwargs) Starts a CIS session. This API is used by the Amazon Inspector SSM plugin to communicate with the Amazon Inspector service. The Amazon Inspector SSM plugin calls this API to start a CIS scan session for the scan ID supplied by the service. See also: AWS API Documentation **Request Syntax** response = client.start_cis_session( scanJobId='string', message={ 'sessionToken': 'string' } ) Parameters: * **scanJobId** (*string*) -- **[REQUIRED]** A unique identifier for the scan job. * **message** (*dict*) -- **[REQUIRED]** The start CIS session message. * **sessionToken** *(string) --* **[REQUIRED]** The unique token that identifies the CIS session. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "Inspector2.Client.exceptions.ConflictException" * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / send_cis_session_health send_cis_session_health *********************** Inspector2.Client.send_cis_session_health(**kwargs) Sends a CIS session health. This API is used by the Amazon Inspector SSM plugin to communicate with the Amazon Inspector service. The Amazon Inspector SSM plugin calls this API to start a CIS scan session for the scan ID supplied by the service. See also: AWS API Documentation **Request Syntax** response = client.send_cis_session_health( scanJobId='string', sessionToken='string' ) Parameters: * **scanJobId** (*string*) -- **[REQUIRED]** A unique identifier for the scan job. * **sessionToken** (*string*) -- **[REQUIRED]** The unique token that identifies the CIS session. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "Inspector2.Client.exceptions.ConflictException" * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / delete_cis_scan_configuration delete_cis_scan_configuration ***************************** Inspector2.Client.delete_cis_scan_configuration(**kwargs) Deletes a CIS scan configuration. See also: AWS API Documentation **Request Syntax** response = client.delete_cis_scan_configuration( scanConfigurationArn='string' ) Parameters: **scanConfigurationArn** (*string*) -- **[REQUIRED]** The ARN of the CIS scan configuration. Return type: dict Returns: **Response Syntax** { 'scanConfigurationArn': 'string' } **Response Structure** * *(dict) --* * **scanConfigurationArn** *(string) --* The ARN of the CIS scan configuration. **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ResourceNotFoundException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / cancel_sbom_export cancel_sbom_export ****************** Inspector2.Client.cancel_sbom_export(**kwargs) Cancels a software bill of materials (SBOM) report. See also: AWS API Documentation **Request Syntax** response = client.cancel_sbom_export( reportId='string' ) Parameters: **reportId** (*string*) -- **[REQUIRED]** The report ID of the SBOM export to cancel. Return type: dict Returns: **Response Syntax** { 'reportId': 'string' } **Response Structure** * *(dict) --* * **reportId** *(string) --* The report ID of the canceled SBOM export. **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.ResourceNotFoundException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / search_vulnerabilities search_vulnerabilities ********************** Inspector2.Client.search_vulnerabilities(**kwargs) Lists Amazon Inspector coverage details for a specific vulnerability. See also: AWS API Documentation **Request Syntax** response = client.search_vulnerabilities( filterCriteria={ 'vulnerabilityIds': [ 'string', ] }, nextToken='string' ) Parameters: * **filterCriteria** (*dict*) -- **[REQUIRED]** The criteria used to filter the results of a vulnerability search. * **vulnerabilityIds** *(list) --* **[REQUIRED]** The IDs for specific vulnerabilities. * *(string) --* * **nextToken** (*string*) -- A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the "NextToken" value returned from the previous request to continue listing results after the first page. Return type: dict Returns: **Response Syntax** { 'vulnerabilities': [ { 'id': 'string', 'cwes': [ 'string', ], 'cisaData': { 'dateAdded': datetime(2015, 1, 1), 'dateDue': datetime(2015, 1, 1), 'action': 'string' }, 'source': 'NVD', 'description': 'string', 'atigData': { 'firstSeen': datetime(2015, 1, 1), 'lastSeen': datetime(2015, 1, 1), 'targets': [ 'string', ], 'ttps': [ 'string', ] }, 'vendorSeverity': 'string', 'cvss4': { 'baseScore': 123.0, 'scoringVector': 'string' }, 'cvss3': { 'baseScore': 123.0, 'scoringVector': 'string' }, 'relatedVulnerabilities': [ 'string', ], 'cvss2': { 'baseScore': 123.0, 'scoringVector': 'string' }, 'vendorCreatedAt': datetime(2015, 1, 1), 'vendorUpdatedAt': datetime(2015, 1, 1), 'sourceUrl': 'string', 'referenceUrls': [ 'string', ], 'exploitObserved': { 'lastSeen': datetime(2015, 1, 1), 'firstSeen': datetime(2015, 1, 1) }, 'detectionPlatforms': [ 'string', ], 'epss': { 'score': 123.0 } }, ], 'nextToken': 'string' } **Response Structure** * *(dict) --* * **vulnerabilities** *(list) --* Details about the listed vulnerability. * *(dict) --* Contains details about a specific vulnerability Amazon Inspector can detect. * **id** *(string) --* The ID for the specific vulnerability. * **cwes** *(list) --* The Common Weakness Enumeration (CWE) associated with the vulnerability. * *(string) --* * **cisaData** *(dict) --* An object that contains the Cybersecurity and Infrastructure Security Agency (CISA) details for the vulnerability. * **dateAdded** *(datetime) --* The date and time CISA added this vulnerability to their catalogue. * **dateDue** *(datetime) --* The date and time CISA expects a fix to have been provided vulnerability. * **action** *(string) --* The remediation action recommended by CISA for this vulnerability. * **source** *(string) --* The source of the vulnerability information. Possible results are "RHEL", "AMAZON_CVE", "DEBIAN" or "NVD". * **description** *(string) --* A description of the vulnerability. * **atigData** *(dict) --* An object that contains information about the Amazon Web Services Threat Intel Group (ATIG) details for the vulnerability. * **firstSeen** *(datetime) --* The date and time this vulnerability was first observed. * **lastSeen** *(datetime) --* The date and time this vulnerability was last observed. * **targets** *(list) --* The commercial sectors this vulnerability targets. * *(string) --* * **ttps** *(list) --* The MITRE ATT&CK tactics, techniques, and procedures (TTPs) associated with vulnerability. * *(string) --* * **vendorSeverity** *(string) --* The severity assigned by the vendor. * **cvss4** *(dict) --* An object that contains the Common Vulnerability Scoring System (CVSS) Version 4 details for the vulnerability. * **baseScore** *(float) --* The base CVSS v4 score for the vulnerability finding, which rates the severity of the vulnerability on a scale from 0 to 10. * **scoringVector** *(string) --* The CVSS v4 scoring vector, which contains the metrics and measurements that were used to calculate the base score. * **cvss3** *(dict) --* An object that contains the Common Vulnerability Scoring System (CVSS) Version 3 details for the vulnerability. * **baseScore** *(float) --* The CVSS v3 base score for the vulnerability. * **scoringVector** *(string) --* The scoring vector associated with the CVSS v3 score. * **relatedVulnerabilities** *(list) --* A list of related vulnerabilities. * *(string) --* * **cvss2** *(dict) --* An object that contains the Common Vulnerability Scoring System (CVSS) Version 2 details for the vulnerability. * **baseScore** *(float) --* The CVSS v2 base score for the vulnerability. * **scoringVector** *(string) --* The scoring vector associated with the CVSS v2 score. * **vendorCreatedAt** *(datetime) --* The date and time when the vendor created this vulnerability. * **vendorUpdatedAt** *(datetime) --* The date and time when the vendor last updated this vulnerability. * **sourceUrl** *(string) --* A link to the official source material for this vulnerability. * **referenceUrls** *(list) --* Links to various resources with more information on this vulnerability. * *(string) --* * **exploitObserved** *(dict) --* An object that contains details on when the exploit was observed. * **lastSeen** *(datetime) --* The date an time when the exploit was last seen. * **firstSeen** *(datetime) --* The date an time when the exploit was first seen. * **detectionPlatforms** *(list) --* Platforms that the vulnerability can be detected on. * *(string) --* * **epss** *(dict) --* An object that contains the Exploit Prediction Scoring System (EPSS) score for a vulnerability. * **score** *(float) --* The Exploit Prediction Scoring System (EPSS) score. * **nextToken** *(string) --* The pagination parameter to be used on the next list operation to retrieve more items. **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / update_organization_configuration update_organization_configuration ********************************* Inspector2.Client.update_organization_configuration(**kwargs) Updates the configurations for your Amazon Inspector organization. See also: AWS API Documentation **Request Syntax** response = client.update_organization_configuration( autoEnable={ 'ec2': True|False, 'ecr': True|False, 'lambda': True|False, 'lambdaCode': True|False, 'codeRepository': True|False } ) Parameters: **autoEnable** (*dict*) -- **[REQUIRED]** Defines which scan types are enabled automatically for new members of your Amazon Inspector organization. * **ec2** *(boolean) --* **[REQUIRED]** Represents whether Amazon EC2 scans are automatically enabled for new members of your Amazon Inspector organization. * **ecr** *(boolean) --* **[REQUIRED]** Represents whether Amazon ECR scans are automatically enabled for new members of your Amazon Inspector organization. * **lambda** *(boolean) --* Represents whether Amazon Web Services Lambda standard scans are automatically enabled for new members of your Amazon Inspector organization. * **lambdaCode** *(boolean) --* Represents whether Lambda code scans are automatically enabled for new members of your Amazon Inspector organization. * **codeRepository** *(boolean) --* Represents whether code repository scans are automatically enabled for new members of your Amazon Inspector organization. Return type: dict Returns: **Response Syntax** { 'autoEnable': { 'ec2': True|False, 'ecr': True|False, 'lambda': True|False, 'lambdaCode': True|False, 'codeRepository': True|False } } **Response Structure** * *(dict) --* * **autoEnable** *(dict) --* The updated status of scan types automatically enabled for new members of your Amazon Inspector organization. * **ec2** *(boolean) --* Represents whether Amazon EC2 scans are automatically enabled for new members of your Amazon Inspector organization. * **ecr** *(boolean) --* Represents whether Amazon ECR scans are automatically enabled for new members of your Amazon Inspector organization. * **lambda** *(boolean) --* Represents whether Amazon Web Services Lambda standard scans are automatically enabled for new members of your Amazon Inspector organization. * **lambdaCode** *(boolean) --* Represents whether Lambda code scans are automatically enabled for new members of your Amazon Inspector organization. * **codeRepository** *(boolean) --* Represents whether code repository scans are automatically enabled for new members of your Amazon Inspector organization. **Exceptions** * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / delete_code_security_integration delete_code_security_integration ******************************** Inspector2.Client.delete_code_security_integration(**kwargs) Deletes a code security integration. See also: AWS API Documentation **Request Syntax** response = client.delete_code_security_integration( integrationArn='string' ) Parameters: **integrationArn** (*string*) -- **[REQUIRED]** The Amazon Resource Name (ARN) of the code security integration to delete. Return type: dict Returns: **Response Syntax** { 'integrationArn': 'string' } **Response Structure** * *(dict) --* * **integrationArn** *(string) --* The Amazon Resource Name (ARN) of the deleted code security integration. **Exceptions** * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.ResourceNotFoundException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / get_member get_member ********** Inspector2.Client.get_member(**kwargs) Gets member information for your organization. See also: AWS API Documentation **Request Syntax** response = client.get_member( accountId='string' ) Parameters: **accountId** (*string*) -- **[REQUIRED]** The Amazon Web Services account ID of the member account to retrieve information on. Return type: dict Returns: **Response Syntax** { 'member': { 'accountId': 'string', 'relationshipStatus': 'CREATED'|'INVITED'|'DISABLED'|'ENABLED'|'REMOVED'|'RESIGNED'|'DELETED'|'EMAIL_VERIFICATION_IN_PROGRESS'|'EMAIL_VERIFICATION_FAILED'|'REGION_DISABLED'|'ACCOUNT_SUSPENDED'|'CANNOT_CREATE_DETECTOR_IN_ORG_MASTER', 'delegatedAdminAccountId': 'string', 'updatedAt': datetime(2015, 1, 1) } } **Response Structure** * *(dict) --* * **member** *(dict) --* Details of the retrieved member account. * **accountId** *(string) --* The Amazon Web Services account ID of the member account. * **relationshipStatus** *(string) --* The status of the member account. * **delegatedAdminAccountId** *(string) --* The Amazon Web Services account ID of the Amazon Inspector delegated administrator for this member account. * **updatedAt** *(datetime) --* A timestamp showing when the status of this member was last updated. **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ResourceNotFoundException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / start_code_security_scan start_code_security_scan ************************ Inspector2.Client.start_code_security_scan(**kwargs) Initiates a code security scan on a specified repository. See also: AWS API Documentation **Request Syntax** response = client.start_code_security_scan( clientToken='string', resource={ 'projectId': 'string' } ) Parameters: * **clientToken** (*string*) -- A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This field is autopopulated if not provided. * **resource** (*dict*) -- **[REQUIRED]** The resource identifier for the code repository to scan. Note: This is a Tagged Union structure. Only one of the following top level keys can be set: "projectId". * **projectId** *(string) --* The unique identifier of the project in the code repository. Return type: dict Returns: **Response Syntax** { 'scanId': 'string', 'status': 'IN_PROGRESS'|'SUCCESSFUL'|'FAILED'|'SKIPPED' } **Response Structure** * *(dict) --* * **scanId** *(string) --* The unique identifier of the initiated scan. * **status** *(string) --* The current status of the initiated scan. **Exceptions** * "Inspector2.Client.exceptions.ConflictException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.ResourceNotFoundException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / get_cis_scan_report get_cis_scan_report ******************* Inspector2.Client.get_cis_scan_report(**kwargs) Retrieves a CIS scan report. See also: AWS API Documentation **Request Syntax** response = client.get_cis_scan_report( scanArn='string', targetAccounts=[ 'string', ], reportFormat='PDF'|'CSV' ) Parameters: * **scanArn** (*string*) -- **[REQUIRED]** The scan ARN. * **targetAccounts** (*list*) -- The target accounts. * *(string) --* * **reportFormat** (*string*) -- The format of the report. Valid values are "PDF" and "CSV". If no value is specified, the report format defaults to "PDF". Return type: dict Returns: **Response Syntax** { 'url': 'string', 'status': 'SUCCEEDED'|'FAILED'|'IN_PROGRESS' } **Response Structure** * *(dict) --* * **url** *(string) --* The URL where a PDF or CSV of the CIS scan report can be downloaded. * **status** *(string) --* The status. **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.ResourceNotFoundException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / update_encryption_key update_encryption_key ********************* Inspector2.Client.update_encryption_key(**kwargs) Updates an encryption key. A "ResourceNotFoundException" means that an Amazon Web Services owned key is being used for encryption. See also: AWS API Documentation **Request Syntax** response = client.update_encryption_key( kmsKeyId='string', scanType='NETWORK'|'PACKAGE'|'CODE', resourceType='AWS_EC2_INSTANCE'|'AWS_ECR_CONTAINER_IMAGE'|'AWS_ECR_REPOSITORY'|'AWS_LAMBDA_FUNCTION'|'CODE_REPOSITORY' ) Parameters: * **kmsKeyId** (*string*) -- **[REQUIRED]** A KMS key ID for the encryption key. * **scanType** (*string*) -- **[REQUIRED]** The scan type for the encryption key. * **resourceType** (*string*) -- **[REQUIRED]** The resource type for the encryption key. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.ResourceNotFoundException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / create_sbom_export create_sbom_export ****************** Inspector2.Client.create_sbom_export(**kwargs) Creates a software bill of materials (SBOM) report. See also: AWS API Documentation **Request Syntax** response = client.create_sbom_export( resourceFilterCriteria={ 'accountId': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'resourceId': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'resourceType': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrRepositoryName': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionName': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageTags': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'ec2InstanceTags': [ { 'comparison': 'EQUALS', 'key': 'string', 'value': 'string' }, ], 'lambdaFunctionTags': [ { 'comparison': 'EQUALS', 'key': 'string', 'value': 'string' }, ] }, reportFormat='CYCLONEDX_1_4'|'SPDX_2_3', s3Destination={ 'bucketName': 'string', 'keyPrefix': 'string', 'kmsKeyArn': 'string' } ) Parameters: * **resourceFilterCriteria** (*dict*) -- The resource filter criteria for the software bill of materials (SBOM) report. * **accountId** *(list) --* The account IDs used as resource filter criteria. * *(dict) --* A resource string filter for a software bill of materials report. * **comparison** *(string) --* **[REQUIRED]** The filter's comparison. * **value** *(string) --* **[REQUIRED]** The filter's value. * **resourceId** *(list) --* The resource IDs used as resource filter criteria. * *(dict) --* A resource string filter for a software bill of materials report. * **comparison** *(string) --* **[REQUIRED]** The filter's comparison. * **value** *(string) --* **[REQUIRED]** The filter's value. * **resourceType** *(list) --* The resource types used as resource filter criteria. * *(dict) --* A resource string filter for a software bill of materials report. * **comparison** *(string) --* **[REQUIRED]** The filter's comparison. * **value** *(string) --* **[REQUIRED]** The filter's value. * **ecrRepositoryName** *(list) --* The ECR repository names used as resource filter criteria. * *(dict) --* A resource string filter for a software bill of materials report. * **comparison** *(string) --* **[REQUIRED]** The filter's comparison. * **value** *(string) --* **[REQUIRED]** The filter's value. * **lambdaFunctionName** *(list) --* The Amazon Web Services Lambda function name used as resource filter criteria. * *(dict) --* A resource string filter for a software bill of materials report. * **comparison** *(string) --* **[REQUIRED]** The filter's comparison. * **value** *(string) --* **[REQUIRED]** The filter's value. * **ecrImageTags** *(list) --* The ECR image tags used as resource filter criteria. * *(dict) --* A resource string filter for a software bill of materials report. * **comparison** *(string) --* **[REQUIRED]** The filter's comparison. * **value** *(string) --* **[REQUIRED]** The filter's value. * **ec2InstanceTags** *(list) --* The EC2 instance tags used as resource filter criteria. * *(dict) --* A resource map filter for a software bill of material report. * **comparison** *(string) --* **[REQUIRED]** The filter's comparison. * **key** *(string) --* **[REQUIRED]** The filter's key. * **value** *(string) --* The filter's value. * **lambdaFunctionTags** *(list) --* The Amazon Web Services Lambda function tags used as resource filter criteria. * *(dict) --* A resource map filter for a software bill of material report. * **comparison** *(string) --* **[REQUIRED]** The filter's comparison. * **key** *(string) --* **[REQUIRED]** The filter's key. * **value** *(string) --* The filter's value. * **reportFormat** (*string*) -- **[REQUIRED]** The output format for the software bill of materials (SBOM) report. * **s3Destination** (*dict*) -- **[REQUIRED]** Contains details of the Amazon S3 bucket and KMS key used to export findings. * **bucketName** *(string) --* **[REQUIRED]** The name of the Amazon S3 bucket to export findings to. * **keyPrefix** *(string) --* The prefix that the findings will be written under. * **kmsKeyArn** *(string) --* **[REQUIRED]** The ARN of the KMS key used to encrypt data when exporting findings. Return type: dict Returns: **Response Syntax** { 'reportId': 'string' } **Response Structure** * *(dict) --* * **reportId** *(string) --* The report ID for the software bill of materials (SBOM) report. **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.ResourceNotFoundException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / list_cis_scan_results_aggregated_by_target_resource list_cis_scan_results_aggregated_by_target_resource *************************************************** Inspector2.Client.list_cis_scan_results_aggregated_by_target_resource(**kwargs) Lists scan results aggregated by a target resource. See also: AWS API Documentation **Request Syntax** response = client.list_cis_scan_results_aggregated_by_target_resource( scanArn='string', filterCriteria={ 'accountIdFilters': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'statusFilters': [ { 'comparison': 'EQUALS', 'value': 'PASSED'|'FAILED'|'SKIPPED' }, ], 'checkIdFilters': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'targetResourceIdFilters': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'targetResourceTagFilters': [ { 'comparison': 'EQUALS', 'key': 'string', 'value': 'string' }, ], 'platformFilters': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'targetStatusFilters': [ { 'comparison': 'EQUALS', 'value': 'TIMED_OUT'|'CANCELLED'|'COMPLETED' }, ], 'targetStatusReasonFilters': [ { 'comparison': 'EQUALS', 'value': 'SCAN_IN_PROGRESS'|'UNSUPPORTED_OS'|'SSM_UNMANAGED' }, ], 'failedChecksFilters': [ { 'upperInclusive': 123, 'lowerInclusive': 123 }, ] }, sortBy='RESOURCE_ID'|'FAILED_COUNTS'|'ACCOUNT_ID'|'PLATFORM'|'TARGET_STATUS'|'TARGET_STATUS_REASON', sortOrder='ASC'|'DESC', nextToken='string', maxResults=123 ) Parameters: * **scanArn** (*string*) -- **[REQUIRED]** The scan ARN. * **filterCriteria** (*dict*) -- The filter criteria. * **accountIdFilters** *(list) --* The criteria's account ID filters. * *(dict) --* The CIS string filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS string filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS string filter. * **statusFilters** *(list) --* The criteria's status filter. * *(dict) --* The CIS result status filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS result status filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS result status filter. * **checkIdFilters** *(list) --* The criteria's check ID filters. * *(dict) --* The CIS string filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS string filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS string filter. * **targetResourceIdFilters** *(list) --* The criteria's target resource ID filters. * *(dict) --* The CIS string filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS string filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS string filter. * **targetResourceTagFilters** *(list) --* The criteria's target resource tag filters. * *(dict) --* The tag filter. * **comparison** *(string) --* **[REQUIRED]** The tag filter comparison value. * **key** *(string) --* **[REQUIRED]** The tag filter key. * **value** *(string) --* **[REQUIRED]** The tag filter value. * **platformFilters** *(list) --* The criteria's platform filters. * *(dict) --* The CIS string filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS string filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS string filter. * **targetStatusFilters** *(list) --* The criteria's target status filters. * *(dict) --* The CIS target status filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS target status filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS target status filter. * **targetStatusReasonFilters** *(list) --* The criteria's target status reason filters. * *(dict) --* The CIS target status reason filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS target status reason filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS target status reason filter. * **failedChecksFilters** *(list) --* The criteria's failed checks filters. * *(dict) --* The CIS number filter. * **upperInclusive** *(integer) --* The CIS number filter's upper inclusive. * **lowerInclusive** *(integer) --* The CIS number filter's lower inclusive. * **sortBy** (*string*) -- The sort by order. * **sortOrder** (*string*) -- The sort order. * **nextToken** (*string*) -- The pagination token from a previous request that's used to retrieve the next page of results. * **maxResults** (*integer*) -- The maximum number of scan results aggregated by a target resource to be returned in a single page of results. Return type: dict Returns: **Response Syntax** { 'targetResourceAggregations': [ { 'scanArn': 'string', 'targetResourceId': 'string', 'accountId': 'string', 'targetResourceTags': { 'string': [ 'string', ] }, 'statusCounts': { 'failed': 123, 'skipped': 123, 'passed': 123 }, 'platform': 'string', 'targetStatus': 'TIMED_OUT'|'CANCELLED'|'COMPLETED', 'targetStatusReason': 'SCAN_IN_PROGRESS'|'UNSUPPORTED_OS'|'SSM_UNMANAGED' }, ], 'nextToken': 'string' } **Response Structure** * *(dict) --* * **targetResourceAggregations** *(list) --* The resource aggregations. * *(dict) --* The CIS target resource aggregation. * **scanArn** *(string) --* The scan ARN for the CIS target resource. * **targetResourceId** *(string) --* The ID of the target resource. * **accountId** *(string) --* The account ID for the CIS target resource. * **targetResourceTags** *(dict) --* The tag for the target resource. * *(string) --* * *(list) --* * *(string) --* * **statusCounts** *(dict) --* The target resource status counts. * **failed** *(integer) --* The number of checks that failed. * **skipped** *(integer) --* The number of checks that were skipped. * **passed** *(integer) --* The number of checks that passed. * **platform** *(string) --* The platform for the CIS target resource. * **targetStatus** *(string) --* The status of the target resource. * **targetStatusReason** *(string) --* The reason for the target resource. * **nextToken** *(string) --* The pagination token from a previous request that's used to retrieve the next page of results. **Exceptions** * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / batch_disassociate_code_security_scan_configuration batch_disassociate_code_security_scan_configuration *************************************************** Inspector2.Client.batch_disassociate_code_security_scan_configuration(**kwargs) Disassociates multiple code repositories from an Amazon Inspector code security scan configuration. See also: AWS API Documentation **Request Syntax** response = client.batch_disassociate_code_security_scan_configuration( disassociateConfigurationRequests=[ { 'scanConfigurationArn': 'string', 'resource': { 'projectId': 'string' } }, ] ) Parameters: **disassociateConfigurationRequests** (*list*) -- **[REQUIRED]** A list of code repositories to disassociate from the specified scan configuration. * *(dict) --* Contains details about a request to disassociate a code repository from a scan configuration. * **scanConfigurationArn** *(string) --* **[REQUIRED]** The Amazon Resource Name (ARN) of the scan configuration to disassociate from a code repository. * **resource** *(dict) --* **[REQUIRED]** Identifies a specific resource in a code repository that will be scanned. Note: This is a Tagged Union structure. Only one of the following top level keys can be set: "projectId". * **projectId** *(string) --* The unique identifier of the project in the code repository. Return type: dict Returns: **Response Syntax** { 'failedAssociations': [ { 'scanConfigurationArn': 'string', 'resource': { 'projectId': 'string' }, 'statusCode': 'INTERNAL_ERROR'|'ACCESS_DENIED'|'SCAN_CONFIGURATION_NOT_FOUND'|'INVALID_INPUT'|'RESOURCE_NOT_FOUND'|'QUOTA_EXCEEDED', 'statusMessage': 'string' }, ], 'successfulAssociations': [ { 'scanConfigurationArn': 'string', 'resource': { 'projectId': 'string' } }, ] } **Response Structure** * *(dict) --* * **failedAssociations** *(list) --* Details of any code repositories that failed to be disassociated from the scan configuration. * *(dict) --* Details about a failed attempt to associate or disassociate a code repository with a scan configuration. * **scanConfigurationArn** *(string) --* The Amazon Resource Name (ARN) of the scan configuration that failed to be associated or disassociated. * **resource** *(dict) --* Identifies a specific resource in a code repository that will be scanned. Note: This is a Tagged Union structure. Only one of the following top level keys will be set: "projectId". If a client receives an unknown member it will set "SDK_UNKNOWN_MEMBER" as the top level key, which maps to the name or tag of the unknown member. The structure of "SDK_UNKNOWN_MEMBER" is as follows: 'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'} * **projectId** *(string) --* The unique identifier of the project in the code repository. * **statusCode** *(string) --* The status code indicating why the association or disassociation failed. * **statusMessage** *(string) --* A message explaining why the association or disassociation failed. * **successfulAssociations** *(list) --* Details of code repositories that were successfully disassociated from the scan configuration. * *(dict) --* Details about a successful association or disassociation between a code repository and a scan configuration. * **scanConfigurationArn** *(string) --* The Amazon Resource Name (ARN) of the scan configuration that was successfully associated or disassociated. * **resource** *(dict) --* Identifies a specific resource in a code repository that will be scanned. Note: This is a Tagged Union structure. Only one of the following top level keys will be set: "projectId". If a client receives an unknown member it will set "SDK_UNKNOWN_MEMBER" as the top level key, which maps to the name or tag of the unknown member. The structure of "SDK_UNKNOWN_MEMBER" is as follows: 'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'} * **projectId** *(string) --* The unique identifier of the project in the code repository. **Exceptions** * "Inspector2.Client.exceptions.ConflictException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.ResourceNotFoundException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / get_code_security_integration get_code_security_integration ***************************** Inspector2.Client.get_code_security_integration(**kwargs) Retrieves information about a code security integration. See also: AWS API Documentation **Request Syntax** response = client.get_code_security_integration( integrationArn='string', tags={ 'string': 'string' } ) Parameters: * **integrationArn** (*string*) -- **[REQUIRED]** The Amazon Resource Name (ARN) of the code security integration to retrieve. * **tags** (*dict*) -- The tags associated with the code security integration. * *(string) --* * *(string) --* Return type: dict Returns: **Response Syntax** { 'integrationArn': 'string', 'name': 'string', 'type': 'GITLAB_SELF_MANAGED'|'GITHUB', 'status': 'PENDING'|'IN_PROGRESS'|'ACTIVE'|'INACTIVE'|'DISABLING', 'statusReason': 'string', 'createdOn': datetime(2015, 1, 1), 'lastUpdateOn': datetime(2015, 1, 1), 'tags': { 'string': 'string' }, 'authorizationUrl': 'string' } **Response Structure** * *(dict) --* * **integrationArn** *(string) --* The Amazon Resource Name (ARN) of the code security integration. * **name** *(string) --* The name of the code security integration. * **type** *(string) --* The type of repository provider for the integration. * **status** *(string) --* The current status of the code security integration. * **statusReason** *(string) --* The reason for the current status of the code security integration. * **createdOn** *(datetime) --* The timestamp when the code security integration was created. * **lastUpdateOn** *(datetime) --* The timestamp when the code security integration was last updated. * **tags** *(dict) --* The tags associated with the code security integration. * *(string) --* * *(string) --* * **authorizationUrl** *(string) --* The URL used to authorize the integration with the repository provider. This is only returned if reauthorization is required to fix a connection issue. Otherwise, it is null. **Exceptions** * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.ResourceNotFoundException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / update_code_security_integration update_code_security_integration ******************************** Inspector2.Client.update_code_security_integration(**kwargs) Updates an existing code security integration. After calling the "CreateCodeSecurityIntegration" operation, you complete authentication and authorization with your provider. Next you call the "UpdateCodeSecurityIntegration" operation to provide the "details" to complete the integration setup See also: AWS API Documentation **Request Syntax** response = client.update_code_security_integration( integrationArn='string', details={ 'gitlabSelfManaged': { 'authCode': 'string' }, 'github': { 'code': 'string', 'installationId': 'string' } } ) Parameters: * **integrationArn** (*string*) -- **[REQUIRED]** The Amazon Resource Name (ARN) of the code security integration to update. * **details** (*dict*) -- **[REQUIRED]** The updated integration details specific to the repository provider type. Note: This is a Tagged Union structure. Only one of the following top level keys can be set: "gitlabSelfManaged", "github". * **gitlabSelfManaged** *(dict) --* Details specific to updating an integration with a self- managed GitLab instance. * **authCode** *(string) --* **[REQUIRED]** The authorization code received from the self-managed GitLab instance to update the integration. * **github** *(dict) --* Details specific to updating an integration with GitHub. * **code** *(string) --* **[REQUIRED]** The authorization code received from GitHub to update the integration. * **installationId** *(string) --* **[REQUIRED]** The installation ID of the GitHub App associated with the integration. Return type: dict Returns: **Response Syntax** { 'integrationArn': 'string', 'status': 'PENDING'|'IN_PROGRESS'|'ACTIVE'|'INACTIVE'|'DISABLING' } **Response Structure** * *(dict) --* * **integrationArn** *(string) --* The Amazon Resource Name (ARN) of the updated code security integration. * **status** *(string) --* The current status of the updated code security integration. **Exceptions** * "Inspector2.Client.exceptions.ConflictException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.ResourceNotFoundException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / batch_get_finding_details batch_get_finding_details ************************* Inspector2.Client.batch_get_finding_details(**kwargs) Gets vulnerability details for findings. See also: AWS API Documentation **Request Syntax** response = client.batch_get_finding_details( findingArns=[ 'string', ] ) Parameters: **findingArns** (*list*) -- **[REQUIRED]** A list of finding ARNs. * *(string) --* Return type: dict Returns: **Response Syntax** { 'findingDetails': [ { 'findingArn': 'string', 'cisaData': { 'dateAdded': datetime(2015, 1, 1), 'dateDue': datetime(2015, 1, 1), 'action': 'string' }, 'riskScore': 123, 'evidences': [ { 'evidenceRule': 'string', 'evidenceDetail': 'string', 'severity': 'string' }, ], 'ttps': [ 'string', ], 'tools': [ 'string', ], 'exploitObserved': { 'lastSeen': datetime(2015, 1, 1), 'firstSeen': datetime(2015, 1, 1) }, 'referenceUrls': [ 'string', ], 'cwes': [ 'string', ], 'epssScore': 123.0 }, ], 'errors': [ { 'findingArn': 'string', 'errorCode': 'INTERNAL_ERROR'|'ACCESS_DENIED'|'FINDING_DETAILS_NOT_FOUND'|'INVALID_INPUT', 'errorMessage': 'string' }, ] } **Response Structure** * *(dict) --* * **findingDetails** *(list) --* A finding's vulnerability details. * *(dict) --* Details of the vulnerability identified in a finding. * **findingArn** *(string) --* The finding ARN that the vulnerability details are associated with. * **cisaData** *(dict) --* The Cybersecurity and Infrastructure Security Agency (CISA) details for a specific vulnerability. * **dateAdded** *(datetime) --* The date and time CISA added this vulnerability to their catalogue. * **dateDue** *(datetime) --* The date and time CISA expects a fix to have been provided vulnerability. * **action** *(string) --* The remediation action recommended by CISA for this vulnerability. * **riskScore** *(integer) --* The risk score of the vulnerability. * **evidences** *(list) --* Information on the evidence of the vulnerability. * *(dict) --* Details of the evidence for a vulnerability identified in a finding. * **evidenceRule** *(string) --* The evidence rule. * **evidenceDetail** *(string) --* The evidence details. * **severity** *(string) --* The evidence severity. * **ttps** *(list) --* The MITRE adversary tactics, techniques, or procedures (TTPs) associated with the vulnerability. * *(string) --* * **tools** *(list) --* The known malware tools or kits that can exploit the vulnerability. * *(string) --* * **exploitObserved** *(dict) --* Contains information on when this exploit was observed. * **lastSeen** *(datetime) --* The date an time when the exploit was last seen. * **firstSeen** *(datetime) --* The date an time when the exploit was first seen. * **referenceUrls** *(list) --* The reference URLs for the vulnerability data. * *(string) --* * **cwes** *(list) --* The Common Weakness Enumerations (CWEs) associated with the vulnerability. * *(string) --* * **epssScore** *(float) --* The Exploit Prediction Scoring System (EPSS) score of the vulnerability. * **errors** *(list) --* Error information for findings that details could not be returned for. * *(dict) --* Details about an error encountered when trying to return vulnerability data for a finding. * **findingArn** *(string) --* The finding ARN that returned an error. * **errorCode** *(string) --* The error code. * **errorMessage** *(string) --* The error message. **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / batch_get_member_ec2_deep_inspection_status batch_get_member_ec2_deep_inspection_status ******************************************* Inspector2.Client.batch_get_member_ec2_deep_inspection_status(**kwargs) Retrieves Amazon Inspector deep inspection activation status of multiple member accounts within your organization. You must be the delegated administrator of an organization in Amazon Inspector to use this API. See also: AWS API Documentation **Request Syntax** response = client.batch_get_member_ec2_deep_inspection_status( accountIds=[ 'string', ] ) Parameters: **accountIds** (*list*) -- The unique identifiers for the Amazon Web Services accounts to retrieve Amazon Inspector deep inspection activation status for. * *(string) --* Return type: dict Returns: **Response Syntax** { 'accountIds': [ { 'accountId': 'string', 'status': 'ACTIVATED'|'DEACTIVATED'|'PENDING'|'FAILED', 'errorMessage': 'string' }, ], 'failedAccountIds': [ { 'accountId': 'string', 'ec2ScanStatus': 'ENABLING'|'ENABLED'|'DISABLING'|'DISABLED'|'SUSPENDING'|'SUSPENDED', 'errorMessage': 'string' }, ] } **Response Structure** * *(dict) --* * **accountIds** *(list) --* An array of objects that provide details on the activation status of Amazon Inspector deep inspection for each of the requested accounts. * *(dict) --* An object that contains details about the state of Amazon Inspector deep inspection for a member account. * **accountId** *(string) --* The unique identifier for the Amazon Web Services account of the organization member * **status** *(string) --* The state of Amazon Inspector deep inspection in the member account. * **errorMessage** *(string) --* The error message explaining why the account failed to activate Amazon Inspector deep inspection. * **failedAccountIds** *(list) --* An array of objects that provide details on any accounts that failed to activate Amazon Inspector deep inspection and why. * *(dict) --* An object that contains details about a member account in your organization that failed to activate Amazon Inspector deep inspection. * **accountId** *(string) --* The unique identifier for the Amazon Web Services account of the organization member that failed to activate Amazon Inspector deep inspection. * **ec2ScanStatus** *(string) --* The status of EC2 scanning in the account that failed to activate Amazon Inspector deep inspection. * **errorMessage** *(string) --* The error message explaining why the account failed to activate Amazon Inspector deep inspection. **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / stop_cis_session stop_cis_session **************** Inspector2.Client.stop_cis_session(**kwargs) Stops a CIS session. This API is used by the Amazon Inspector SSM plugin to communicate with the Amazon Inspector service. The Amazon Inspector SSM plugin calls this API to stop a CIS scan session for the scan ID supplied by the service. See also: AWS API Documentation **Request Syntax** response = client.stop_cis_session( scanJobId='string', sessionToken='string', message={ 'status': 'SUCCESS'|'FAILED'|'INTERRUPTED'|'UNSUPPORTED_OS', 'reason': 'string', 'progress': { 'totalChecks': 123, 'successfulChecks': 123, 'failedChecks': 123, 'notEvaluatedChecks': 123, 'unknownChecks': 123, 'notApplicableChecks': 123, 'informationalChecks': 123, 'errorChecks': 123 }, 'computePlatform': { 'vendor': 'string', 'product': 'string', 'version': 'string' }, 'benchmarkVersion': 'string', 'benchmarkProfile': 'string' } ) Parameters: * **scanJobId** (*string*) -- **[REQUIRED]** A unique identifier for the scan job. * **sessionToken** (*string*) -- **[REQUIRED]** The unique token that identifies the CIS session. * **message** (*dict*) -- **[REQUIRED]** The stop CIS session message. * **status** *(string) --* **[REQUIRED]** The status of the message. * **reason** *(string) --* The reason for the message. * **progress** *(dict) --* **[REQUIRED]** The progress of the message. * **totalChecks** *(integer) --* The progress' total checks. * **successfulChecks** *(integer) --* The progress' successful checks. * **failedChecks** *(integer) --* The progress' failed checks. * **notEvaluatedChecks** *(integer) --* The progress' not evaluated checks. * **unknownChecks** *(integer) --* The progress' unknown checks. * **notApplicableChecks** *(integer) --* The progress' not applicable checks. * **informationalChecks** *(integer) --* The progress' informational checks. * **errorChecks** *(integer) --* The progress' error checks. * **computePlatform** *(dict) --* The message compute platform. * **vendor** *(string) --* The compute platform vendor. * **product** *(string) --* The compute platform product. * **version** *(string) --* The compute platform version. * **benchmarkVersion** *(string) --* The message benchmark version. * **benchmarkProfile** *(string) --* The message benchmark profile. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "Inspector2.Client.exceptions.ConflictException" * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / update_cis_scan_configuration update_cis_scan_configuration ***************************** Inspector2.Client.update_cis_scan_configuration(**kwargs) Updates a CIS scan configuration. See also: AWS API Documentation **Request Syntax** response = client.update_cis_scan_configuration( scanConfigurationArn='string', scanName='string', securityLevel='LEVEL_1'|'LEVEL_2', schedule={ 'oneTime': {} , 'daily': { 'startTime': { 'timeOfDay': 'string', 'timezone': 'string' } }, 'weekly': { 'startTime': { 'timeOfDay': 'string', 'timezone': 'string' }, 'days': [ 'SUN'|'MON'|'TUE'|'WED'|'THU'|'FRI'|'SAT', ] }, 'monthly': { 'startTime': { 'timeOfDay': 'string', 'timezone': 'string' }, 'day': 'SUN'|'MON'|'TUE'|'WED'|'THU'|'FRI'|'SAT' } }, targets={ 'accountIds': [ 'string', ], 'targetResourceTags': { 'string': [ 'string', ] } } ) Parameters: * **scanConfigurationArn** (*string*) -- **[REQUIRED]** The CIS scan configuration ARN. * **scanName** (*string*) -- The scan name for the CIS scan configuration. * **securityLevel** (*string*) -- The security level for the CIS scan configuration. Security level refers to the Benchmark levels that CIS assigns to a profile. * **schedule** (*dict*) -- The schedule for the CIS scan configuration. Note: This is a Tagged Union structure. Only one of the following top level keys can be set: "oneTime", "daily", "weekly", "monthly". * **oneTime** *(dict) --* The schedule's one time. * **daily** *(dict) --* The schedule's daily. * **startTime** *(dict) --* **[REQUIRED]** The schedule start time. * **timeOfDay** *(string) --* **[REQUIRED]** The time of day in 24-hour format (00:00). * **timezone** *(string) --* **[REQUIRED]** The timezone. * **weekly** *(dict) --* The schedule's weekly. * **startTime** *(dict) --* **[REQUIRED]** The weekly schedule's start time. * **timeOfDay** *(string) --* **[REQUIRED]** The time of day in 24-hour format (00:00). * **timezone** *(string) --* **[REQUIRED]** The timezone. * **days** *(list) --* **[REQUIRED]** The weekly schedule's days. * *(string) --* * **monthly** *(dict) --* The schedule's monthly. * **startTime** *(dict) --* **[REQUIRED]** The monthly schedule's start time. * **timeOfDay** *(string) --* **[REQUIRED]** The time of day in 24-hour format (00:00). * **timezone** *(string) --* **[REQUIRED]** The timezone. * **day** *(string) --* **[REQUIRED]** The monthly schedule's day. * **targets** (*dict*) -- The targets for the CIS scan configuration. * **accountIds** *(list) --* The target account ids. * *(string) --* * **targetResourceTags** *(dict) --* The target resource tags. * *(string) --* * *(list) --* * *(string) --* Return type: dict Returns: **Response Syntax** { 'scanConfigurationArn': 'string' } **Response Structure** * *(dict) --* * **scanConfigurationArn** *(string) --* The CIS scan configuration ARN. **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ResourceNotFoundException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / batch_get_account_status batch_get_account_status ************************ Inspector2.Client.batch_get_account_status(**kwargs) Retrieves the Amazon Inspector status of multiple Amazon Web Services accounts within your environment. See also: AWS API Documentation **Request Syntax** response = client.batch_get_account_status( accountIds=[ 'string', ] ) Parameters: **accountIds** (*list*) -- The 12-digit Amazon Web Services account IDs of the accounts to retrieve Amazon Inspector status for. * *(string) --* Return type: dict Returns: **Response Syntax** { 'accounts': [ { 'accountId': 'string', 'state': { 'status': 'ENABLING'|'ENABLED'|'DISABLING'|'DISABLED'|'SUSPENDING'|'SUSPENDED', 'errorCode': 'ALREADY_ENABLED'|'ENABLE_IN_PROGRESS'|'DISABLE_IN_PROGRESS'|'SUSPEND_IN_PROGRESS'|'RESOURCE_NOT_FOUND'|'ACCESS_DENIED'|'INTERNAL_ERROR'|'SSM_UNAVAILABLE'|'SSM_THROTTLED'|'EVENTBRIDGE_UNAVAILABLE'|'EVENTBRIDGE_THROTTLED'|'RESOURCE_SCAN_NOT_DISABLED'|'DISASSOCIATE_ALL_MEMBERS'|'ACCOUNT_IS_ISOLATED'|'EC2_SSM_RESOURCE_DATA_SYNC_LIMIT_EXCEEDED'|'EC2_SSM_ASSOCIATION_VERSION_LIMIT_EXCEEDED', 'errorMessage': 'string' }, 'resourceState': { 'ec2': { 'status': 'ENABLING'|'ENABLED'|'DISABLING'|'DISABLED'|'SUSPENDING'|'SUSPENDED', 'errorCode': 'ALREADY_ENABLED'|'ENABLE_IN_PROGRESS'|'DISABLE_IN_PROGRESS'|'SUSPEND_IN_PROGRESS'|'RESOURCE_NOT_FOUND'|'ACCESS_DENIED'|'INTERNAL_ERROR'|'SSM_UNAVAILABLE'|'SSM_THROTTLED'|'EVENTBRIDGE_UNAVAILABLE'|'EVENTBRIDGE_THROTTLED'|'RESOURCE_SCAN_NOT_DISABLED'|'DISASSOCIATE_ALL_MEMBERS'|'ACCOUNT_IS_ISOLATED'|'EC2_SSM_RESOURCE_DATA_SYNC_LIMIT_EXCEEDED'|'EC2_SSM_ASSOCIATION_VERSION_LIMIT_EXCEEDED', 'errorMessage': 'string' }, 'ecr': { 'status': 'ENABLING'|'ENABLED'|'DISABLING'|'DISABLED'|'SUSPENDING'|'SUSPENDED', 'errorCode': 'ALREADY_ENABLED'|'ENABLE_IN_PROGRESS'|'DISABLE_IN_PROGRESS'|'SUSPEND_IN_PROGRESS'|'RESOURCE_NOT_FOUND'|'ACCESS_DENIED'|'INTERNAL_ERROR'|'SSM_UNAVAILABLE'|'SSM_THROTTLED'|'EVENTBRIDGE_UNAVAILABLE'|'EVENTBRIDGE_THROTTLED'|'RESOURCE_SCAN_NOT_DISABLED'|'DISASSOCIATE_ALL_MEMBERS'|'ACCOUNT_IS_ISOLATED'|'EC2_SSM_RESOURCE_DATA_SYNC_LIMIT_EXCEEDED'|'EC2_SSM_ASSOCIATION_VERSION_LIMIT_EXCEEDED', 'errorMessage': 'string' }, 'lambda': { 'status': 'ENABLING'|'ENABLED'|'DISABLING'|'DISABLED'|'SUSPENDING'|'SUSPENDED', 'errorCode': 'ALREADY_ENABLED'|'ENABLE_IN_PROGRESS'|'DISABLE_IN_PROGRESS'|'SUSPEND_IN_PROGRESS'|'RESOURCE_NOT_FOUND'|'ACCESS_DENIED'|'INTERNAL_ERROR'|'SSM_UNAVAILABLE'|'SSM_THROTTLED'|'EVENTBRIDGE_UNAVAILABLE'|'EVENTBRIDGE_THROTTLED'|'RESOURCE_SCAN_NOT_DISABLED'|'DISASSOCIATE_ALL_MEMBERS'|'ACCOUNT_IS_ISOLATED'|'EC2_SSM_RESOURCE_DATA_SYNC_LIMIT_EXCEEDED'|'EC2_SSM_ASSOCIATION_VERSION_LIMIT_EXCEEDED', 'errorMessage': 'string' }, 'lambdaCode': { 'status': 'ENABLING'|'ENABLED'|'DISABLING'|'DISABLED'|'SUSPENDING'|'SUSPENDED', 'errorCode': 'ALREADY_ENABLED'|'ENABLE_IN_PROGRESS'|'DISABLE_IN_PROGRESS'|'SUSPEND_IN_PROGRESS'|'RESOURCE_NOT_FOUND'|'ACCESS_DENIED'|'INTERNAL_ERROR'|'SSM_UNAVAILABLE'|'SSM_THROTTLED'|'EVENTBRIDGE_UNAVAILABLE'|'EVENTBRIDGE_THROTTLED'|'RESOURCE_SCAN_NOT_DISABLED'|'DISASSOCIATE_ALL_MEMBERS'|'ACCOUNT_IS_ISOLATED'|'EC2_SSM_RESOURCE_DATA_SYNC_LIMIT_EXCEEDED'|'EC2_SSM_ASSOCIATION_VERSION_LIMIT_EXCEEDED', 'errorMessage': 'string' }, 'codeRepository': { 'status': 'ENABLING'|'ENABLED'|'DISABLING'|'DISABLED'|'SUSPENDING'|'SUSPENDED', 'errorCode': 'ALREADY_ENABLED'|'ENABLE_IN_PROGRESS'|'DISABLE_IN_PROGRESS'|'SUSPEND_IN_PROGRESS'|'RESOURCE_NOT_FOUND'|'ACCESS_DENIED'|'INTERNAL_ERROR'|'SSM_UNAVAILABLE'|'SSM_THROTTLED'|'EVENTBRIDGE_UNAVAILABLE'|'EVENTBRIDGE_THROTTLED'|'RESOURCE_SCAN_NOT_DISABLED'|'DISASSOCIATE_ALL_MEMBERS'|'ACCOUNT_IS_ISOLATED'|'EC2_SSM_RESOURCE_DATA_SYNC_LIMIT_EXCEEDED'|'EC2_SSM_ASSOCIATION_VERSION_LIMIT_EXCEEDED', 'errorMessage': 'string' } } }, ], 'failedAccounts': [ { 'accountId': 'string', 'status': 'ENABLING'|'ENABLED'|'DISABLING'|'DISABLED'|'SUSPENDING'|'SUSPENDED', 'resourceStatus': { 'ec2': 'ENABLING'|'ENABLED'|'DISABLING'|'DISABLED'|'SUSPENDING'|'SUSPENDED', 'ecr': 'ENABLING'|'ENABLED'|'DISABLING'|'DISABLED'|'SUSPENDING'|'SUSPENDED', 'lambda': 'ENABLING'|'ENABLED'|'DISABLING'|'DISABLED'|'SUSPENDING'|'SUSPENDED', 'lambdaCode': 'ENABLING'|'ENABLED'|'DISABLING'|'DISABLED'|'SUSPENDING'|'SUSPENDED', 'codeRepository': 'ENABLING'|'ENABLED'|'DISABLING'|'DISABLED'|'SUSPENDING'|'SUSPENDED' }, 'errorCode': 'ALREADY_ENABLED'|'ENABLE_IN_PROGRESS'|'DISABLE_IN_PROGRESS'|'SUSPEND_IN_PROGRESS'|'RESOURCE_NOT_FOUND'|'ACCESS_DENIED'|'INTERNAL_ERROR'|'SSM_UNAVAILABLE'|'SSM_THROTTLED'|'EVENTBRIDGE_UNAVAILABLE'|'EVENTBRIDGE_THROTTLED'|'RESOURCE_SCAN_NOT_DISABLED'|'DISASSOCIATE_ALL_MEMBERS'|'ACCOUNT_IS_ISOLATED'|'EC2_SSM_RESOURCE_DATA_SYNC_LIMIT_EXCEEDED'|'EC2_SSM_ASSOCIATION_VERSION_LIMIT_EXCEEDED', 'errorMessage': 'string' }, ] } **Response Structure** * *(dict) --* * **accounts** *(list) --* An array of objects that provide details on the status of Amazon Inspector for each of the requested accounts. * *(dict) --* An object with details the status of an Amazon Web Services account within your Amazon Inspector environment. * **accountId** *(string) --* The Amazon Web Services account ID. * **state** *(dict) --* An object detailing the status of Amazon Inspector for the account. * **status** *(string) --* The status of Amazon Inspector for the account. * **errorCode** *(string) --* The error code explaining why the account failed to enable Amazon Inspector. * **errorMessage** *(string) --* The error message received when the account failed to enable Amazon Inspector. * **resourceState** *(dict) --* An object detailing which resources Amazon Inspector is enabled to scan for the account. * **ec2** *(dict) --* An object detailing the state of Amazon Inspector scanning for Amazon EC2 resources. * **status** *(string) --* The status of Amazon Inspector for the account. * **errorCode** *(string) --* The error code explaining why the account failed to enable Amazon Inspector. * **errorMessage** *(string) --* The error message received when the account failed to enable Amazon Inspector. * **ecr** *(dict) --* An object detailing the state of Amazon Inspector scanning for Amazon ECR resources. * **status** *(string) --* The status of Amazon Inspector for the account. * **errorCode** *(string) --* The error code explaining why the account failed to enable Amazon Inspector. * **errorMessage** *(string) --* The error message received when the account failed to enable Amazon Inspector. * **lambda** *(dict) --* An object that described the state of Amazon Inspector scans for an account. * **status** *(string) --* The status of Amazon Inspector for the account. * **errorCode** *(string) --* The error code explaining why the account failed to enable Amazon Inspector. * **errorMessage** *(string) --* The error message received when the account failed to enable Amazon Inspector. * **lambdaCode** *(dict) --* An object that described the state of Amazon Inspector scans for an account. * **status** *(string) --* The status of Amazon Inspector for the account. * **errorCode** *(string) --* The error code explaining why the account failed to enable Amazon Inspector. * **errorMessage** *(string) --* The error message received when the account failed to enable Amazon Inspector. * **codeRepository** *(dict) --* An object that described the state of Amazon Inspector scans for an account. * **status** *(string) --* The status of Amazon Inspector for the account. * **errorCode** *(string) --* The error code explaining why the account failed to enable Amazon Inspector. * **errorMessage** *(string) --* The error message received when the account failed to enable Amazon Inspector. * **failedAccounts** *(list) --* An array of objects detailing any accounts that failed to enable Amazon Inspector and why. * *(dict) --* An object with details on why an account failed to enable Amazon Inspector. * **accountId** *(string) --* The Amazon Web Services account ID. * **status** *(string) --* The status of Amazon Inspector for the account. * **resourceStatus** *(dict) --* An object detailing which resources Amazon Inspector is enabled to scan for the account. * **ec2** *(string) --* The status of Amazon Inspector scanning for Amazon EC2 resources. * **ecr** *(string) --* The status of Amazon Inspector scanning for Amazon ECR resources. * **lambda** *(string) --* The status of Amazon Inspector scanning for Amazon Web Services Lambda function. * **lambdaCode** *(string) --* The status of Amazon Inspector scanning for custom application code for Amazon Web Services Lambda functions. * **codeRepository** *(string) --* The status of Amazon Inspector scanning for code repositories. * **errorCode** *(string) --* The error code explaining why the account failed to enable Amazon Inspector. * **errorMessage** *(string) --* The error message received when the account failed to enable Amazon Inspector. **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ResourceNotFoundException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / list_coverage list_coverage ************* Inspector2.Client.list_coverage(**kwargs) Lists coverage details for your environment. See also: AWS API Documentation **Request Syntax** response = client.list_coverage( maxResults=123, nextToken='string', filterCriteria={ 'scanStatusCode': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'scanStatusReason': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'accountId': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'resourceId': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'resourceType': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'scanType': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrRepositoryName': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageTags': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'ec2InstanceTags': [ { 'comparison': 'EQUALS', 'key': 'string', 'value': 'string' }, ], 'lambdaFunctionName': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionTags': [ { 'comparison': 'EQUALS', 'key': 'string', 'value': 'string' }, ], 'lambdaFunctionRuntime': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'lastScannedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'scanMode': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'imagePulledAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'ecrImageLastInUseAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'ecrImageInUseCount': [ { 'upperInclusive': 123, 'lowerInclusive': 123 }, ], 'codeRepositoryProjectName': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'codeRepositoryProviderType': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'codeRepositoryProviderTypeVisibility': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'lastScannedCommitId': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ] } ) Parameters: * **maxResults** (*integer*) -- The maximum number of results the response can return. If your request would return more than the maximum the response will return a "nextToken" value, use this value when you call the action again to get the remaining results. * **nextToken** (*string*) -- A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. If your response returns more than the "maxResults" maximum value it will also return a "nextToken" value. For subsequent calls, use the "nextToken" value returned from the previous request to continue listing results after the first page. * **filterCriteria** (*dict*) -- An object that contains details on the filters to apply to the coverage data for your environment. * **scanStatusCode** *(list) --* The scan status code to filter on. Valid values are: "ValidationException", "InternalServerException", "ResourceNotFoundException", "BadRequestException", and "ThrottlingException". * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **scanStatusReason** *(list) --* The scan status reason to filter on. * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **accountId** *(list) --* An array of Amazon Web Services account IDs to return coverage statistics for. * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **resourceId** *(list) --* An array of Amazon Web Services resource IDs to return coverage statistics for. * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **resourceType** *(list) --* An array of Amazon Web Services resource types to return coverage statistics for. The values can be "AWS_EC2_INSTANCE", "AWS_LAMBDA_FUNCTION", "AWS_ECR_CONTAINER_IMAGE", "AWS_ECR_REPOSITORY" or "AWS_ACCOUNT". * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **scanType** *(list) --* An array of Amazon Inspector scan types to return coverage statistics for. * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **ecrRepositoryName** *(list) --* The Amazon ECR repository name to filter on. * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **ecrImageTags** *(list) --* The Amazon ECR image tags to filter on. * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **ec2InstanceTags** *(list) --* The Amazon EC2 instance tags to filter on. * *(dict) --* Contains details of a coverage map filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare coverage on. * **key** *(string) --* **[REQUIRED]** The tag key associated with the coverage map filter. * **value** *(string) --* The tag value associated with the coverage map filter. * **lambdaFunctionName** *(list) --* Returns coverage statistics for Amazon Web Services Lambda functions filtered by function names. * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **lambdaFunctionTags** *(list) --* Returns coverage statistics for Amazon Web Services Lambda functions filtered by tag. * *(dict) --* Contains details of a coverage map filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare coverage on. * **key** *(string) --* **[REQUIRED]** The tag key associated with the coverage map filter. * **value** *(string) --* The tag value associated with the coverage map filter. * **lambdaFunctionRuntime** *(list) --* Returns coverage statistics for Amazon Web Services Lambda functions filtered by runtime. * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **lastScannedAt** *(list) --* Filters Amazon Web Services resources based on whether Amazon Inspector has checked them for vulnerabilities within the specified time range. * *(dict) --* Contains details of a coverage date filter. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period to filter results by. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period to filter results by. * **scanMode** *(list) --* The filter to search for Amazon EC2 instance coverage by scan mode. Valid values are "EC2_SSM_AGENT_BASED" and "EC2_AGENTLESS". * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **imagePulledAt** *(list) --* The date an image was last pulled at. * *(dict) --* Contains details of a coverage date filter. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period to filter results by. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period to filter results by. * **ecrImageLastInUseAt** *(list) --* The Amazon ECR image that was last in use. * *(dict) --* Contains details of a coverage date filter. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period to filter results by. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period to filter results by. * **ecrImageInUseCount** *(list) --* The number of Amazon ECR images in use. * *(dict) --* The coverage number to be used in the filter. * **upperInclusive** *(integer) --* The upper inclusive for the coverage number.> * **lowerInclusive** *(integer) --* The lower inclusive for the coverage number. * **codeRepositoryProjectName** *(list) --* Filter criteria for code repositories based on project name. * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **codeRepositoryProviderType** *(list) --* Filter criteria for code repositories based on provider type (such as GitHub, GitLab, etc.). * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **codeRepositoryProviderTypeVisibility** *(list) --* Filter criteria for code repositories based on visibility setting (public or private). * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. * **lastScannedCommitId** *(list) --* Filter criteria for code repositories based on the ID of the last scanned commit. * *(dict) --* Contains details of a coverage string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to compare strings on. * **value** *(string) --* **[REQUIRED]** The value to compare strings on. Return type: dict Returns: **Response Syntax** { 'nextToken': 'string', 'coveredResources': [ { 'resourceType': 'AWS_EC2_INSTANCE'|'AWS_ECR_CONTAINER_IMAGE'|'AWS_ECR_REPOSITORY'|'AWS_LAMBDA_FUNCTION'|'CODE_REPOSITORY', 'resourceId': 'string', 'accountId': 'string', 'scanType': 'NETWORK'|'PACKAGE'|'CODE', 'scanStatus': { 'statusCode': 'ACTIVE'|'INACTIVE', 'reason': 'PENDING_INITIAL_SCAN'|'ACCESS_DENIED'|'INTERNAL_ERROR'|'UNMANAGED_EC2_INSTANCE'|'UNSUPPORTED_OS'|'SCAN_ELIGIBILITY_EXPIRED'|'RESOURCE_TERMINATED'|'SUCCESSFUL'|'NO_RESOURCES_FOUND'|'IMAGE_SIZE_EXCEEDED'|'SCAN_FREQUENCY_MANUAL'|'SCAN_FREQUENCY_SCAN_ON_PUSH'|'EC2_INSTANCE_STOPPED'|'PENDING_DISABLE'|'NO_INVENTORY'|'STALE_INVENTORY'|'EXCLUDED_BY_TAG'|'UNSUPPORTED_RUNTIME'|'UNSUPPORTED_MEDIA_TYPE'|'UNSUPPORTED_CONFIG_FILE'|'DEEP_INSPECTION_PACKAGE_COLLECTION_LIMIT_EXCEEDED'|'DEEP_INSPECTION_DAILY_SSM_INVENTORY_LIMIT_EXCEEDED'|'DEEP_INSPECTION_COLLECTION_TIME_LIMIT_EXCEEDED'|'DEEP_INSPECTION_NO_INVENTORY'|'AGENTLESS_INSTANCE_STORAGE_LIMIT_EXCEEDED'|'AGENTLESS_INSTANCE_COLLECTION_TIME_LIMIT_EXCEEDED'|'PENDING_REVIVAL_SCAN'|'INTEGRATION_CONNECTION_LOST'|'ACCESS_DENIED_TO_ENCRYPTION_KEY'|'UNSUPPORTED_LANGUAGE'|'NO_SCAN_CONFIGURATION_ASSOCIATED'|'SCAN_IN_PROGRESS' }, 'resourceMetadata': { 'ecrRepository': { 'name': 'string', 'scanFrequency': 'MANUAL'|'SCAN_ON_PUSH'|'CONTINUOUS_SCAN' }, 'ecrImage': { 'tags': [ 'string', ], 'imagePulledAt': datetime(2015, 1, 1), 'lastInUseAt': datetime(2015, 1, 1), 'inUseCount': 123 }, 'ec2': { 'tags': { 'string': 'string' }, 'amiId': 'string', 'platform': 'WINDOWS'|'LINUX'|'UNKNOWN'|'MACOS' }, 'lambdaFunction': { 'functionTags': { 'string': 'string' }, 'layers': [ 'string', ], 'functionName': 'string', 'runtime': 'NODEJS'|'NODEJS_12_X'|'NODEJS_14_X'|'NODEJS_16_X'|'JAVA_8'|'JAVA_8_AL2'|'JAVA_11'|'PYTHON_3_7'|'PYTHON_3_8'|'PYTHON_3_9'|'UNSUPPORTED'|'NODEJS_18_X'|'GO_1_X'|'JAVA_17'|'PYTHON_3_10'|'PYTHON_3_11'|'DOTNETCORE_3_1'|'DOTNET_6'|'DOTNET_7'|'RUBY_2_7'|'RUBY_3_2' }, 'codeRepository': { 'projectName': 'string', 'integrationArn': 'string', 'providerType': 'string', 'providerTypeVisibility': 'string', 'lastScannedCommitId': 'string', 'scanConfiguration': { 'periodicScanConfigurations': [ { 'frequencyExpression': 'string', 'ruleSetCategories': [ 'SAST'|'IAC'|'SCA', ] }, ], 'continuousIntegrationScanConfigurations': [ { 'supportedEvent': 'PULL_REQUEST'|'PUSH', 'ruleSetCategories': [ 'SAST'|'IAC'|'SCA', ] }, ] }, 'onDemandScan': { 'lastScannedCommitId': 'string', 'lastScanAt': datetime(2015, 1, 1), 'scanStatus': { 'statusCode': 'ACTIVE'|'INACTIVE', 'reason': 'PENDING_INITIAL_SCAN'|'ACCESS_DENIED'|'INTERNAL_ERROR'|'UNMANAGED_EC2_INSTANCE'|'UNSUPPORTED_OS'|'SCAN_ELIGIBILITY_EXPIRED'|'RESOURCE_TERMINATED'|'SUCCESSFUL'|'NO_RESOURCES_FOUND'|'IMAGE_SIZE_EXCEEDED'|'SCAN_FREQUENCY_MANUAL'|'SCAN_FREQUENCY_SCAN_ON_PUSH'|'EC2_INSTANCE_STOPPED'|'PENDING_DISABLE'|'NO_INVENTORY'|'STALE_INVENTORY'|'EXCLUDED_BY_TAG'|'UNSUPPORTED_RUNTIME'|'UNSUPPORTED_MEDIA_TYPE'|'UNSUPPORTED_CONFIG_FILE'|'DEEP_INSPECTION_PACKAGE_COLLECTION_LIMIT_EXCEEDED'|'DEEP_INSPECTION_DAILY_SSM_INVENTORY_LIMIT_EXCEEDED'|'DEEP_INSPECTION_COLLECTION_TIME_LIMIT_EXCEEDED'|'DEEP_INSPECTION_NO_INVENTORY'|'AGENTLESS_INSTANCE_STORAGE_LIMIT_EXCEEDED'|'AGENTLESS_INSTANCE_COLLECTION_TIME_LIMIT_EXCEEDED'|'PENDING_REVIVAL_SCAN'|'INTEGRATION_CONNECTION_LOST'|'ACCESS_DENIED_TO_ENCRYPTION_KEY'|'UNSUPPORTED_LANGUAGE'|'NO_SCAN_CONFIGURATION_ASSOCIATED'|'SCAN_IN_PROGRESS' } } } }, 'lastScannedAt': datetime(2015, 1, 1), 'scanMode': 'EC2_SSM_AGENT_BASED'|'EC2_AGENTLESS' }, ] } **Response Structure** * *(dict) --* * **nextToken** *(string) --* A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the "NextToken" value returned from the previous request to continue listing results after the first page. * **coveredResources** *(list) --* An object that contains details on the covered resources in your environment. * *(dict) --* An object that contains details about a resource covered by Amazon Inspector. * **resourceType** *(string) --* The type of the covered resource. * **resourceId** *(string) --* The ID of the covered resource. * **accountId** *(string) --* The Amazon Web Services account ID of the covered resource. * **scanType** *(string) --* The Amazon Inspector scan type covering the resource. * **scanStatus** *(dict) --* The status of the scan covering the resource. * **statusCode** *(string) --* The status code of the scan. * **reason** *(string) --* The scan status. Possible return values and descriptions are: "ACCESS_DENIED" - Resource access policy restricting Amazon Inspector access. Please update the IAM policy. "ACCESS_DENIED_TO_ENCRYPTION_KEY" - The KMS key policy doesn't allow Amazon Inspector access. Update the key policy. "DEEP_INSPECTION_COLLECTION_TIME_LIMIT_EXCEEDED" - Amazon Inspector failed to extract the package inventory because the package collection time exceeding the maximum threshold of 15 minutes. "DEEP_INSPECTION_DAILY_SSM_INVENTORY_LIMIT_EXCEEDED" - The SSM agent couldn't send inventory to Amazon Inspector because the SSM quota for Inventory data collected per instance per day has already been reached for this instance. "DEEP_INSPECTION_NO_INVENTORY" - The Amazon Inspector plugin hasn't yet been able to collect an inventory of packages for this instance. This is usually the result of a pending scan, however, if this status persists after 6 hours, use SSM to ensure that the required Amazon Inspector associations exist and are running for the instance. "DEEP_INSPECTION_PACKAGE_COLLECTION_LIMIT_EXCEEDED" - The instance has exceeded the 5000 package limit for Amazon Inspector Deep inspection. To resume Deep inspection for this instance you can try to adjust the custom paths associated with the account. "EC2_INSTANCE_STOPPED" - This EC2 instance is in a stopped state, therefore, Amazon Inspector will pause scanning. The existing findings will continue to exist until the instance is terminated. Once the instance is re-started, Inspector will automatically start scanning the instance again. Please note that you will not be charged for this instance while it's in a stopped state. "EXCLUDED_BY_TAG" - This resource was not scanned because it has been excluded by a tag. "IMAGE_SIZE_EXCEEDED" - Reserved for future use. "INTEGRATION_CONNNECTION_LOST" - Amazon Inspector couldn't communicate with the source code management platform. "INTERNAL_ERROR" - Amazon Inspector has encountered an internal error for this resource. Amazon Inspector service will automatically resolve the issue and resume the scanning. No action required from the user. "NO_INVENTORY" - Amazon Inspector couldn't find software application inventory to scan for vulnerabilities. This might be caused due to required Amazon Inspector associations being deleted or failing to run on your resource. Please verify the status of "InspectorInventoryCollection-do-not-delete" association in the SSM console for the resource. Additionally, you can verify the instance's inventory in the SSM Fleet Manager console. "NO_RESOURCES_FOUND" - Reserved for future use. "NO_SCAN_CONFIGURATION_ASSOCIATED" - The code repository resource doesn't have an associated scan configuration. "PENDING_DISABLE" - This resource is pending cleanup during disablement. The customer will not be billed while a resource is in the pending disable status. "PENDING_INITIAL_SCAN" - This resource has been identified for scanning, results will be available soon. "RESOURCE_TERMINATED" - This resource has been terminated. The findings and coverage associated with this resource are in the process of being cleaned up. "SCAN_ELIGIBILITY_EXPIRED" - The configured scan duration has lapsed for this image. "SCAN_FREQUENCY_MANUAL" - This image will not be covered by Amazon Inspector due to the repository scan frequency configuration. "SCAN_FREQUENCY_SCAN_ON_PUSH" - This image will be scanned one time and will not new findings because of the scan frequency configuration. "SCAN_IN_PROGRESS" - The resource is currently being scanned. "STALE_INVENTORY" - Amazon Inspector wasn't able to collect an updated software application inventory in the last 7 days. Please confirm the required Amazon Inspector associations still exist and you can still see an updated inventory in the SSM console. "SUCCESSFUL" - The scan was successful. "UNMANAGED_EC2_INSTANCE" - The EC2 instance is not managed by SSM, please use the following SSM automation to remediate the issue: https://docs.aws.amazon.com/systems-manager- automation-runbooks/latest/userguide/automation- awssupport-troubleshoot-managed-instance.html. Once the instance becomes managed by SSM, Inspector will automatically begin scanning this instance. "UNSUPPORTED_CONFIG_FILE" - Reserved for future use. "UNSUPPORTED_LANGUAGE" - The scan was unsuccessful because the repository contains files in an unsupported programming language. >>``<>``<<- The ECR image has an unsupported media type. "UNSUPPORTED_OS" - Amazon Inspector does not support this OS, architecture, or image manifest type at this time. To see a complete list of supported operating systems see: https://docs.aws.amazon.com/inspector/la test/user/supported.html. "UNSUPPORTED_RUNTIME" - The function was not scanned because it has an unsupported runtime. To see a complete list of supported runtimes see: https://docs .aws.amazon.com/inspector/latest/user/supported.html. * **resourceMetadata** *(dict) --* An object that contains details about the metadata. * **ecrRepository** *(dict) --* An object that contains details about the repository an Amazon ECR image resides in. * **name** *(string) --* The name of the Amazon ECR repository. * **scanFrequency** *(string) --* The frequency of scans. * **ecrImage** *(dict) --* An object that contains details about the container metadata for an Amazon ECR image. * **tags** *(list) --* Tags associated with the Amazon ECR image metadata. * *(string) --* * **imagePulledAt** *(datetime) --* The date an image was last pulled at. * **lastInUseAt** *(datetime) --* The last time an Amazon ECR image was used in an Amazon ECS task or Amazon EKS pod. * **inUseCount** *(integer) --* The number of Amazon ECS tasks or Amazon EKS pods where the Amazon ECR container image is in use. * **ec2** *(dict) --* An object that contains metadata details for an Amazon EC2 instance. * **tags** *(dict) --* The tags attached to the instance. * *(string) --* * *(string) --* * **amiId** *(string) --* The ID of the Amazon Machine Image (AMI) used to launch the instance. * **platform** *(string) --* The platform of the instance. * **lambdaFunction** *(dict) --* An object that contains metadata details for an Amazon Web Services Lambda function. * **functionTags** *(dict) --* The resource tags on an Amazon Web Services Lambda function. * *(string) --* * *(string) --* * **layers** *(list) --* The layers for an Amazon Web Services Lambda function. A Lambda function can have up to five layers. * *(string) --* * **functionName** *(string) --* The name of a function. * **runtime** *(string) --* An Amazon Web Services Lambda function's runtime. * **codeRepository** *(dict) --* Contains metadata about scan coverage for a code repository resource. * **projectName** *(string) --* The name of the project in the code repository. * **integrationArn** *(string) --* The Amazon Resource Name (ARN) of the code security integration associated with the repository. * **providerType** *(string) --* The type of repository provider (such as GitHub, GitLab, etc.). * **providerTypeVisibility** *(string) --* The visibility setting of the repository (public or private). * **lastScannedCommitId** *(string) --* The ID of the last commit that was scanned in the repository. * **scanConfiguration** *(dict) --* The scan configuration settings applied to the code repository. * **periodicScanConfigurations** *(list) --* The periodic scan configurations applied to the project. * *(dict) --* Contains the periodic scan configuration settings applied to a specific project. * **frequencyExpression** *(string) --* The schedule expression for periodic scans, in cron format, applied to the project. * **ruleSetCategories** *(list) --* The categories of security rules applied during periodic scans for the project. * *(string) --* * **continuousIntegrationScanConfigurations** *(list) --* The continuous integration scan configurations applied to the project. * *(dict) --* Contains the continuous integration scan configuration settings applied to a specific project. * **supportedEvent** *(string) --* The repository event that triggers continuous integration scans for the project. * **ruleSetCategories** *(list) --* The categories of security rules applied during continuous integration scans for the project. * *(string) --* * **onDemandScan** *(dict) --* Information about on-demand scans performed on the repository. * **lastScannedCommitId** *(string) --* The ID of the last commit that was scanned during an on-demand scan. * **lastScanAt** *(datetime) --* The timestamp when the last on-demand scan was performed. * **scanStatus** *(dict) --* The status of the scan. * **statusCode** *(string) --* The status code of the scan. * **reason** *(string) --* The scan status. Possible return values and descriptions are: "ACCESS_DENIED" - Resource access policy restricting Amazon Inspector access. Please update the IAM policy. "ACCESS_DENIED_TO_ENCRYPTION_KEY" - The KMS key policy doesn't allow Amazon Inspector access. Update the key policy. "DEEP_INSPECTION_COLLECTION_TIME_LIMIT_EXCEEDED" - Amazon Inspector failed to extract the package inventory because the package collection time exceeding the maximum threshold of 15 minutes. "DEEP_INSPECTION_DAILY_SSM_INVENTORY_LIMIT_EXCE EDED" - The SSM agent couldn't send inventory to Amazon Inspector because the SSM quota for Inventory data collected per instance per day has already been reached for this instance. "DEEP_INSPECTION_NO_INVENTORY" - The Amazon Inspector plugin hasn't yet been able to collect an inventory of packages for this instance. This is usually the result of a pending scan, however, if this status persists after 6 hours, use SSM to ensure that the required Amazon Inspector associations exist and are running for the instance. "DEEP_INSPECTION_PACKAGE_COLLECTION_LIMIT_EXCEE DED" - The instance has exceeded the 5000 package limit for Amazon Inspector Deep inspection. To resume Deep inspection for this instance you can try to adjust the custom paths associated with the account. "EC2_INSTANCE_STOPPED" - This EC2 instance is in a stopped state, therefore, Amazon Inspector will pause scanning. The existing findings will continue to exist until the instance is terminated. Once the instance is re-started, Inspector will automatically start scanning the instance again. Please note that you will not be charged for this instance while it's in a stopped state. "EXCLUDED_BY_TAG" - This resource was not scanned because it has been excluded by a tag. "IMAGE_SIZE_EXCEEDED" - Reserved for future use. "INTEGRATION_CONNNECTION_LOST" - Amazon Inspector couldn't communicate with the source code management platform. "INTERNAL_ERROR" - Amazon Inspector has encountered an internal error for this resource. Amazon Inspector service will automatically resolve the issue and resume the scanning. No action required from the user. "NO_INVENTORY" - Amazon Inspector couldn't find software application inventory to scan for vulnerabilities. This might be caused due to required Amazon Inspector associations being deleted or failing to run on your resource. Please verify the status of "InspectorInventoryCollection-do-not-delete" association in the SSM console for the resource. Additionally, you can verify the instance's inventory in the SSM Fleet Manager console. "NO_RESOURCES_FOUND" - Reserved for future use. "NO_SCAN_CONFIGURATION_ASSOCIATED" - The code repository resource doesn't have an associated scan configuration. "PENDING_DISABLE" - This resource is pending cleanup during disablement. The customer will not be billed while a resource is in the pending disable status. "PENDING_INITIAL_SCAN" - This resource has been identified for scanning, results will be available soon. "RESOURCE_TERMINATED" - This resource has been terminated. The findings and coverage associated with this resource are in the process of being cleaned up. "SCAN_ELIGIBILITY_EXPIRED" - The configured scan duration has lapsed for this image. "SCAN_FREQUENCY_MANUAL" - This image will not be covered by Amazon Inspector due to the repository scan frequency configuration. "SCAN_FREQUENCY_SCAN_ON_PUSH" - This image will be scanned one time and will not new findings because of the scan frequency configuration. "SCAN_IN_PROGRESS" - The resource is currently being scanned. "STALE_INVENTORY" - Amazon Inspector wasn't able to collect an updated software application inventory in the last 7 days. Please confirm the required Amazon Inspector associations still exist and you can still see an updated inventory in the SSM console. "SUCCESSFUL" - The scan was successful. "UNMANAGED_EC2_INSTANCE" - The EC2 instance is not managed by SSM, please use the following SSM automation to remediate the issue: https://docs.aws.amazon.com/systems-manager- automation-runbooks/latest/userguide/automation- awssupport-troubleshoot-managed-instance.html. Once the instance becomes managed by SSM, Inspector will automatically begin scanning this instance. "UNSUPPORTED_CONFIG_FILE" - Reserved for future use. "UNSUPPORTED_LANGUAGE" - The scan was unsuccessful because the repository contains files in an unsupported programming language. >>``<>``<<- The ECR image has an unsupported media type. "UNSUPPORTED_OS" - Amazon Inspector does not support this OS, architecture, or image manifest type at this time. To see a complete list of supported operating systems see: https://docs.a ws.amazon.com/inspector/latest/user/supported.h tml. "UNSUPPORTED_RUNTIME" - The function was not scanned because it has an unsupported runtime. To see a complete list of supported runtimes see: https://docs.aws.amazon.com/inspector/late st/user/supported.html. * **lastScannedAt** *(datetime) --* The date and time the resource was last checked for vulnerabilities. * **scanMode** *(string) --* The scan method that is applied to the instance. **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / list_cis_scans list_cis_scans ************** Inspector2.Client.list_cis_scans(**kwargs) Returns a CIS scan list. See also: AWS API Documentation **Request Syntax** response = client.list_cis_scans( filterCriteria={ 'scanNameFilters': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'targetResourceTagFilters': [ { 'comparison': 'EQUALS', 'key': 'string', 'value': 'string' }, ], 'targetResourceIdFilters': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'scanStatusFilters': [ { 'comparison': 'EQUALS', 'value': 'FAILED'|'COMPLETED'|'CANCELLED'|'IN_PROGRESS' }, ], 'scanAtFilters': [ { 'earliestScanStartTime': datetime(2015, 1, 1), 'latestScanStartTime': datetime(2015, 1, 1) }, ], 'scanConfigurationArnFilters': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'scanArnFilters': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'scheduledByFilters': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'failedChecksFilters': [ { 'upperInclusive': 123, 'lowerInclusive': 123 }, ], 'targetAccountIdFilters': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ] }, detailLevel='ORGANIZATION'|'MEMBER', sortBy='STATUS'|'SCHEDULED_BY'|'SCAN_START_DATE'|'FAILED_CHECKS', sortOrder='ASC'|'DESC', nextToken='string', maxResults=123 ) Parameters: * **filterCriteria** (*dict*) -- The CIS scan filter criteria. * **scanNameFilters** *(list) --* The list of scan name filters. * *(dict) --* The CIS string filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS string filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS string filter. * **targetResourceTagFilters** *(list) --* The list of target resource tag filters. * *(dict) --* The tag filter. * **comparison** *(string) --* **[REQUIRED]** The tag filter comparison value. * **key** *(string) --* **[REQUIRED]** The tag filter key. * **value** *(string) --* **[REQUIRED]** The tag filter value. * **targetResourceIdFilters** *(list) --* The list of target resource ID filters. * *(dict) --* The CIS string filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS string filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS string filter. * **scanStatusFilters** *(list) --* The list of scan status filters. * *(dict) --* The CIS scan status filter. * **comparison** *(string) --* **[REQUIRED]** The filter comparison value. * **value** *(string) --* **[REQUIRED]** The filter value. * **scanAtFilters** *(list) --* The list of scan at filters. * *(dict) --* The CIS date filter. * **earliestScanStartTime** *(datetime) --* The CIS date filter's earliest scan start time. * **latestScanStartTime** *(datetime) --* The CIS date filter's latest scan start time. * **scanConfigurationArnFilters** *(list) --* The list of scan configuration ARN filters. * *(dict) --* The CIS string filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS string filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS string filter. * **scanArnFilters** *(list) --* The list of scan ARN filters. * *(dict) --* The CIS string filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS string filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS string filter. * **scheduledByFilters** *(list) --* The list of scheduled by filters. * *(dict) --* The CIS string filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS string filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS string filter. * **failedChecksFilters** *(list) --* The list of failed checks filters. * *(dict) --* The CIS number filter. * **upperInclusive** *(integer) --* The CIS number filter's upper inclusive. * **lowerInclusive** *(integer) --* The CIS number filter's lower inclusive. * **targetAccountIdFilters** *(list) --* The list of target account ID filters. * *(dict) --* The CIS string filter. * **comparison** *(string) --* **[REQUIRED]** The comparison value of the CIS string filter. * **value** *(string) --* **[REQUIRED]** The value of the CIS string filter. * **detailLevel** (*string*) -- The detail applied to the CIS scan. * **sortBy** (*string*) -- The CIS scans sort by order. * **sortOrder** (*string*) -- The CIS scans sort order. * **nextToken** (*string*) -- The pagination token from a previous request that's used to retrieve the next page of results. * **maxResults** (*integer*) -- The maximum number of results to be returned. Return type: dict Returns: **Response Syntax** { 'scans': [ { 'scanArn': 'string', 'scanConfigurationArn': 'string', 'status': 'FAILED'|'COMPLETED'|'CANCELLED'|'IN_PROGRESS', 'scanName': 'string', 'scanDate': datetime(2015, 1, 1), 'failedChecks': 123, 'totalChecks': 123, 'targets': { 'accountIds': [ 'string', ], 'targetResourceTags': { 'string': [ 'string', ] } }, 'scheduledBy': 'string', 'securityLevel': 'LEVEL_1'|'LEVEL_2' }, ], 'nextToken': 'string' } **Response Structure** * *(dict) --* * **scans** *(list) --* The CIS scans. * *(dict) --* The CIS scan. * **scanArn** *(string) --* The CIS scan's ARN. * **scanConfigurationArn** *(string) --* The CIS scan's configuration ARN. * **status** *(string) --* The CIS scan's status. * **scanName** *(string) --* The the name of the scan configuration that's associated with this scan. * **scanDate** *(datetime) --* The CIS scan's date. * **failedChecks** *(integer) --* The CIS scan's failed checks. * **totalChecks** *(integer) --* The CIS scan's total checks. * **targets** *(dict) --* The CIS scan's targets. * **accountIds** *(list) --* The CIS target account ids. * *(string) --* * **targetResourceTags** *(dict) --* The CIS target resource tags. * *(string) --* * *(list) --* * *(string) --* * **scheduledBy** *(string) --* The account or organization that schedules the CIS scan. * **securityLevel** *(string) --* The security level for the CIS scan. Security level refers to the Benchmark levels that CIS assigns to a profile. * **nextToken** *(string) --* The pagination token from a previous request that's used to retrieve the next page of results. **Exceptions** * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / close close ***** Inspector2.Client.close() Closes underlying endpoint connections. Inspector2 / Client / get_sbom_export get_sbom_export *************** Inspector2.Client.get_sbom_export(**kwargs) Gets details of a software bill of materials (SBOM) report. See also: AWS API Documentation **Request Syntax** response = client.get_sbom_export( reportId='string' ) Parameters: **reportId** (*string*) -- **[REQUIRED]** The report ID of the SBOM export to get details for. Return type: dict Returns: **Response Syntax** { 'reportId': 'string', 'format': 'CYCLONEDX_1_4'|'SPDX_2_3', 'status': 'SUCCEEDED'|'IN_PROGRESS'|'CANCELLED'|'FAILED', 'errorCode': 'INTERNAL_ERROR'|'INVALID_PERMISSIONS'|'NO_FINDINGS_FOUND'|'BUCKET_NOT_FOUND'|'INCOMPATIBLE_BUCKET_REGION'|'MALFORMED_KMS_KEY', 'errorMessage': 'string', 's3Destination': { 'bucketName': 'string', 'keyPrefix': 'string', 'kmsKeyArn': 'string' }, 'filterCriteria': { 'accountId': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'resourceId': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'resourceType': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrRepositoryName': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionName': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageTags': [ { 'comparison': 'EQUALS'|'NOT_EQUALS', 'value': 'string' }, ], 'ec2InstanceTags': [ { 'comparison': 'EQUALS', 'key': 'string', 'value': 'string' }, ], 'lambdaFunctionTags': [ { 'comparison': 'EQUALS', 'key': 'string', 'value': 'string' }, ] } } **Response Structure** * *(dict) --* * **reportId** *(string) --* The report ID of the software bill of materials (SBOM) report. * **format** *(string) --* The format of the software bill of materials (SBOM) report. * **status** *(string) --* The status of the software bill of materials (SBOM) report. * **errorCode** *(string) --* An error code. * **errorMessage** *(string) --* An error message. * **s3Destination** *(dict) --* Contains details of the Amazon S3 bucket and KMS key used to export findings * **bucketName** *(string) --* The name of the Amazon S3 bucket to export findings to. * **keyPrefix** *(string) --* The prefix that the findings will be written under. * **kmsKeyArn** *(string) --* The ARN of the KMS key used to encrypt data when exporting findings. * **filterCriteria** *(dict) --* Contains details about the resource filter criteria used for the software bill of materials (SBOM) report. * **accountId** *(list) --* The account IDs used as resource filter criteria. * *(dict) --* A resource string filter for a software bill of materials report. * **comparison** *(string) --* The filter's comparison. * **value** *(string) --* The filter's value. * **resourceId** *(list) --* The resource IDs used as resource filter criteria. * *(dict) --* A resource string filter for a software bill of materials report. * **comparison** *(string) --* The filter's comparison. * **value** *(string) --* The filter's value. * **resourceType** *(list) --* The resource types used as resource filter criteria. * *(dict) --* A resource string filter for a software bill of materials report. * **comparison** *(string) --* The filter's comparison. * **value** *(string) --* The filter's value. * **ecrRepositoryName** *(list) --* The ECR repository names used as resource filter criteria. * *(dict) --* A resource string filter for a software bill of materials report. * **comparison** *(string) --* The filter's comparison. * **value** *(string) --* The filter's value. * **lambdaFunctionName** *(list) --* The Amazon Web Services Lambda function name used as resource filter criteria. * *(dict) --* A resource string filter for a software bill of materials report. * **comparison** *(string) --* The filter's comparison. * **value** *(string) --* The filter's value. * **ecrImageTags** *(list) --* The ECR image tags used as resource filter criteria. * *(dict) --* A resource string filter for a software bill of materials report. * **comparison** *(string) --* The filter's comparison. * **value** *(string) --* The filter's value. * **ec2InstanceTags** *(list) --* The EC2 instance tags used as resource filter criteria. * *(dict) --* A resource map filter for a software bill of material report. * **comparison** *(string) --* The filter's comparison. * **key** *(string) --* The filter's key. * **value** *(string) --* The filter's value. * **lambdaFunctionTags** *(list) --* The Amazon Web Services Lambda function tags used as resource filter criteria. * *(dict) --* A resource map filter for a software bill of material report. * **comparison** *(string) --* The filter's comparison. * **key** *(string) --* The filter's key. * **value** *(string) --* The filter's value. **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ResourceNotFoundException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / disassociate_member disassociate_member ******************* Inspector2.Client.disassociate_member(**kwargs) Disassociates a member account from an Amazon Inspector delegated administrator. See also: AWS API Documentation **Request Syntax** response = client.disassociate_member( accountId='string' ) Parameters: **accountId** (*string*) -- **[REQUIRED]** The Amazon Web Services account ID of the member account to disassociate. Return type: dict Returns: **Response Syntax** { 'accountId': 'string' } **Response Structure** * *(dict) --* * **accountId** *(string) --* The Amazon Web Services account ID of the successfully disassociated member. **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / list_finding_aggregations list_finding_aggregations ************************* Inspector2.Client.list_finding_aggregations(**kwargs) Lists aggregated finding data for your environment based on specific criteria. See also: AWS API Documentation **Request Syntax** response = client.list_finding_aggregations( aggregationType='FINDING_TYPE'|'PACKAGE'|'TITLE'|'REPOSITORY'|'AMI'|'AWS_EC2_INSTANCE'|'AWS_ECR_CONTAINER'|'IMAGE_LAYER'|'ACCOUNT'|'AWS_LAMBDA_FUNCTION'|'LAMBDA_LAYER'|'CODE_REPOSITORY', nextToken='string', maxResults=123, accountIds=[ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], aggregationRequest={ 'accountAggregation': { 'findingType': 'NETWORK_REACHABILITY'|'PACKAGE_VULNERABILITY'|'CODE_VULNERABILITY', 'resourceType': 'AWS_EC2_INSTANCE'|'AWS_ECR_CONTAINER_IMAGE'|'AWS_LAMBDA_FUNCTION'|'CODE_REPOSITORY', 'sortOrder': 'ASC'|'DESC', 'sortBy': 'CRITICAL'|'HIGH'|'ALL' }, 'amiAggregation': { 'amis': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'sortOrder': 'ASC'|'DESC', 'sortBy': 'CRITICAL'|'HIGH'|'ALL'|'AFFECTED_INSTANCES' }, 'awsEcrContainerAggregation': { 'resourceIds': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'imageShas': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'repositories': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'architectures': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'imageTags': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'sortOrder': 'ASC'|'DESC', 'sortBy': 'CRITICAL'|'HIGH'|'ALL', 'lastInUseAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'inUseCount': [ { 'upperInclusive': 123.0, 'lowerInclusive': 123.0 }, ] }, 'ec2InstanceAggregation': { 'amis': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'operatingSystems': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'instanceIds': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'instanceTags': [ { 'comparison': 'EQUALS', 'key': 'string', 'value': 'string' }, ], 'sortOrder': 'ASC'|'DESC', 'sortBy': 'NETWORK_FINDINGS'|'CRITICAL'|'HIGH'|'ALL' }, 'findingTypeAggregation': { 'findingType': 'NETWORK_REACHABILITY'|'PACKAGE_VULNERABILITY'|'CODE_VULNERABILITY', 'resourceType': 'AWS_EC2_INSTANCE'|'AWS_ECR_CONTAINER_IMAGE'|'AWS_LAMBDA_FUNCTION'|'CODE_REPOSITORY', 'sortOrder': 'ASC'|'DESC', 'sortBy': 'CRITICAL'|'HIGH'|'ALL' }, 'imageLayerAggregation': { 'repositories': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'resourceIds': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'layerHashes': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'sortOrder': 'ASC'|'DESC', 'sortBy': 'CRITICAL'|'HIGH'|'ALL' }, 'packageAggregation': { 'packageNames': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'sortOrder': 'ASC'|'DESC', 'sortBy': 'CRITICAL'|'HIGH'|'ALL' }, 'repositoryAggregation': { 'repositories': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'sortOrder': 'ASC'|'DESC', 'sortBy': 'CRITICAL'|'HIGH'|'ALL'|'AFFECTED_IMAGES' }, 'titleAggregation': { 'titles': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'vulnerabilityIds': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'resourceType': 'AWS_EC2_INSTANCE'|'AWS_ECR_CONTAINER_IMAGE'|'AWS_LAMBDA_FUNCTION'|'CODE_REPOSITORY', 'sortOrder': 'ASC'|'DESC', 'sortBy': 'CRITICAL'|'HIGH'|'ALL', 'findingType': 'NETWORK_REACHABILITY'|'PACKAGE_VULNERABILITY'|'CODE_VULNERABILITY' }, 'lambdaLayerAggregation': { 'functionNames': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'resourceIds': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'layerArns': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'sortOrder': 'ASC'|'DESC', 'sortBy': 'CRITICAL'|'HIGH'|'ALL' }, 'lambdaFunctionAggregation': { 'resourceIds': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'functionNames': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'runtimes': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'functionTags': [ { 'comparison': 'EQUALS', 'key': 'string', 'value': 'string' }, ], 'sortOrder': 'ASC'|'DESC', 'sortBy': 'CRITICAL'|'HIGH'|'ALL' }, 'codeRepositoryAggregation': { 'projectNames': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'providerTypes': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'sortOrder': 'ASC'|'DESC', 'sortBy': 'CRITICAL'|'HIGH'|'ALL', 'resourceIds': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ] } } ) Parameters: * **aggregationType** (*string*) -- **[REQUIRED]** The type of the aggregation request. * **nextToken** (*string*) -- A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. If your response returns more than the "maxResults" maximum value it will also return a "nextToken" value. For subsequent calls, use the "nextToken" value returned from the previous request to continue listing results after the first page. * **maxResults** (*integer*) -- The maximum number of results the response can return. If your request would return more than the maximum the response will return a "nextToken" value, use this value when you call the action again to get the remaining results. * **accountIds** (*list*) -- The Amazon Web Services account IDs to retrieve finding aggregation data for. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **aggregationRequest** (*dict*) -- Details of the aggregation request that is used to filter your aggregation results. Note: This is a Tagged Union structure. Only one of the following top level keys can be set: "accountAggregation", "amiAggregation", "awsEcrContainerAggregation", "ec2InstanceAggregation", "findingTypeAggregation", "imageLayerAggregation", "packageAggregation", "repositoryAggregation", "titleAggregation", "lambdaLayerAggregation", "lambdaFunctionAggregation", "codeRepositoryAggregation". * **accountAggregation** *(dict) --* An object that contains details about an aggregation request based on Amazon Web Services account IDs. * **findingType** *(string) --* The type of finding. * **resourceType** *(string) --* The type of resource. * **sortOrder** *(string) --* The sort order (ascending or descending). * **sortBy** *(string) --* The value to sort by. * **amiAggregation** *(dict) --* An object that contains details about an aggregation request based on Amazon Machine Images (AMIs). * **amis** *(list) --* The IDs of AMIs to aggregate findings for. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **sortOrder** *(string) --* The order to sort results by. * **sortBy** *(string) --* The value to sort results by. * **awsEcrContainerAggregation** *(dict) --* An object that contains details about an aggregation request based on Amazon ECR container images. * **resourceIds** *(list) --* The container resource IDs. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **imageShas** *(list) --* The image SHA values. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **repositories** *(list) --* The container repositories. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **architectures** *(list) --* The architecture of the containers. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **imageTags** *(list) --* The image tags. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **sortOrder** *(string) --* The sort order (ascending or descending). * **sortBy** *(string) --* The value to sort by. * **lastInUseAt** *(list) --* The last time an Amazon ECR image was used in an Amazon ECS task or Amazon EKS pod. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **inUseCount** *(list) --* The number of Amazon ECS tasks or Amazon EKS pods where the Amazon ECR container image is in use. * *(dict) --* An object that describes the details of a number filter. * **upperInclusive** *(float) --* The highest number to be included in the filter. * **lowerInclusive** *(float) --* The lowest number to be included in the filter. * **ec2InstanceAggregation** *(dict) --* An object that contains details about an aggregation request based on Amazon EC2 instances. * **amis** *(list) --* The AMI IDs associated with the Amazon EC2 instances to aggregate findings for. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **operatingSystems** *(list) --* The operating system types to aggregate findings for. Valid values must be uppercase and underscore separated, examples are "ORACLE_LINUX_7" and "ALPINE_LINUX_3_8". * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **instanceIds** *(list) --* The Amazon EC2 instance IDs to aggregate findings for. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **instanceTags** *(list) --* The Amazon EC2 instance tags to aggregate findings for. * *(dict) --* An object that describes details of a map filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **key** *(string) --* **[REQUIRED]** The tag key used in the filter. * **value** *(string) --* The tag value used in the filter. * **sortOrder** *(string) --* The order to sort results by. * **sortBy** *(string) --* The value to sort results by. * **findingTypeAggregation** *(dict) --* An object that contains details about an aggregation request based on finding types. * **findingType** *(string) --* The finding type to aggregate. * **resourceType** *(string) --* The resource type to aggregate. * **sortOrder** *(string) --* The order to sort results by. * **sortBy** *(string) --* The value to sort results by. * **imageLayerAggregation** *(dict) --* An object that contains details about an aggregation request based on container image layers. * **repositories** *(list) --* The repository associated with the container image hosting the layers. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **resourceIds** *(list) --* The ID of the container image layer. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **layerHashes** *(list) --* The hashes associated with the layers. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **sortOrder** *(string) --* The order to sort results by. * **sortBy** *(string) --* The value to sort results by. * **packageAggregation** *(dict) --* An object that contains details about an aggregation request based on operating system package type. * **packageNames** *(list) --* The names of packages to aggregate findings on. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **sortOrder** *(string) --* The order to sort results by. * **sortBy** *(string) --* The value to sort results by. * **repositoryAggregation** *(dict) --* An object that contains details about an aggregation request based on Amazon ECR repositories. * **repositories** *(list) --* The names of repositories to aggregate findings on. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **sortOrder** *(string) --* The order to sort results by. * **sortBy** *(string) --* The value to sort results by. * **titleAggregation** *(dict) --* An object that contains details about an aggregation request based on finding title. * **titles** *(list) --* The finding titles to aggregate on. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **vulnerabilityIds** *(list) --* The vulnerability IDs of the findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **resourceType** *(string) --* The resource type to aggregate on. * **sortOrder** *(string) --* The order to sort results by. * **sortBy** *(string) --* The value to sort results by. * **findingType** *(string) --* The type of finding to aggregate on. * **lambdaLayerAggregation** *(dict) --* Returns an object with findings aggregated by Amazon Web Services Lambda layer. * **functionNames** *(list) --* The names of the Amazon Web Services Lambda functions associated with the layers. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **resourceIds** *(list) --* The resource IDs for the Amazon Web Services Lambda function layers. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **layerArns** *(list) --* The Amazon Resource Name (ARN) of the Amazon Web Services Lambda function layer. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **sortOrder** *(string) --* The order to use for sorting the results. * **sortBy** *(string) --* The finding severity to use for sorting the results. * **lambdaFunctionAggregation** *(dict) --* Returns an object with findings aggregated by Amazon Web Services Lambda function. * **resourceIds** *(list) --* The resource IDs to include in the aggregation results. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **functionNames** *(list) --* The Amazon Web Services Lambda function names to include in the aggregation results. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **runtimes** *(list) --* Returns findings aggregated by Amazon Web Services Lambda function runtime environments. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **functionTags** *(list) --* The tags to include in the aggregation results. * *(dict) --* An object that describes details of a map filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **key** *(string) --* **[REQUIRED]** The tag key used in the filter. * **value** *(string) --* The tag value used in the filter. * **sortOrder** *(string) --* The order to use for sorting the results. * **sortBy** *(string) --* The finding severity to use for sorting the results. * **codeRepositoryAggregation** *(dict) --* An object that contains details about an aggregation request based on code repositories. * **projectNames** *(list) --* The project names to include in the aggregation results. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **providerTypes** *(list) --* The repository provider types to include in the aggregation results. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **sortOrder** *(string) --* The order to sort results by (ascending or descending) in the code repository aggregation. * **sortBy** *(string) --* The value to sort results by in the code repository aggregation. * **resourceIds** *(list) --* The resource IDs to include in the aggregation results. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. Return type: dict Returns: **Response Syntax** { 'aggregationType': 'FINDING_TYPE'|'PACKAGE'|'TITLE'|'REPOSITORY'|'AMI'|'AWS_EC2_INSTANCE'|'AWS_ECR_CONTAINER'|'IMAGE_LAYER'|'ACCOUNT'|'AWS_LAMBDA_FUNCTION'|'LAMBDA_LAYER'|'CODE_REPOSITORY', 'responses': [ { 'accountAggregation': { 'accountId': 'string', 'severityCounts': { 'all': 123, 'medium': 123, 'high': 123, 'critical': 123 }, 'exploitAvailableCount': 123, 'fixAvailableCount': 123 }, 'amiAggregation': { 'ami': 'string', 'accountId': 'string', 'severityCounts': { 'all': 123, 'medium': 123, 'high': 123, 'critical': 123 }, 'affectedInstances': 123 }, 'awsEcrContainerAggregation': { 'resourceId': 'string', 'imageSha': 'string', 'repository': 'string', 'architecture': 'string', 'imageTags': [ 'string', ], 'accountId': 'string', 'severityCounts': { 'all': 123, 'medium': 123, 'high': 123, 'critical': 123 }, 'lastInUseAt': datetime(2015, 1, 1), 'inUseCount': 123 }, 'ec2InstanceAggregation': { 'instanceId': 'string', 'ami': 'string', 'operatingSystem': 'string', 'instanceTags': { 'string': 'string' }, 'accountId': 'string', 'severityCounts': { 'all': 123, 'medium': 123, 'high': 123, 'critical': 123 }, 'networkFindings': 123 }, 'findingTypeAggregation': { 'accountId': 'string', 'severityCounts': { 'all': 123, 'medium': 123, 'high': 123, 'critical': 123 }, 'exploitAvailableCount': 123, 'fixAvailableCount': 123 }, 'imageLayerAggregation': { 'repository': 'string', 'resourceId': 'string', 'layerHash': 'string', 'accountId': 'string', 'severityCounts': { 'all': 123, 'medium': 123, 'high': 123, 'critical': 123 } }, 'packageAggregation': { 'packageName': 'string', 'accountId': 'string', 'severityCounts': { 'all': 123, 'medium': 123, 'high': 123, 'critical': 123 } }, 'repositoryAggregation': { 'repository': 'string', 'accountId': 'string', 'severityCounts': { 'all': 123, 'medium': 123, 'high': 123, 'critical': 123 }, 'affectedImages': 123 }, 'titleAggregation': { 'title': 'string', 'vulnerabilityId': 'string', 'accountId': 'string', 'severityCounts': { 'all': 123, 'medium': 123, 'high': 123, 'critical': 123 } }, 'lambdaLayerAggregation': { 'functionName': 'string', 'resourceId': 'string', 'layerArn': 'string', 'accountId': 'string', 'severityCounts': { 'all': 123, 'medium': 123, 'high': 123, 'critical': 123 } }, 'lambdaFunctionAggregation': { 'resourceId': 'string', 'functionName': 'string', 'runtime': 'string', 'lambdaTags': { 'string': 'string' }, 'accountId': 'string', 'severityCounts': { 'all': 123, 'medium': 123, 'high': 123, 'critical': 123 }, 'lastModifiedAt': datetime(2015, 1, 1) }, 'codeRepositoryAggregation': { 'projectNames': 'string', 'providerType': 'string', 'severityCounts': { 'all': 123, 'medium': 123, 'high': 123, 'critical': 123 }, 'exploitAvailableActiveFindingsCount': 123, 'fixAvailableActiveFindingsCount': 123, 'accountId': 'string', 'resourceId': 'string' } }, ], 'nextToken': 'string' } **Response Structure** * *(dict) --* * **aggregationType** *(string) --* The type of aggregation to perform. * **responses** *(list) --* Objects that contain the results of an aggregation operation. * *(dict) --* A structure that contains details about the results of an aggregation type. Note: This is a Tagged Union structure. Only one of the following top level keys will be set: "accountAggregation", "amiAggregation", "awsEcrContainerAggregation", "ec2InstanceAggregation", "findingTypeAggregation", "imageLayerAggregation", "packageAggregation", "repositoryAggregation", "titleAggregation", "lambdaLayerAggregation", "lambdaFunctionAggregation", "codeRepositoryAggregation". If a client receives an unknown member it will set "SDK_UNKNOWN_MEMBER" as the top level key, which maps to the name or tag of the unknown member. The structure of "SDK_UNKNOWN_MEMBER" is as follows: 'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'} * **accountAggregation** *(dict) --* An object that contains details about an aggregation response based on Amazon Web Services account IDs. * **accountId** *(string) --* The Amazon Web Services account ID. * **severityCounts** *(dict) --* The number of findings by severity. * **all** *(integer) --* The total count of findings from all severities. * **medium** *(integer) --* The total count of medium severity findings. * **high** *(integer) --* The total count of high severity findings. * **critical** *(integer) --* The total count of critical severity findings. * **exploitAvailableCount** *(integer) --* The number of findings that have an exploit available. * **fixAvailableCount** *(integer) --* Details about the number of fixes. * **amiAggregation** *(dict) --* An object that contains details about an aggregation response based on Amazon Machine Images (AMIs). * **ami** *(string) --* The ID of the AMI that findings were aggregated for. * **accountId** *(string) --* The Amazon Web Services account ID for the AMI. * **severityCounts** *(dict) --* An object that contains the count of matched findings per severity. * **all** *(integer) --* The total count of findings from all severities. * **medium** *(integer) --* The total count of medium severity findings. * **high** *(integer) --* The total count of high severity findings. * **critical** *(integer) --* The total count of critical severity findings. * **affectedInstances** *(integer) --* The IDs of Amazon EC2 instances using this AMI. * **awsEcrContainerAggregation** *(dict) --* An object that contains details about an aggregation response based on Amazon ECR container images. * **resourceId** *(string) --* The resource ID of the container. * **imageSha** *(string) --* The SHA value of the container image. * **repository** *(string) --* The container repository. * **architecture** *(string) --* The architecture of the container. * **imageTags** *(list) --* The container image stags. * *(string) --* * **accountId** *(string) --* The Amazon Web Services account ID of the account that owns the container. * **severityCounts** *(dict) --* The number of finding by severity. * **all** *(integer) --* The total count of findings from all severities. * **medium** *(integer) --* The total count of medium severity findings. * **high** *(integer) --* The total count of high severity findings. * **critical** *(integer) --* The total count of critical severity findings. * **lastInUseAt** *(datetime) --* The last time an Amazon ECR image was used in an Amazon ECS task or Amazon EKS pod. * **inUseCount** *(integer) --* The number of Amazon ECS tasks or Amazon EKS pods where the Amazon ECR container image is in use. * **ec2InstanceAggregation** *(dict) --* An object that contains details about an aggregation response based on Amazon EC2 instances. * **instanceId** *(string) --* The Amazon EC2 instance ID. * **ami** *(string) --* The Amazon Machine Image (AMI) of the Amazon EC2 instance. * **operatingSystem** *(string) --* The operating system of the Amazon EC2 instance. * **instanceTags** *(dict) --* The tags attached to the instance. * *(string) --* * *(string) --* * **accountId** *(string) --* The Amazon Web Services account for the Amazon EC2 instance. * **severityCounts** *(dict) --* An object that contains the count of matched findings per severity. * **all** *(integer) --* The total count of findings from all severities. * **medium** *(integer) --* The total count of medium severity findings. * **high** *(integer) --* The total count of high severity findings. * **critical** *(integer) --* The total count of critical severity findings. * **networkFindings** *(integer) --* The number of network findings for the Amazon EC2 instance. * **findingTypeAggregation** *(dict) --* An object that contains details about an aggregation response based on finding types. * **accountId** *(string) --* The ID of the Amazon Web Services account associated with the findings. * **severityCounts** *(dict) --* The value to sort results by. * **all** *(integer) --* The total count of findings from all severities. * **medium** *(integer) --* The total count of medium severity findings. * **high** *(integer) --* The total count of high severity findings. * **critical** *(integer) --* The total count of critical severity findings. * **exploitAvailableCount** *(integer) --* The number of findings that have an exploit available. * **fixAvailableCount** *(integer) --* Details about the number of fixes. * **imageLayerAggregation** *(dict) --* An object that contains details about an aggregation response based on container image layers. * **repository** *(string) --* The repository the layer resides in. * **resourceId** *(string) --* The resource ID of the container image layer. * **layerHash** *(string) --* The layer hash. * **accountId** *(string) --* The ID of the Amazon Web Services account that owns the container image hosting the layer image. * **severityCounts** *(dict) --* An object that represents the count of matched findings per severity. * **all** *(integer) --* The total count of findings from all severities. * **medium** *(integer) --* The total count of medium severity findings. * **high** *(integer) --* The total count of high severity findings. * **critical** *(integer) --* The total count of critical severity findings. * **packageAggregation** *(dict) --* An object that contains details about an aggregation response based on operating system package type. * **packageName** *(string) --* The name of the operating system package. * **accountId** *(string) --* The ID of the Amazon Web Services account associated with the findings. * **severityCounts** *(dict) --* An object that contains the count of matched findings per severity. * **all** *(integer) --* The total count of findings from all severities. * **medium** *(integer) --* The total count of medium severity findings. * **high** *(integer) --* The total count of high severity findings. * **critical** *(integer) --* The total count of critical severity findings. * **repositoryAggregation** *(dict) --* An object that contains details about an aggregation response based on Amazon ECR repositories. * **repository** *(string) --* The name of the repository associated with the findings. * **accountId** *(string) --* The ID of the Amazon Web Services account associated with the findings. * **severityCounts** *(dict) --* An object that represent the count of matched findings per severity. * **all** *(integer) --* The total count of findings from all severities. * **medium** *(integer) --* The total count of medium severity findings. * **high** *(integer) --* The total count of high severity findings. * **critical** *(integer) --* The total count of critical severity findings. * **affectedImages** *(integer) --* The number of container images impacted by the findings. * **titleAggregation** *(dict) --* An object that contains details about an aggregation response based on finding title. * **title** *(string) --* The title that the findings were aggregated on. * **vulnerabilityId** *(string) --* The vulnerability ID of the finding. * **accountId** *(string) --* The ID of the Amazon Web Services account associated with the findings. * **severityCounts** *(dict) --* An object that represent the count of matched findings per severity. * **all** *(integer) --* The total count of findings from all severities. * **medium** *(integer) --* The total count of medium severity findings. * **high** *(integer) --* The total count of high severity findings. * **critical** *(integer) --* The total count of critical severity findings. * **lambdaLayerAggregation** *(dict) --* An aggregation of findings by Amazon Web Services Lambda layer. * **functionName** *(string) --* The names of the Amazon Web Services Lambda functions associated with the layers. * **resourceId** *(string) --* The Resource ID of the Amazon Web Services Lambda function layer. * **layerArn** *(string) --* The Amazon Resource Name (ARN) of the Amazon Web Services Lambda function layer. * **accountId** *(string) --* The account ID of the Amazon Web Services Lambda function layer. * **severityCounts** *(dict) --* An object that contains the counts of aggregated finding per severity. * **all** *(integer) --* The total count of findings from all severities. * **medium** *(integer) --* The total count of medium severity findings. * **high** *(integer) --* The total count of high severity findings. * **critical** *(integer) --* The total count of critical severity findings. * **lambdaFunctionAggregation** *(dict) --* An aggregation of findings by Amazon Web Services Lambda function. * **resourceId** *(string) --* The resource IDs included in the aggregation results. * **functionName** *(string) --* The Amazon Web Services Lambda function names included in the aggregation results. * **runtime** *(string) --* The runtimes included in the aggregation results. * **lambdaTags** *(dict) --* The tags included in the aggregation results. * *(string) --* * *(string) --* * **accountId** *(string) --* The ID of the Amazon Web Services account that owns the Amazon Web Services Lambda function. * **severityCounts** *(dict) --* An object that contains the counts of aggregated finding per severity. * **all** *(integer) --* The total count of findings from all severities. * **medium** *(integer) --* The total count of medium severity findings. * **high** *(integer) --* The total count of high severity findings. * **critical** *(integer) --* The total count of critical severity findings. * **lastModifiedAt** *(datetime) --* The date that the Amazon Web Services Lambda function included in the aggregation results was last changed. * **codeRepositoryAggregation** *(dict) --* An object that contains details about an aggregation response based on code repositories. * **projectNames** *(string) --* The names of the projects associated with the code repository. * **providerType** *(string) --* The type of repository provider for the code repository. * **severityCounts** *(dict) --* An object that contains the counts of aggregated finding per severity. * **all** *(integer) --* The total count of findings from all severities. * **medium** *(integer) --* The total count of medium severity findings. * **high** *(integer) --* The total count of high severity findings. * **critical** *(integer) --* The total count of critical severity findings. * **exploitAvailableActiveFindingsCount** *(integer) --* The number of active findings that have an exploit available for the code repository. * **fixAvailableActiveFindingsCount** *(integer) --* The number of active findings that have a fix available for the code repository. * **accountId** *(string) --* The Amazon Web Services account ID associated with the code repository. * **resourceId** *(string) --* The resource ID of the code repository. * **nextToken** *(string) --* A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the "NextToken" value returned from the previous request to continue listing results after the first page. **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / update_filter update_filter ************* Inspector2.Client.update_filter(**kwargs) Specifies the action that is to be applied to the findings that match the filter. See also: AWS API Documentation **Request Syntax** response = client.update_filter( action='NONE'|'SUPPRESS', description='string', filterCriteria={ 'findingArn': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'awsAccountId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'findingType': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'severity': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'firstObservedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'lastObservedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'updatedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'findingStatus': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'title': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'inspectorScore': [ { 'upperInclusive': 123.0, 'lowerInclusive': 123.0 }, ], 'resourceType': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'resourceId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'resourceTags': [ { 'comparison': 'EQUALS', 'key': 'string', 'value': 'string' }, ], 'ec2InstanceImageId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ec2InstanceVpcId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ec2InstanceSubnetId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImagePushedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'ecrImageArchitecture': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageRegistry': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageRepositoryName': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageTags': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageHash': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageLastInUseAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'ecrImageInUseCount': [ { 'upperInclusive': 123.0, 'lowerInclusive': 123.0 }, ], 'portRange': [ { 'beginInclusive': 123, 'endInclusive': 123 }, ], 'networkProtocol': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'componentId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'componentType': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'vulnerabilityId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'vulnerabilitySource': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'vendorSeverity': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'vulnerablePackages': [ { 'name': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'version': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'epoch': { 'upperInclusive': 123.0, 'lowerInclusive': 123.0 }, 'release': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'architecture': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'sourceLayerHash': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'sourceLambdaLayerArn': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'filePath': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' } }, ], 'relatedVulnerabilities': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'fixAvailable': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionName': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionLayers': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionRuntime': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionLastModifiedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'lambdaFunctionExecutionRoleArn': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'exploitAvailable': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'codeVulnerabilityDetectorName': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'codeVulnerabilityDetectorTags': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'codeVulnerabilityFilePath': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'epssScore': [ { 'upperInclusive': 123.0, 'lowerInclusive': 123.0 }, ], 'codeRepositoryProjectName': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'codeRepositoryProviderType': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ] }, name='string', filterArn='string', reason='string' ) Parameters: * **action** (*string*) -- Specifies the action that is to be applied to the findings that match the filter. * **description** (*string*) -- A description of the filter. * **filterCriteria** (*dict*) -- Defines the criteria to be update in the filter. * **findingArn** *(list) --* Details on the finding ARNs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **awsAccountId** *(list) --* Details of the Amazon Web Services account IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **findingType** *(list) --* Details on the finding types used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **severity** *(list) --* Details on the severity used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **firstObservedAt** *(list) --* Details on the date and time a finding was first seen used to filter findings. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **lastObservedAt** *(list) --* Details on the date and time a finding was last seen used to filter findings. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **updatedAt** *(list) --* Details on the date and time a finding was last updated at used to filter findings. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **findingStatus** *(list) --* Details on the finding status types used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **title** *(list) --* Details on the finding title used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **inspectorScore** *(list) --* The Amazon Inspector score to filter on. * *(dict) --* An object that describes the details of a number filter. * **upperInclusive** *(float) --* The highest number to be included in the filter. * **lowerInclusive** *(float) --* The lowest number to be included in the filter. * **resourceType** *(list) --* Details on the resource types used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **resourceId** *(list) --* Details on the resource IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **resourceTags** *(list) --* Details on the resource tags used to filter findings. * *(dict) --* An object that describes details of a map filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **key** *(string) --* **[REQUIRED]** The tag key used in the filter. * **value** *(string) --* The tag value used in the filter. * **ec2InstanceImageId** *(list) --* Details of the Amazon EC2 instance image IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **ec2InstanceVpcId** *(list) --* Details of the Amazon EC2 instance VPC IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **ec2InstanceSubnetId** *(list) --* Details of the Amazon EC2 instance subnet IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **ecrImagePushedAt** *(list) --* Details on the Amazon ECR image push date and time used to filter findings. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **ecrImageArchitecture** *(list) --* Details of the Amazon ECR image architecture types used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **ecrImageRegistry** *(list) --* Details on the Amazon ECR registry used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **ecrImageRepositoryName** *(list) --* Details on the name of the Amazon ECR repository used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **ecrImageTags** *(list) --* The tags attached to the Amazon ECR container image. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **ecrImageHash** *(list) --* Details of the Amazon ECR image hashes used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **ecrImageLastInUseAt** *(list) --* Filter criteria indicating when an Amazon ECR image was last used in an Amazon ECS cluster task or Amazon EKS cluster pod. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **ecrImageInUseCount** *(list) --* Filter criteria indicating when details for an Amazon ECR image include when an Amazon ECR image is in use. * *(dict) --* An object that describes the details of a number filter. * **upperInclusive** *(float) --* The highest number to be included in the filter. * **lowerInclusive** *(float) --* The lowest number to be included in the filter. * **portRange** *(list) --* Details on the port ranges used to filter findings. * *(dict) --* An object that describes the details of a port range filter. * **beginInclusive** *(integer) --* The port number the port range begins at. * **endInclusive** *(integer) --* The port number the port range ends at. * **networkProtocol** *(list) --* Details on network protocol used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **componentId** *(list) --* Details of the component IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **componentType** *(list) --* Details of the component types used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **vulnerabilityId** *(list) --* Details on the vulnerability ID used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **vulnerabilitySource** *(list) --* Details on the vulnerability type used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **vendorSeverity** *(list) --* Details on the vendor severity used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **vulnerablePackages** *(list) --* Details on the vulnerable packages used to filter findings. * *(dict) --* Contains information on the details of a package filter. * **name** *(dict) --* An object that contains details on the name of the package to filter on. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **version** *(dict) --* The package version to filter on. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **epoch** *(dict) --* An object that contains details on the package epoch to filter on. * **upperInclusive** *(float) --* The highest number to be included in the filter. * **lowerInclusive** *(float) --* The lowest number to be included in the filter. * **release** *(dict) --* An object that contains details on the package release to filter on. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **architecture** *(dict) --* An object that contains details on the package architecture type to filter on. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **sourceLayerHash** *(dict) --* An object that contains details on the source layer hash to filter on. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **sourceLambdaLayerArn** *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **filePath** *(dict) --* An object that contains details on the package file path to filter on. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **relatedVulnerabilities** *(list) --* Details on the related vulnerabilities used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **fixAvailable** *(list) --* Details on whether a fix is available through a version update. This value can be "YES", "NO", or "PARTIAL". A "PARTIAL" fix means that some, but not all, of the packages identified in the finding have fixes available through updated versions. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **lambdaFunctionName** *(list) --* Filters the list of Amazon Web Services Lambda functions by the name of the function. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **lambdaFunctionLayers** *(list) --* Filters the list of Amazon Web Services Lambda functions by the function's layers. A Lambda function can have up to five layers. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **lambdaFunctionRuntime** *(list) --* Filters the list of Amazon Web Services Lambda functions by the runtime environment for the Lambda function. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **lambdaFunctionLastModifiedAt** *(list) --* Filters the list of Amazon Web Services Lambda functions by the date and time that a user last updated the configuration, in ISO 8601 format * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **lambdaFunctionExecutionRoleArn** *(list) --* Filters the list of Amazon Web Services Lambda functions by execution role. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **exploitAvailable** *(list) --* Filters the list of Amazon Web Services Lambda findings by the availability of exploits. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **codeVulnerabilityDetectorName** *(list) --* The name of the detector used to identify a code vulnerability in a Lambda function used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **codeVulnerabilityDetectorTags** *(list) --* The detector type tag associated with the vulnerability used to filter findings. Detector tags group related vulnerabilities by common themes or tactics. For a list of available tags by programming language, see Java tags, or Python tags. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **codeVulnerabilityFilePath** *(list) --* The file path to the file in a Lambda function that contains a code vulnerability used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **epssScore** *(list) --* The EPSS score used to filter findings. * *(dict) --* An object that describes the details of a number filter. * **upperInclusive** *(float) --* The highest number to be included in the filter. * **lowerInclusive** *(float) --* The lowest number to be included in the filter. * **codeRepositoryProjectName** *(list) --* Filter criteria for findings based on the project name in a code repository. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **codeRepositoryProviderType** *(list) --* Filter criteria for findings based on the repository provider type (such as GitHub, GitLab, etc.). * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **name** (*string*) -- The name of the filter. * **filterArn** (*string*) -- **[REQUIRED]** The Amazon Resource Number (ARN) of the filter to update. * **reason** (*string*) -- The reason the filter was updated. Return type: dict Returns: **Response Syntax** { 'arn': 'string' } **Response Structure** * *(dict) --* * **arn** *(string) --* The Amazon Resource Number (ARN) of the successfully updated filter. **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ResourceNotFoundException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / get_code_security_scan_configuration get_code_security_scan_configuration ************************************ Inspector2.Client.get_code_security_scan_configuration(**kwargs) Retrieves information about a code security scan configuration. See also: AWS API Documentation **Request Syntax** response = client.get_code_security_scan_configuration( scanConfigurationArn='string' ) Parameters: **scanConfigurationArn** (*string*) -- **[REQUIRED]** The Amazon Resource Name (ARN) of the scan configuration to retrieve. Return type: dict Returns: **Response Syntax** { 'scanConfigurationArn': 'string', 'name': 'string', 'configuration': { 'periodicScanConfiguration': { 'frequency': 'WEEKLY'|'MONTHLY'|'NEVER', 'frequencyExpression': 'string' }, 'continuousIntegrationScanConfiguration': { 'supportedEvents': [ 'PULL_REQUEST'|'PUSH', ] }, 'ruleSetCategories': [ 'SAST'|'IAC'|'SCA', ] }, 'level': 'ORGANIZATION'|'ACCOUNT', 'scopeSettings': { 'projectSelectionScope': 'ALL' }, 'createdAt': datetime(2015, 1, 1), 'lastUpdatedAt': datetime(2015, 1, 1), 'tags': { 'string': 'string' } } **Response Structure** * *(dict) --* * **scanConfigurationArn** *(string) --* The Amazon Resource Name (ARN) of the scan configuration. * **name** *(string) --* The name of the scan configuration. * **configuration** *(dict) --* The configuration settings for the code security scan. * **periodicScanConfiguration** *(dict) --* Configuration settings for periodic scans that run on a scheduled basis. * **frequency** *(string) --* The frequency at which periodic scans are performed (such as weekly or monthly). If you don't provide the "frequencyExpression" Amazon Inspector chooses day for the scan to run. If you provide the "frequencyExpression", the schedule must match the specified "frequency". * **frequencyExpression** *(string) --* The schedule expression for periodic scans, in cron format. * **continuousIntegrationScanConfiguration** *(dict) --* Configuration settings for continuous integration scans that run automatically when code changes are made. * **supportedEvents** *(list) --* The repository events that trigger continuous integration scans, such as pull requests or commits. * *(string) --* * **ruleSetCategories** *(list) --* The categories of security rules to be applied during the scan. * *(string) --* * **level** *(string) --* The security level for the scan configuration. * **scopeSettings** *(dict) --* The scope settings that define which repositories will be scanned. If the "ScopeSetting" parameter is "ALL" the scan configuration applies to all existing and future projects imported into Amazon Inspector. * **projectSelectionScope** *(string) --* The scope of projects to be selected for scanning within the integrated repositories. Setting the value to "ALL" applies the scope settings to all existing and future projects imported into Amazon Inspector. * **createdAt** *(datetime) --* The timestamp when the scan configuration was created. * **lastUpdatedAt** *(datetime) --* The timestamp when the scan configuration was last updated. * **tags** *(dict) --* The tags associated with the scan configuration. * *(string) --* * *(string) --* **Exceptions** * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.ResourceNotFoundException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / update_ec2_deep_inspection_configuration update_ec2_deep_inspection_configuration **************************************** Inspector2.Client.update_ec2_deep_inspection_configuration(**kwargs) Activates, deactivates Amazon Inspector deep inspection, or updates custom paths for your account. See also: AWS API Documentation **Request Syntax** response = client.update_ec2_deep_inspection_configuration( activateDeepInspection=True|False, packagePaths=[ 'string', ] ) Parameters: * **activateDeepInspection** (*boolean*) -- Specify "TRUE" to activate Amazon Inspector deep inspection in your account, or "FALSE" to deactivate. Member accounts in an organization cannot deactivate deep inspection, instead the delegated administrator for the organization can deactivate a member account using BatchUpdateMemberEc2DeepInspectionStatus. * **packagePaths** (*list*) -- The Amazon Inspector deep inspection custom paths you are adding for your account. * *(string) --* Return type: dict Returns: **Response Syntax** { 'packagePaths': [ 'string', ], 'orgPackagePaths': [ 'string', ], 'status': 'ACTIVATED'|'DEACTIVATED'|'PENDING'|'FAILED', 'errorMessage': 'string' } **Response Structure** * *(dict) --* * **packagePaths** *(list) --* The current Amazon Inspector deep inspection custom paths for your account. * *(string) --* * **orgPackagePaths** *(list) --* The current Amazon Inspector deep inspection custom paths for the organization. * *(string) --* * **status** *(string) --* The status of Amazon Inspector deep inspection in your account. * **errorMessage** *(string) --* An error message explaining why new Amazon Inspector deep inspection custom paths could not be added. **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / enable_delegated_admin_account enable_delegated_admin_account ****************************** Inspector2.Client.enable_delegated_admin_account(**kwargs) Enables the Amazon Inspector delegated administrator for your Organizations organization. See also: AWS API Documentation **Request Syntax** response = client.enable_delegated_admin_account( delegatedAdminAccountId='string', clientToken='string' ) Parameters: * **delegatedAdminAccountId** (*string*) -- **[REQUIRED]** The Amazon Web Services account ID of the Amazon Inspector delegated administrator. * **clientToken** (*string*) -- The idempotency token for the request. This field is autopopulated if not provided. Return type: dict Returns: **Response Syntax** { 'delegatedAdminAccountId': 'string' } **Response Structure** * *(dict) --* * **delegatedAdminAccountId** *(string) --* The Amazon Web Services account ID of the successfully Amazon Inspector delegated administrator. **Exceptions** * "Inspector2.Client.exceptions.ConflictException" * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ResourceNotFoundException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / update_code_security_scan_configuration update_code_security_scan_configuration *************************************** Inspector2.Client.update_code_security_scan_configuration(**kwargs) Updates an existing code security scan configuration. See also: AWS API Documentation **Request Syntax** response = client.update_code_security_scan_configuration( scanConfigurationArn='string', configuration={ 'periodicScanConfiguration': { 'frequency': 'WEEKLY'|'MONTHLY'|'NEVER', 'frequencyExpression': 'string' }, 'continuousIntegrationScanConfiguration': { 'supportedEvents': [ 'PULL_REQUEST'|'PUSH', ] }, 'ruleSetCategories': [ 'SAST'|'IAC'|'SCA', ] } ) Parameters: * **scanConfigurationArn** (*string*) -- **[REQUIRED]** The Amazon Resource Name (ARN) of the scan configuration to update. * **configuration** (*dict*) -- **[REQUIRED]** The updated configuration settings for the code security scan. * **periodicScanConfiguration** *(dict) --* Configuration settings for periodic scans that run on a scheduled basis. * **frequency** *(string) --* The frequency at which periodic scans are performed (such as weekly or monthly). If you don't provide the "frequencyExpression" Amazon Inspector chooses day for the scan to run. If you provide the "frequencyExpression", the schedule must match the specified "frequency". * **frequencyExpression** *(string) --* The schedule expression for periodic scans, in cron format. * **continuousIntegrationScanConfiguration** *(dict) --* Configuration settings for continuous integration scans that run automatically when code changes are made. * **supportedEvents** *(list) --* **[REQUIRED]** The repository events that trigger continuous integration scans, such as pull requests or commits. * *(string) --* * **ruleSetCategories** *(list) --* **[REQUIRED]** The categories of security rules to be applied during the scan. * *(string) --* Return type: dict Returns: **Response Syntax** { 'scanConfigurationArn': 'string' } **Response Structure** * *(dict) --* * **scanConfigurationArn** *(string) --* The Amazon Resource Name (ARN) of the updated scan configuration. **Exceptions** * "Inspector2.Client.exceptions.ConflictException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.ResourceNotFoundException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / list_code_security_scan_configuration_associations list_code_security_scan_configuration_associations ************************************************** Inspector2.Client.list_code_security_scan_configuration_associations(**kwargs) Lists the associations between code repositories and Amazon Inspector code security scan configurations. See also: AWS API Documentation **Request Syntax** response = client.list_code_security_scan_configuration_associations( scanConfigurationArn='string', nextToken='string', maxResults=123 ) Parameters: * **scanConfigurationArn** (*string*) -- **[REQUIRED]** The Amazon Resource Name (ARN) of the scan configuration to list associations for. * **nextToken** (*string*) -- A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the "NextToken" value returned from the previous request to continue listing results after the first page. * **maxResults** (*integer*) -- The maximum number of results to return in the response. If your request would return more than the maximum the response will return a "nextToken" value, use this value when you call the action again to get the remaining results. Return type: dict Returns: **Response Syntax** { 'associations': [ { 'resource': { 'projectId': 'string' } }, ], 'nextToken': 'string' } **Response Structure** * *(dict) --* * **associations** *(list) --* A list of associations between code repositories and scan configurations. * *(dict) --* A summary of an association between a code repository and a scan configuration. * **resource** *(dict) --* Identifies a specific resource in a code repository that will be scanned. Note: This is a Tagged Union structure. Only one of the following top level keys will be set: "projectId". If a client receives an unknown member it will set "SDK_UNKNOWN_MEMBER" as the top level key, which maps to the name or tag of the unknown member. The structure of "SDK_UNKNOWN_MEMBER" is as follows: 'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'} * **projectId** *(string) --* The unique identifier of the project in the code repository. * **nextToken** *(string) --* A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the "NextToken" value returned from the previous request to continue listing results after the first page. **Exceptions** * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.ResourceNotFoundException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / get_ec2_deep_inspection_configuration get_ec2_deep_inspection_configuration ************************************* Inspector2.Client.get_ec2_deep_inspection_configuration() Retrieves the activation status of Amazon Inspector deep inspection and custom paths associated with your account. See also: AWS API Documentation **Request Syntax** response = client.get_ec2_deep_inspection_configuration() Return type: dict Returns: **Response Syntax** { 'packagePaths': [ 'string', ], 'orgPackagePaths': [ 'string', ], 'status': 'ACTIVATED'|'DEACTIVATED'|'PENDING'|'FAILED', 'errorMessage': 'string' } **Response Structure** * *(dict) --* * **packagePaths** *(list) --* The Amazon Inspector deep inspection custom paths for your account. * *(string) --* * **orgPackagePaths** *(list) --* The Amazon Inspector deep inspection custom paths for your organization. * *(string) --* * **status** *(string) --* The activation status of Amazon Inspector deep inspection in your account. * **errorMessage** *(string) --* An error message explaining why Amazon Inspector deep inspection configurations could not be retrieved for your account. **Exceptions** * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ResourceNotFoundException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / send_cis_session_telemetry send_cis_session_telemetry ************************** Inspector2.Client.send_cis_session_telemetry(**kwargs) Sends a CIS session telemetry. This API is used by the Amazon Inspector SSM plugin to communicate with the Amazon Inspector service. The Amazon Inspector SSM plugin calls this API to start a CIS scan session for the scan ID supplied by the service. See also: AWS API Documentation **Request Syntax** response = client.send_cis_session_telemetry( scanJobId='string', sessionToken='string', messages=[ { 'ruleId': 'string', 'status': 'FAILED'|'PASSED'|'NOT_EVALUATED'|'INFORMATIONAL'|'UNKNOWN'|'NOT_APPLICABLE'|'ERROR', 'cisRuleDetails': b'bytes' }, ] ) Parameters: * **scanJobId** (*string*) -- **[REQUIRED]** A unique identifier for the scan job. * **sessionToken** (*string*) -- **[REQUIRED]** The unique token that identifies the CIS session. * **messages** (*list*) -- **[REQUIRED]** The CIS session telemetry messages. * *(dict) --* The CIS session message. * **ruleId** *(string) --* **[REQUIRED]** The rule ID for the CIS session message. * **status** *(string) --* **[REQUIRED]** The status of the CIS session message. * **cisRuleDetails** *(bytes) --* **[REQUIRED]** The CIS rule details for the CIS session message. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "Inspector2.Client.exceptions.ConflictException" * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / cancel_findings_report cancel_findings_report ********************** Inspector2.Client.cancel_findings_report(**kwargs) Cancels the given findings report. See also: AWS API Documentation **Request Syntax** response = client.cancel_findings_report( reportId='string' ) Parameters: **reportId** (*string*) -- **[REQUIRED]** The ID of the report to be canceled. Return type: dict Returns: **Response Syntax** { 'reportId': 'string' } **Response Structure** * *(dict) --* * **reportId** *(string) --* The ID of the canceled report. **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ResourceNotFoundException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / batch_get_code_snippet batch_get_code_snippet ********************** Inspector2.Client.batch_get_code_snippet(**kwargs) Retrieves code snippets from findings that Amazon Inspector detected code vulnerabilities in. See also: AWS API Documentation **Request Syntax** response = client.batch_get_code_snippet( findingArns=[ 'string', ] ) Parameters: **findingArns** (*list*) -- **[REQUIRED]** An array of finding ARNs for the findings you want to retrieve code snippets from. * *(string) --* Return type: dict Returns: **Response Syntax** { 'codeSnippetResults': [ { 'findingArn': 'string', 'startLine': 123, 'endLine': 123, 'codeSnippet': [ { 'content': 'string', 'lineNumber': 123 }, ], 'suggestedFixes': [ { 'description': 'string', 'code': 'string' }, ] }, ], 'errors': [ { 'findingArn': 'string', 'errorCode': 'INTERNAL_ERROR'|'ACCESS_DENIED'|'CODE_SNIPPET_NOT_FOUND'|'INVALID_INPUT', 'errorMessage': 'string' }, ] } **Response Structure** * *(dict) --* * **codeSnippetResults** *(list) --* The retrieved code snippets associated with the provided finding ARNs. * *(dict) --* Contains information on a code snippet retrieved by Amazon Inspector from a code vulnerability finding. * **findingArn** *(string) --* The ARN of a finding that the code snippet is associated with. * **startLine** *(integer) --* The line number of the first line of a code snippet. * **endLine** *(integer) --* The line number of the last line of a code snippet. * **codeSnippet** *(list) --* Contains information on the retrieved code snippet. * *(dict) --* Contains information on the lines of code associated with a code snippet. * **content** *(string) --* The content of a line of code * **lineNumber** *(integer) --* The line number that a section of code is located at. * **suggestedFixes** *(list) --* Details of a suggested code fix. * *(dict) --* A suggested fix for a vulnerability in your Lambda function code. * **description** *(string) --* The fix's description. * **code** *(string) --* The fix's code. * **errors** *(list) --* Any errors Amazon Inspector encountered while trying to retrieve the requested code snippets. * *(dict) --* Contains information about any errors encountered while trying to retrieve a code snippet. * **findingArn** *(string) --* The ARN of the finding that a code snippet couldn't be retrieved for. * **errorCode** *(string) --* The error code for the error that prevented a code snippet from being retrieved. * **errorMessage** *(string) --* The error message received when Amazon Inspector failed to retrieve a code snippet. **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / list_findings list_findings ************* Inspector2.Client.list_findings(**kwargs) Lists findings for your environment. See also: AWS API Documentation **Request Syntax** response = client.list_findings( maxResults=123, nextToken='string', filterCriteria={ 'findingArn': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'awsAccountId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'findingType': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'severity': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'firstObservedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'lastObservedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'updatedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'findingStatus': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'title': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'inspectorScore': [ { 'upperInclusive': 123.0, 'lowerInclusive': 123.0 }, ], 'resourceType': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'resourceId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'resourceTags': [ { 'comparison': 'EQUALS', 'key': 'string', 'value': 'string' }, ], 'ec2InstanceImageId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ec2InstanceVpcId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ec2InstanceSubnetId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImagePushedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'ecrImageArchitecture': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageRegistry': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageRepositoryName': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageTags': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageHash': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageLastInUseAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'ecrImageInUseCount': [ { 'upperInclusive': 123.0, 'lowerInclusive': 123.0 }, ], 'portRange': [ { 'beginInclusive': 123, 'endInclusive': 123 }, ], 'networkProtocol': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'componentId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'componentType': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'vulnerabilityId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'vulnerabilitySource': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'vendorSeverity': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'vulnerablePackages': [ { 'name': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'version': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'epoch': { 'upperInclusive': 123.0, 'lowerInclusive': 123.0 }, 'release': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'architecture': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'sourceLayerHash': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'sourceLambdaLayerArn': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'filePath': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' } }, ], 'relatedVulnerabilities': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'fixAvailable': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionName': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionLayers': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionRuntime': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionLastModifiedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'lambdaFunctionExecutionRoleArn': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'exploitAvailable': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'codeVulnerabilityDetectorName': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'codeVulnerabilityDetectorTags': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'codeVulnerabilityFilePath': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'epssScore': [ { 'upperInclusive': 123.0, 'lowerInclusive': 123.0 }, ], 'codeRepositoryProjectName': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'codeRepositoryProviderType': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ] }, sortCriteria={ 'field': 'AWS_ACCOUNT_ID'|'FINDING_TYPE'|'SEVERITY'|'FIRST_OBSERVED_AT'|'LAST_OBSERVED_AT'|'FINDING_STATUS'|'RESOURCE_TYPE'|'ECR_IMAGE_PUSHED_AT'|'ECR_IMAGE_REPOSITORY_NAME'|'ECR_IMAGE_REGISTRY'|'NETWORK_PROTOCOL'|'COMPONENT_TYPE'|'VULNERABILITY_ID'|'VULNERABILITY_SOURCE'|'INSPECTOR_SCORE'|'VENDOR_SEVERITY'|'EPSS_SCORE', 'sortOrder': 'ASC'|'DESC' } ) Parameters: * **maxResults** (*integer*) -- The maximum number of results the response can return. If your request would return more than the maximum the response will return a "nextToken" value, use this value when you call the action again to get the remaining results. * **nextToken** (*string*) -- A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. If your response returns more than the "maxResults" maximum value it will also return a "nextToken" value. For subsequent calls, use the "nextToken" value returned from the previous request to continue listing results after the first page. * **filterCriteria** (*dict*) -- Details on the filters to apply to your finding results. * **findingArn** *(list) --* Details on the finding ARNs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **awsAccountId** *(list) --* Details of the Amazon Web Services account IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **findingType** *(list) --* Details on the finding types used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **severity** *(list) --* Details on the severity used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **firstObservedAt** *(list) --* Details on the date and time a finding was first seen used to filter findings. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **lastObservedAt** *(list) --* Details on the date and time a finding was last seen used to filter findings. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **updatedAt** *(list) --* Details on the date and time a finding was last updated at used to filter findings. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **findingStatus** *(list) --* Details on the finding status types used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **title** *(list) --* Details on the finding title used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **inspectorScore** *(list) --* The Amazon Inspector score to filter on. * *(dict) --* An object that describes the details of a number filter. * **upperInclusive** *(float) --* The highest number to be included in the filter. * **lowerInclusive** *(float) --* The lowest number to be included in the filter. * **resourceType** *(list) --* Details on the resource types used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **resourceId** *(list) --* Details on the resource IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **resourceTags** *(list) --* Details on the resource tags used to filter findings. * *(dict) --* An object that describes details of a map filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **key** *(string) --* **[REQUIRED]** The tag key used in the filter. * **value** *(string) --* The tag value used in the filter. * **ec2InstanceImageId** *(list) --* Details of the Amazon EC2 instance image IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **ec2InstanceVpcId** *(list) --* Details of the Amazon EC2 instance VPC IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **ec2InstanceSubnetId** *(list) --* Details of the Amazon EC2 instance subnet IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **ecrImagePushedAt** *(list) --* Details on the Amazon ECR image push date and time used to filter findings. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **ecrImageArchitecture** *(list) --* Details of the Amazon ECR image architecture types used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **ecrImageRegistry** *(list) --* Details on the Amazon ECR registry used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **ecrImageRepositoryName** *(list) --* Details on the name of the Amazon ECR repository used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **ecrImageTags** *(list) --* The tags attached to the Amazon ECR container image. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **ecrImageHash** *(list) --* Details of the Amazon ECR image hashes used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **ecrImageLastInUseAt** *(list) --* Filter criteria indicating when an Amazon ECR image was last used in an Amazon ECS cluster task or Amazon EKS cluster pod. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **ecrImageInUseCount** *(list) --* Filter criteria indicating when details for an Amazon ECR image include when an Amazon ECR image is in use. * *(dict) --* An object that describes the details of a number filter. * **upperInclusive** *(float) --* The highest number to be included in the filter. * **lowerInclusive** *(float) --* The lowest number to be included in the filter. * **portRange** *(list) --* Details on the port ranges used to filter findings. * *(dict) --* An object that describes the details of a port range filter. * **beginInclusive** *(integer) --* The port number the port range begins at. * **endInclusive** *(integer) --* The port number the port range ends at. * **networkProtocol** *(list) --* Details on network protocol used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **componentId** *(list) --* Details of the component IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **componentType** *(list) --* Details of the component types used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **vulnerabilityId** *(list) --* Details on the vulnerability ID used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **vulnerabilitySource** *(list) --* Details on the vulnerability type used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **vendorSeverity** *(list) --* Details on the vendor severity used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **vulnerablePackages** *(list) --* Details on the vulnerable packages used to filter findings. * *(dict) --* Contains information on the details of a package filter. * **name** *(dict) --* An object that contains details on the name of the package to filter on. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **version** *(dict) --* The package version to filter on. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **epoch** *(dict) --* An object that contains details on the package epoch to filter on. * **upperInclusive** *(float) --* The highest number to be included in the filter. * **lowerInclusive** *(float) --* The lowest number to be included in the filter. * **release** *(dict) --* An object that contains details on the package release to filter on. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **architecture** *(dict) --* An object that contains details on the package architecture type to filter on. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **sourceLayerHash** *(dict) --* An object that contains details on the source layer hash to filter on. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **sourceLambdaLayerArn** *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **filePath** *(dict) --* An object that contains details on the package file path to filter on. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **relatedVulnerabilities** *(list) --* Details on the related vulnerabilities used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **fixAvailable** *(list) --* Details on whether a fix is available through a version update. This value can be "YES", "NO", or "PARTIAL". A "PARTIAL" fix means that some, but not all, of the packages identified in the finding have fixes available through updated versions. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **lambdaFunctionName** *(list) --* Filters the list of Amazon Web Services Lambda functions by the name of the function. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **lambdaFunctionLayers** *(list) --* Filters the list of Amazon Web Services Lambda functions by the function's layers. A Lambda function can have up to five layers. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **lambdaFunctionRuntime** *(list) --* Filters the list of Amazon Web Services Lambda functions by the runtime environment for the Lambda function. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **lambdaFunctionLastModifiedAt** *(list) --* Filters the list of Amazon Web Services Lambda functions by the date and time that a user last updated the configuration, in ISO 8601 format * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **lambdaFunctionExecutionRoleArn** *(list) --* Filters the list of Amazon Web Services Lambda functions by execution role. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **exploitAvailable** *(list) --* Filters the list of Amazon Web Services Lambda findings by the availability of exploits. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **codeVulnerabilityDetectorName** *(list) --* The name of the detector used to identify a code vulnerability in a Lambda function used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **codeVulnerabilityDetectorTags** *(list) --* The detector type tag associated with the vulnerability used to filter findings. Detector tags group related vulnerabilities by common themes or tactics. For a list of available tags by programming language, see Java tags, or Python tags. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **codeVulnerabilityFilePath** *(list) --* The file path to the file in a Lambda function that contains a code vulnerability used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **epssScore** *(list) --* The EPSS score used to filter findings. * *(dict) --* An object that describes the details of a number filter. * **upperInclusive** *(float) --* The highest number to be included in the filter. * **lowerInclusive** *(float) --* The lowest number to be included in the filter. * **codeRepositoryProjectName** *(list) --* Filter criteria for findings based on the project name in a code repository. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **codeRepositoryProviderType** *(list) --* Filter criteria for findings based on the repository provider type (such as GitHub, GitLab, etc.). * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **sortCriteria** (*dict*) -- Details on the sort criteria to apply to your finding results. * **field** *(string) --* **[REQUIRED]** The finding detail field by which results are sorted. * **sortOrder** *(string) --* **[REQUIRED]** The order by which findings are sorted. Return type: dict Returns: **Response Syntax** { 'nextToken': 'string', 'findings': [ { 'findingArn': 'string', 'awsAccountId': 'string', 'type': 'NETWORK_REACHABILITY'|'PACKAGE_VULNERABILITY'|'CODE_VULNERABILITY', 'description': 'string', 'title': 'string', 'remediation': { 'recommendation': { 'text': 'string', 'Url': 'string' } }, 'severity': 'INFORMATIONAL'|'LOW'|'MEDIUM'|'HIGH'|'CRITICAL'|'UNTRIAGED', 'firstObservedAt': datetime(2015, 1, 1), 'lastObservedAt': datetime(2015, 1, 1), 'updatedAt': datetime(2015, 1, 1), 'status': 'ACTIVE'|'SUPPRESSED'|'CLOSED', 'resources': [ { 'type': 'AWS_EC2_INSTANCE'|'AWS_ECR_CONTAINER_IMAGE'|'AWS_ECR_REPOSITORY'|'AWS_LAMBDA_FUNCTION'|'CODE_REPOSITORY', 'id': 'string', 'partition': 'string', 'region': 'string', 'tags': { 'string': 'string' }, 'details': { 'awsEc2Instance': { 'type': 'string', 'imageId': 'string', 'ipV4Addresses': [ 'string', ], 'ipV6Addresses': [ 'string', ], 'keyName': 'string', 'iamInstanceProfileArn': 'string', 'vpcId': 'string', 'subnetId': 'string', 'launchedAt': datetime(2015, 1, 1), 'platform': 'string' }, 'awsEcrContainerImage': { 'repositoryName': 'string', 'imageTags': [ 'string', ], 'pushedAt': datetime(2015, 1, 1), 'author': 'string', 'architecture': 'string', 'imageHash': 'string', 'registry': 'string', 'platform': 'string', 'lastInUseAt': datetime(2015, 1, 1), 'inUseCount': 123 }, 'awsLambdaFunction': { 'functionName': 'string', 'runtime': 'NODEJS'|'NODEJS_12_X'|'NODEJS_14_X'|'NODEJS_16_X'|'JAVA_8'|'JAVA_8_AL2'|'JAVA_11'|'PYTHON_3_7'|'PYTHON_3_8'|'PYTHON_3_9'|'UNSUPPORTED'|'NODEJS_18_X'|'GO_1_X'|'JAVA_17'|'PYTHON_3_10'|'PYTHON_3_11'|'DOTNETCORE_3_1'|'DOTNET_6'|'DOTNET_7'|'RUBY_2_7'|'RUBY_3_2', 'codeSha256': 'string', 'version': 'string', 'executionRoleArn': 'string', 'layers': [ 'string', ], 'vpcConfig': { 'subnetIds': [ 'string', ], 'securityGroupIds': [ 'string', ], 'vpcId': 'string' }, 'packageType': 'IMAGE'|'ZIP', 'architectures': [ 'X86_64'|'ARM64', ], 'lastModifiedAt': datetime(2015, 1, 1) }, 'codeRepository': { 'projectName': 'string', 'integrationArn': 'string', 'providerType': 'GITHUB'|'GITLAB_SELF_MANAGED' } } }, ], 'inspectorScore': 123.0, 'inspectorScoreDetails': { 'adjustedCvss': { 'scoreSource': 'string', 'cvssSource': 'string', 'version': 'string', 'score': 123.0, 'scoringVector': 'string', 'adjustments': [ { 'metric': 'string', 'reason': 'string' }, ] } }, 'networkReachabilityDetails': { 'openPortRange': { 'begin': 123, 'end': 123 }, 'protocol': 'TCP'|'UDP', 'networkPath': { 'steps': [ { 'componentId': 'string', 'componentType': 'string', 'componentArn': 'string' }, ] } }, 'packageVulnerabilityDetails': { 'vulnerabilityId': 'string', 'vulnerablePackages': [ { 'name': 'string', 'version': 'string', 'sourceLayerHash': 'string', 'epoch': 123, 'release': 'string', 'arch': 'string', 'packageManager': 'BUNDLER'|'CARGO'|'COMPOSER'|'NPM'|'NUGET'|'PIPENV'|'POETRY'|'YARN'|'GOBINARY'|'GOMOD'|'JAR'|'OS'|'PIP'|'PYTHONPKG'|'NODEPKG'|'POM'|'GEMSPEC'|'DOTNET_CORE', 'filePath': 'string', 'fixedInVersion': 'string', 'remediation': 'string', 'sourceLambdaLayerArn': 'string' }, ], 'source': 'string', 'cvss': [ { 'baseScore': 123.0, 'scoringVector': 'string', 'version': 'string', 'source': 'string' }, ], 'relatedVulnerabilities': [ 'string', ], 'sourceUrl': 'string', 'vendorSeverity': 'string', 'vendorCreatedAt': datetime(2015, 1, 1), 'vendorUpdatedAt': datetime(2015, 1, 1), 'referenceUrls': [ 'string', ] }, 'fixAvailable': 'YES'|'NO'|'PARTIAL', 'exploitAvailable': 'YES'|'NO', 'exploitabilityDetails': { 'lastKnownExploitAt': datetime(2015, 1, 1) }, 'codeVulnerabilityDetails': { 'filePath': { 'fileName': 'string', 'filePath': 'string', 'startLine': 123, 'endLine': 123 }, 'detectorTags': [ 'string', ], 'referenceUrls': [ 'string', ], 'ruleId': 'string', 'sourceLambdaLayerArn': 'string', 'detectorId': 'string', 'detectorName': 'string', 'cwes': [ 'string', ] }, 'epss': { 'score': 123.0 } }, ] } **Response Structure** * *(dict) --* * **nextToken** *(string) --* A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the "NextToken" value returned from the previous request to continue listing results after the first page. * **findings** *(list) --* Contains details on the findings in your environment. * *(dict) --* Details about an Amazon Inspector finding. * **findingArn** *(string) --* The Amazon Resource Number (ARN) of the finding. * **awsAccountId** *(string) --* The Amazon Web Services account ID associated with the finding. * **type** *(string) --* The type of the finding. The "type" value determines the valid values for "resource" in your request. For more information, see Finding types in the Amazon Inspector user guide. * **description** *(string) --* The description of the finding. * **title** *(string) --* The title of the finding. * **remediation** *(dict) --* An object that contains the details about how to remediate a finding. * **recommendation** *(dict) --* An object that contains information about the recommended course of action to remediate the finding. * **text** *(string) --* The recommended course of action to remediate the finding. * **Url** *(string) --* The URL address to the CVE remediation recommendations. * **severity** *(string) --* The severity of the finding. "UNTRIAGED" applies to "PACKAGE_VULNERABILITY" type findings that the vendor has not assigned a severity yet. For more information, see Severity levels for findings in the Amazon Inspector user guide. * **firstObservedAt** *(datetime) --* The date and time that the finding was first observed. * **lastObservedAt** *(datetime) --* The date and time the finding was last observed. This timestamp for this field remains unchanged until a finding is updated. * **updatedAt** *(datetime) --* The date and time the finding was last updated at. * **status** *(string) --* The status of the finding. * **resources** *(list) --* Contains information on the resources involved in a finding. The "resource" value determines the valid values for "type" in your request. For more information, see Finding types in the Amazon Inspector user guide. * *(dict) --* Details about the resource involved in a finding. * **type** *(string) --* The type of resource. * **id** *(string) --* The ID of the resource. * **partition** *(string) --* The partition of the resource. * **region** *(string) --* The Amazon Web Services Region the impacted resource is located in. * **tags** *(dict) --* The tags attached to the resource. * *(string) --* * *(string) --* * **details** *(dict) --* An object that contains details about the resource involved in a finding. * **awsEc2Instance** *(dict) --* An object that contains details about the Amazon EC2 instance involved in the finding. * **type** *(string) --* The type of the Amazon EC2 instance. * **imageId** *(string) --* The image ID of the Amazon EC2 instance. * **ipV4Addresses** *(list) --* The IPv4 addresses of the Amazon EC2 instance. * *(string) --* * **ipV6Addresses** *(list) --* The IPv6 addresses of the Amazon EC2 instance. * *(string) --* * **keyName** *(string) --* The name of the key pair used to launch the Amazon EC2 instance. * **iamInstanceProfileArn** *(string) --* The IAM instance profile ARN of the Amazon EC2 instance. * **vpcId** *(string) --* The VPC ID of the Amazon EC2 instance. * **subnetId** *(string) --* The subnet ID of the Amazon EC2 instance. * **launchedAt** *(datetime) --* The date and time the Amazon EC2 instance was launched at. * **platform** *(string) --* The platform of the Amazon EC2 instance. * **awsEcrContainerImage** *(dict) --* An object that contains details about the Amazon ECR container image involved in the finding. * **repositoryName** *(string) --* The name of the repository the Amazon ECR container image resides in. * **imageTags** *(list) --* The image tags attached to the Amazon ECR container image. * *(string) --* * **pushedAt** *(datetime) --* The date and time the Amazon ECR container image was pushed. * **author** *(string) --* The image author of the Amazon ECR container image. * **architecture** *(string) --* The architecture of the Amazon ECR container image. * **imageHash** *(string) --* The image hash of the Amazon ECR container image. * **registry** *(string) --* The registry for the Amazon ECR container image. * **platform** *(string) --* The platform of the Amazon ECR container image. * **lastInUseAt** *(datetime) --* The last time an Amazon ECR image was used in an Amazon ECS task or Amazon EKS pod. * **inUseCount** *(integer) --* The number of Amazon ECS tasks or Amazon EKS pods where the Amazon ECR container image is in use. * **awsLambdaFunction** *(dict) --* A summary of the information about an Amazon Web Services Lambda function affected by a finding. * **functionName** *(string) --* The name of the Amazon Web Services Lambda function. * **runtime** *(string) --* The runtime environment for the Amazon Web Services Lambda function. * **codeSha256** *(string) --* The SHA256 hash of the Amazon Web Services Lambda function's deployment package. * **version** *(string) --* The version of the Amazon Web Services Lambda function. * **executionRoleArn** *(string) --* The Amazon Web Services Lambda function's execution role. * **layers** *(list) --* The Amazon Web Services Lambda function's layers. A Lambda function can have up to five layers. * *(string) --* * **vpcConfig** *(dict) --* The Amazon Web Services Lambda function's networking configuration. * **subnetIds** *(list) --* A list of VPC subnet IDs. * *(string) --* * **securityGroupIds** *(list) --* The VPC security groups and subnets that are attached to an Amazon Web Services Lambda function. For more information, see VPC Settings. * *(string) --* * **vpcId** *(string) --* The ID of the VPC. * **packageType** *(string) --* The type of deployment package. Set to "Image" for container image and set "Zip" for .zip file archive. * **architectures** *(list) --* The instruction set architecture that the Amazon Web Services Lambda function supports. Architecture is a string array with one of the valid values. The default architecture value is "x86_64". * *(string) --* * **lastModifiedAt** *(datetime) --* The date and time that a user last updated the configuration, in ISO 8601 format * **codeRepository** *(dict) --* Contains details about a code repository resource associated with a finding. * **projectName** *(string) --* The name of the project in the code repository. * **integrationArn** *(string) --* The Amazon Resource Name (ARN) of the code security integration associated with the repository. * **providerType** *(string) --* The type of repository provider (such as GitHub, GitLab, etc.). * **inspectorScore** *(float) --* The Amazon Inspector score given to the finding. * **inspectorScoreDetails** *(dict) --* An object that contains details of the Amazon Inspector score. * **adjustedCvss** *(dict) --* An object that contains details about the CVSS score given to a finding. * **scoreSource** *(string) --* The source for the CVSS score. * **cvssSource** *(string) --* The source of the CVSS data. * **version** *(string) --* The CVSS version used in scoring. * **score** *(float) --* The CVSS score. * **scoringVector** *(string) --* The vector for the CVSS score. * **adjustments** *(list) --* An object that contains details about adjustment Amazon Inspector made to the CVSS score. * *(dict) --* Details on adjustments Amazon Inspector made to the CVSS score for a finding. * **metric** *(string) --* The metric used to adjust the CVSS score. * **reason** *(string) --* The reason the CVSS score has been adjustment. * **networkReachabilityDetails** *(dict) --* An object that contains the details of a network reachability finding. * **openPortRange** *(dict) --* An object that contains details about the open port range associated with a finding. * **begin** *(integer) --* The beginning port in a port range. * **end** *(integer) --* The ending port in a port range. * **protocol** *(string) --* The protocol associated with a finding. * **networkPath** *(dict) --* An object that contains details about a network path associated with a finding. * **steps** *(list) --* The details on the steps in the network path. * *(dict) --* Details about the step associated with a finding. * **componentId** *(string) --* The component ID. * **componentType** *(string) --* The component type. * **componentArn** *(string) --* The component ARN. The ARN can be null and is not displayed in the Amazon Web Services console. * **packageVulnerabilityDetails** *(dict) --* An object that contains the details of a package vulnerability finding. * **vulnerabilityId** *(string) --* The ID given to this vulnerability. * **vulnerablePackages** *(list) --* The packages impacted by this vulnerability. * *(dict) --* Information on the vulnerable package identified by a finding. * **name** *(string) --* The name of the vulnerable package. * **version** *(string) --* The version of the vulnerable package. * **sourceLayerHash** *(string) --* The source layer hash of the vulnerable package. * **epoch** *(integer) --* The epoch of the vulnerable package. * **release** *(string) --* The release of the vulnerable package. * **arch** *(string) --* The architecture of the vulnerable package. * **packageManager** *(string) --* The package manager of the vulnerable package. * **filePath** *(string) --* The file path of the vulnerable package. * **fixedInVersion** *(string) --* The version of the package that contains the vulnerability fix. * **remediation** *(string) --* The code to run in your environment to update packages with a fix available. * **sourceLambdaLayerArn** *(string) --* The Amazon Resource Number (ARN) of the Amazon Web Services Lambda function affected by a finding. * **source** *(string) --* The source of the vulnerability information. * **cvss** *(list) --* An object that contains details about the CVSS score of a finding. * *(dict) --* The CVSS score for a finding. * **baseScore** *(float) --* The base CVSS score used for the finding. * **scoringVector** *(string) --* The vector string of the CVSS score. * **version** *(string) --* The version of CVSS used for the score. * **source** *(string) --* The source of the CVSS score. * **relatedVulnerabilities** *(list) --* One or more vulnerabilities related to the one identified in this finding. * *(string) --* * **sourceUrl** *(string) --* A URL to the source of the vulnerability information. * **vendorSeverity** *(string) --* The severity the vendor has given to this vulnerability type. * **vendorCreatedAt** *(datetime) --* The date and time that this vulnerability was first added to the vendor's database. * **vendorUpdatedAt** *(datetime) --* The date and time the vendor last updated this vulnerability in their database. * **referenceUrls** *(list) --* One or more URLs that contain details about this vulnerability type. * *(string) --* * **fixAvailable** *(string) --* Details on whether a fix is available through a version update. This value can be "YES", "NO", or "PARTIAL". A "PARTIAL" fix means that some, but not all, of the packages identified in the finding have fixes available through updated versions. * **exploitAvailable** *(string) --* If a finding discovered in your environment has an exploit available. * **exploitabilityDetails** *(dict) --* The details of an exploit available for a finding discovered in your environment. * **lastKnownExploitAt** *(datetime) --* The date and time of the last exploit associated with a finding discovered in your environment. * **codeVulnerabilityDetails** *(dict) --* Details about the code vulnerability identified in a Lambda function used to filter findings. * **filePath** *(dict) --* Contains information on where the code vulnerability is located in your code. * **fileName** *(string) --* The name of the file the code vulnerability was found in. * **filePath** *(string) --* The file path to the code that a vulnerability was found in. * **startLine** *(integer) --* The line number of the first line of code that a vulnerability was found in. * **endLine** *(integer) --* The line number of the last line of code that a vulnerability was found in. * **detectorTags** *(list) --* The detector tag associated with the vulnerability. Detector tags group related vulnerabilities by common themes or tactics. For a list of available tags by programming language, see Java tags, or Python tags. * *(string) --* * **referenceUrls** *(list) --* A URL containing supporting documentation about the code vulnerability detected. * *(string) --* * **ruleId** *(string) --* The identifier for a rule that was used to detect the code vulnerability. * **sourceLambdaLayerArn** *(string) --* The Amazon Resource Name (ARN) of the Lambda layer that the code vulnerability was detected in. * **detectorId** *(string) --* The ID for the Amazon CodeGuru detector associated with the finding. For more information on detectors see Amazon CodeGuru Detector Library. * **detectorName** *(string) --* The name of the detector used to identify the code vulnerability. For more information on detectors see CodeGuru Detector Library. * **cwes** *(list) --* The Common Weakness Enumeration (CWE) item associated with the detected vulnerability. * *(string) --* * **epss** *(dict) --* The finding's EPSS score. * **score** *(float) --* The EPSS score. **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / associate_member associate_member **************** Inspector2.Client.associate_member(**kwargs) Associates an Amazon Web Services account with an Amazon Inspector delegated administrator. An HTTP 200 response indicates the association was successfully started, but doesn’t indicate whether it was completed. You can check if the association completed by using ListMembers for multiple accounts or GetMembers for a single account. See also: AWS API Documentation **Request Syntax** response = client.associate_member( accountId='string' ) Parameters: **accountId** (*string*) -- **[REQUIRED]** The Amazon Web Services account ID of the member account to be associated. Return type: dict Returns: **Response Syntax** { 'accountId': 'string' } **Response Structure** * *(dict) --* * **accountId** *(string) --* The Amazon Web Services account ID of the successfully associated member account. **Exceptions** * "Inspector2.Client.exceptions.ServiceQuotaExceededException" * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / create_code_security_scan_configuration create_code_security_scan_configuration *************************************** Inspector2.Client.create_code_security_scan_configuration(**kwargs) Creates a scan configuration for code security scanning. See also: AWS API Documentation **Request Syntax** response = client.create_code_security_scan_configuration( name='string', level='ORGANIZATION'|'ACCOUNT', configuration={ 'periodicScanConfiguration': { 'frequency': 'WEEKLY'|'MONTHLY'|'NEVER', 'frequencyExpression': 'string' }, 'continuousIntegrationScanConfiguration': { 'supportedEvents': [ 'PULL_REQUEST'|'PUSH', ] }, 'ruleSetCategories': [ 'SAST'|'IAC'|'SCA', ] }, scopeSettings={ 'projectSelectionScope': 'ALL' }, tags={ 'string': 'string' } ) Parameters: * **name** (*string*) -- **[REQUIRED]** The name of the scan configuration. * **level** (*string*) -- **[REQUIRED]** The security level for the scan configuration. * **configuration** (*dict*) -- **[REQUIRED]** The configuration settings for the code security scan. * **periodicScanConfiguration** *(dict) --* Configuration settings for periodic scans that run on a scheduled basis. * **frequency** *(string) --* The frequency at which periodic scans are performed (such as weekly or monthly). If you don't provide the "frequencyExpression" Amazon Inspector chooses day for the scan to run. If you provide the "frequencyExpression", the schedule must match the specified "frequency". * **frequencyExpression** *(string) --* The schedule expression for periodic scans, in cron format. * **continuousIntegrationScanConfiguration** *(dict) --* Configuration settings for continuous integration scans that run automatically when code changes are made. * **supportedEvents** *(list) --* **[REQUIRED]** The repository events that trigger continuous integration scans, such as pull requests or commits. * *(string) --* * **ruleSetCategories** *(list) --* **[REQUIRED]** The categories of security rules to be applied during the scan. * *(string) --* * **scopeSettings** (*dict*) -- The scope settings that define which repositories will be scanned. Include this parameter to create a default scan configuration. Otherwise Amazon Inspector creates a general scan configuration. A default scan configuration automatically applies to all existing and future projects imported into Amazon Inspector. Use the "BatchAssociateCodeSecurityScanConfiguration" operation to associate a general scan configuration with projects. * **projectSelectionScope** *(string) --* The scope of projects to be selected for scanning within the integrated repositories. Setting the value to "ALL" applies the scope settings to all existing and future projects imported into Amazon Inspector. * **tags** (*dict*) -- The tags to apply to the scan configuration. * *(string) --* * *(string) --* Return type: dict Returns: **Response Syntax** { 'scanConfigurationArn': 'string' } **Response Structure** * *(dict) --* * **scanConfigurationArn** *(string) --* The Amazon Resource Name (ARN) of the created scan configuration. **Exceptions** * "Inspector2.Client.exceptions.ServiceQuotaExceededException" * "Inspector2.Client.exceptions.ConflictException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / tag_resource tag_resource ************ Inspector2.Client.tag_resource(**kwargs) Adds tags to a resource. See also: AWS API Documentation **Request Syntax** response = client.tag_resource( resourceArn='string', tags={ 'string': 'string' } ) Parameters: * **resourceArn** (*string*) -- **[REQUIRED]** The Amazon Resource Name (ARN) of the resource to apply a tag to. * **tags** (*dict*) -- **[REQUIRED]** The tags to be added to a resource. * *(string) --* * *(string) --* Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "Inspector2.Client.exceptions.BadRequestException" * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.ResourceNotFoundException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / list_code_security_integrations list_code_security_integrations ******************************* Inspector2.Client.list_code_security_integrations(**kwargs) Lists all code security integrations in your account. See also: AWS API Documentation **Request Syntax** response = client.list_code_security_integrations( nextToken='string', maxResults=123 ) Parameters: * **nextToken** (*string*) -- A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page. * **maxResults** (*integer*) -- The maximum number of results to return in a single call. Return type: dict Returns: **Response Syntax** { 'integrations': [ { 'integrationArn': 'string', 'name': 'string', 'type': 'GITLAB_SELF_MANAGED'|'GITHUB', 'status': 'PENDING'|'IN_PROGRESS'|'ACTIVE'|'INACTIVE'|'DISABLING', 'statusReason': 'string', 'createdOn': datetime(2015, 1, 1), 'lastUpdateOn': datetime(2015, 1, 1), 'tags': { 'string': 'string' } }, ], 'nextToken': 'string' } **Response Structure** * *(dict) --* * **integrations** *(list) --* A list of code security integration summaries. * *(dict) --* A summary of information about a code security integration. * **integrationArn** *(string) --* The Amazon Resource Name (ARN) of the code security integration. * **name** *(string) --* The name of the code security integration. * **type** *(string) --* The type of repository provider for the integration. * **status** *(string) --* The current status of the code security integration. * **statusReason** *(string) --* The reason for the current status of the code security integration. * **createdOn** *(datetime) --* The timestamp when the code security integration was created. * **lastUpdateOn** *(datetime) --* The timestamp when the code security integration was last updated. * **tags** *(dict) --* The tags associated with the code security integration. * *(string) --* * *(string) --* * **nextToken** *(string) --* A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page. **Exceptions** * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / delete_code_security_scan_configuration delete_code_security_scan_configuration *************************************** Inspector2.Client.delete_code_security_scan_configuration(**kwargs) Deletes a code security scan configuration. See also: AWS API Documentation **Request Syntax** response = client.delete_code_security_scan_configuration( scanConfigurationArn='string' ) Parameters: **scanConfigurationArn** (*string*) -- **[REQUIRED]** The Amazon Resource Name (ARN) of the scan configuration to delete. Return type: dict Returns: **Response Syntax** { 'scanConfigurationArn': 'string' } **Response Structure** * *(dict) --* * **scanConfigurationArn** *(string) --* The Amazon Resource Name (ARN) of the deleted scan configuration. **Exceptions** * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.ResourceNotFoundException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / list_code_security_scan_configurations list_code_security_scan_configurations ************************************** Inspector2.Client.list_code_security_scan_configurations(**kwargs) Lists all code security scan configurations in your account. See also: AWS API Documentation **Request Syntax** response = client.list_code_security_scan_configurations( nextToken='string', maxResults=123 ) Parameters: * **nextToken** (*string*) -- A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page. * **maxResults** (*integer*) -- The maximum number of results to return in a single call. Return type: dict Returns: **Response Syntax** { 'configurations': [ { 'scanConfigurationArn': 'string', 'name': 'string', 'ownerAccountId': 'string', 'periodicScanFrequency': 'WEEKLY'|'MONTHLY'|'NEVER', 'frequencyExpression': 'string', 'continuousIntegrationScanSupportedEvents': [ 'PULL_REQUEST'|'PUSH', ], 'ruleSetCategories': [ 'SAST'|'IAC'|'SCA', ], 'scopeSettings': { 'projectSelectionScope': 'ALL' }, 'tags': { 'string': 'string' } }, ], 'nextToken': 'string' } **Response Structure** * *(dict) --* * **configurations** *(list) --* A list of code security scan configuration summaries. * *(dict) --* A summary of information about a code security scan configuration. * **scanConfigurationArn** *(string) --* The Amazon Resource Name (ARN) of the scan configuration. * **name** *(string) --* The name of the scan configuration. * **ownerAccountId** *(string) --* The Amazon Web Services account ID that owns the scan configuration. * **periodicScanFrequency** *(string) --* The frequency at which periodic scans are performed. * **frequencyExpression** *(string) --* The schedule expression for periodic scans, in cron format. * **continuousIntegrationScanSupportedEvents** *(list) --* The repository events that trigger continuous integration scans. * *(string) --* * **ruleSetCategories** *(list) --* The categories of security rules applied during the scan. * *(string) --* * **scopeSettings** *(dict) --* The scope settings that define which repositories will be scanned. If the "ScopeSetting" parameter is "ALL" the scan configuration applies to all existing and future projects imported into Amazon Inspector. * **projectSelectionScope** *(string) --* The scope of projects to be selected for scanning within the integrated repositories. Setting the value to "ALL" applies the scope settings to all existing and future projects imported into Amazon Inspector. * **tags** *(dict) --* The tags associated with the scan configuration. * *(string) --* * *(string) --* * **nextToken** *(string) --* A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page. **Exceptions** * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.ResourceNotFoundException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / get_encryption_key get_encryption_key ****************** Inspector2.Client.get_encryption_key(**kwargs) Gets an encryption key. See also: AWS API Documentation **Request Syntax** response = client.get_encryption_key( scanType='NETWORK'|'PACKAGE'|'CODE', resourceType='AWS_EC2_INSTANCE'|'AWS_ECR_CONTAINER_IMAGE'|'AWS_ECR_REPOSITORY'|'AWS_LAMBDA_FUNCTION'|'CODE_REPOSITORY' ) Parameters: * **scanType** (*string*) -- **[REQUIRED]** The scan type the key encrypts. * **resourceType** (*string*) -- **[REQUIRED]** The resource type the key encrypts. Return type: dict Returns: **Response Syntax** { 'kmsKeyId': 'string' } **Response Structure** * *(dict) --* * **kmsKeyId** *(string) --* A kms key ID. **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.ResourceNotFoundException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / create_filter create_filter ************* Inspector2.Client.create_filter(**kwargs) Creates a filter resource using specified filter criteria. When the filter action is set to "SUPPRESS" this action creates a suppression rule. See also: AWS API Documentation **Request Syntax** response = client.create_filter( action='NONE'|'SUPPRESS', description='string', filterCriteria={ 'findingArn': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'awsAccountId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'findingType': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'severity': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'firstObservedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'lastObservedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'updatedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'findingStatus': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'title': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'inspectorScore': [ { 'upperInclusive': 123.0, 'lowerInclusive': 123.0 }, ], 'resourceType': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'resourceId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'resourceTags': [ { 'comparison': 'EQUALS', 'key': 'string', 'value': 'string' }, ], 'ec2InstanceImageId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ec2InstanceVpcId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ec2InstanceSubnetId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImagePushedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'ecrImageArchitecture': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageRegistry': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageRepositoryName': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageTags': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageHash': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'ecrImageLastInUseAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'ecrImageInUseCount': [ { 'upperInclusive': 123.0, 'lowerInclusive': 123.0 }, ], 'portRange': [ { 'beginInclusive': 123, 'endInclusive': 123 }, ], 'networkProtocol': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'componentId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'componentType': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'vulnerabilityId': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'vulnerabilitySource': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'vendorSeverity': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'vulnerablePackages': [ { 'name': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'version': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'epoch': { 'upperInclusive': 123.0, 'lowerInclusive': 123.0 }, 'release': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'architecture': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'sourceLayerHash': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'sourceLambdaLayerArn': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, 'filePath': { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' } }, ], 'relatedVulnerabilities': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'fixAvailable': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionName': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionLayers': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionRuntime': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'lambdaFunctionLastModifiedAt': [ { 'startInclusive': datetime(2015, 1, 1), 'endInclusive': datetime(2015, 1, 1) }, ], 'lambdaFunctionExecutionRoleArn': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'exploitAvailable': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'codeVulnerabilityDetectorName': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'codeVulnerabilityDetectorTags': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'codeVulnerabilityFilePath': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'epssScore': [ { 'upperInclusive': 123.0, 'lowerInclusive': 123.0 }, ], 'codeRepositoryProjectName': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ], 'codeRepositoryProviderType': [ { 'comparison': 'EQUALS'|'PREFIX'|'NOT_EQUALS', 'value': 'string' }, ] }, name='string', tags={ 'string': 'string' }, reason='string' ) Parameters: * **action** (*string*) -- **[REQUIRED]** Defines the action that is to be applied to the findings that match the filter. * **description** (*string*) -- A description of the filter. * **filterCriteria** (*dict*) -- **[REQUIRED]** Defines the criteria to be used in the filter for querying findings. * **findingArn** *(list) --* Details on the finding ARNs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **awsAccountId** *(list) --* Details of the Amazon Web Services account IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **findingType** *(list) --* Details on the finding types used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **severity** *(list) --* Details on the severity used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **firstObservedAt** *(list) --* Details on the date and time a finding was first seen used to filter findings. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **lastObservedAt** *(list) --* Details on the date and time a finding was last seen used to filter findings. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **updatedAt** *(list) --* Details on the date and time a finding was last updated at used to filter findings. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **findingStatus** *(list) --* Details on the finding status types used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **title** *(list) --* Details on the finding title used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **inspectorScore** *(list) --* The Amazon Inspector score to filter on. * *(dict) --* An object that describes the details of a number filter. * **upperInclusive** *(float) --* The highest number to be included in the filter. * **lowerInclusive** *(float) --* The lowest number to be included in the filter. * **resourceType** *(list) --* Details on the resource types used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **resourceId** *(list) --* Details on the resource IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **resourceTags** *(list) --* Details on the resource tags used to filter findings. * *(dict) --* An object that describes details of a map filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **key** *(string) --* **[REQUIRED]** The tag key used in the filter. * **value** *(string) --* The tag value used in the filter. * **ec2InstanceImageId** *(list) --* Details of the Amazon EC2 instance image IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **ec2InstanceVpcId** *(list) --* Details of the Amazon EC2 instance VPC IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **ec2InstanceSubnetId** *(list) --* Details of the Amazon EC2 instance subnet IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **ecrImagePushedAt** *(list) --* Details on the Amazon ECR image push date and time used to filter findings. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **ecrImageArchitecture** *(list) --* Details of the Amazon ECR image architecture types used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **ecrImageRegistry** *(list) --* Details on the Amazon ECR registry used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **ecrImageRepositoryName** *(list) --* Details on the name of the Amazon ECR repository used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **ecrImageTags** *(list) --* The tags attached to the Amazon ECR container image. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **ecrImageHash** *(list) --* Details of the Amazon ECR image hashes used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **ecrImageLastInUseAt** *(list) --* Filter criteria indicating when an Amazon ECR image was last used in an Amazon ECS cluster task or Amazon EKS cluster pod. * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **ecrImageInUseCount** *(list) --* Filter criteria indicating when details for an Amazon ECR image include when an Amazon ECR image is in use. * *(dict) --* An object that describes the details of a number filter. * **upperInclusive** *(float) --* The highest number to be included in the filter. * **lowerInclusive** *(float) --* The lowest number to be included in the filter. * **portRange** *(list) --* Details on the port ranges used to filter findings. * *(dict) --* An object that describes the details of a port range filter. * **beginInclusive** *(integer) --* The port number the port range begins at. * **endInclusive** *(integer) --* The port number the port range ends at. * **networkProtocol** *(list) --* Details on network protocol used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **componentId** *(list) --* Details of the component IDs used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **componentType** *(list) --* Details of the component types used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **vulnerabilityId** *(list) --* Details on the vulnerability ID used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **vulnerabilitySource** *(list) --* Details on the vulnerability type used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **vendorSeverity** *(list) --* Details on the vendor severity used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **vulnerablePackages** *(list) --* Details on the vulnerable packages used to filter findings. * *(dict) --* Contains information on the details of a package filter. * **name** *(dict) --* An object that contains details on the name of the package to filter on. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **version** *(dict) --* The package version to filter on. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **epoch** *(dict) --* An object that contains details on the package epoch to filter on. * **upperInclusive** *(float) --* The highest number to be included in the filter. * **lowerInclusive** *(float) --* The lowest number to be included in the filter. * **release** *(dict) --* An object that contains details on the package release to filter on. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **architecture** *(dict) --* An object that contains details on the package architecture type to filter on. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **sourceLayerHash** *(dict) --* An object that contains details on the source layer hash to filter on. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **sourceLambdaLayerArn** *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **filePath** *(dict) --* An object that contains details on the package file path to filter on. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **relatedVulnerabilities** *(list) --* Details on the related vulnerabilities used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **fixAvailable** *(list) --* Details on whether a fix is available through a version update. This value can be "YES", "NO", or "PARTIAL". A "PARTIAL" fix means that some, but not all, of the packages identified in the finding have fixes available through updated versions. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **lambdaFunctionName** *(list) --* Filters the list of Amazon Web Services Lambda functions by the name of the function. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **lambdaFunctionLayers** *(list) --* Filters the list of Amazon Web Services Lambda functions by the function's layers. A Lambda function can have up to five layers. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **lambdaFunctionRuntime** *(list) --* Filters the list of Amazon Web Services Lambda functions by the runtime environment for the Lambda function. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **lambdaFunctionLastModifiedAt** *(list) --* Filters the list of Amazon Web Services Lambda functions by the date and time that a user last updated the configuration, in ISO 8601 format * *(dict) --* Contains details on the time range used to filter findings. * **startInclusive** *(datetime) --* A timestamp representing the start of the time period filtered on. * **endInclusive** *(datetime) --* A timestamp representing the end of the time period filtered on. * **lambdaFunctionExecutionRoleArn** *(list) --* Filters the list of Amazon Web Services Lambda functions by execution role. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **exploitAvailable** *(list) --* Filters the list of Amazon Web Services Lambda findings by the availability of exploits. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **codeVulnerabilityDetectorName** *(list) --* The name of the detector used to identify a code vulnerability in a Lambda function used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **codeVulnerabilityDetectorTags** *(list) --* The detector type tag associated with the vulnerability used to filter findings. Detector tags group related vulnerabilities by common themes or tactics. For a list of available tags by programming language, see Java tags, or Python tags. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **codeVulnerabilityFilePath** *(list) --* The file path to the file in a Lambda function that contains a code vulnerability used to filter findings. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **epssScore** *(list) --* The EPSS score used to filter findings. * *(dict) --* An object that describes the details of a number filter. * **upperInclusive** *(float) --* The highest number to be included in the filter. * **lowerInclusive** *(float) --* The lowest number to be included in the filter. * **codeRepositoryProjectName** *(list) --* Filter criteria for findings based on the project name in a code repository. * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **codeRepositoryProviderType** *(list) --* Filter criteria for findings based on the repository provider type (such as GitHub, GitLab, etc.). * *(dict) --* An object that describes the details of a string filter. * **comparison** *(string) --* **[REQUIRED]** The operator to use when comparing values in the filter. * **value** *(string) --* **[REQUIRED]** The value to filter on. * **name** (*string*) -- **[REQUIRED]** The name of the filter. Minimum length of 3. Maximum length of 64. Valid characters include alphanumeric characters, dot (.), underscore (_), and dash (-). Spaces are not allowed. * **tags** (*dict*) -- A list of tags for the filter. * *(string) --* * *(string) --* * **reason** (*string*) -- The reason for creating the filter. Return type: dict Returns: **Response Syntax** { 'arn': 'string' } **Response Structure** * *(dict) --* * **arn** *(string) --* The Amazon Resource Number (ARN) of the successfully created filter. **Exceptions** * "Inspector2.Client.exceptions.ServiceQuotaExceededException" * "Inspector2.Client.exceptions.BadRequestException" * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException" Inspector2 / Client / delete_filter delete_filter ************* Inspector2.Client.delete_filter(**kwargs) Deletes a filter resource. See also: AWS API Documentation **Request Syntax** response = client.delete_filter( arn='string' ) Parameters: **arn** (*string*) -- **[REQUIRED]** The Amazon Resource Number (ARN) of the filter to be deleted. Return type: dict Returns: **Response Syntax** { 'arn': 'string' } **Response Structure** * *(dict) --* * **arn** *(string) --* The Amazon Resource Number (ARN) of the filter that has been deleted. **Exceptions** * "Inspector2.Client.exceptions.ValidationException" * "Inspector2.Client.exceptions.AccessDeniedException" * "Inspector2.Client.exceptions.ResourceNotFoundException" * "Inspector2.Client.exceptions.ThrottlingException" * "Inspector2.Client.exceptions.InternalServerException"